From steve.swaney at fsl.com Tue Nov 1 20:55:04 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:03 2006 Subject: list of quarantined notification to recipient Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steve Campbell > Sent: Tuesday, November 01, 2005 3:51 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: list of quarantined notification to recipient > > I keep most of the emails from Mailscanner in an inbox folder, and have > searched there and also on the archive list, but I apparently can't seem > to > come up with the proper search terms, so here goes - > > My boss thinks it would be a good idea to notify recipients here of all > mail > for that individual that has been quarantined for the day in a single > mailing to the recipient. I recall at least one, maybe more, scripts that > were submitted to the list that would do this. I just can't remember > whether > it was this list or the mailwatch list, but I can't find it in either. > > Does anyone recall anything like this that may have been posted? > Notification after each quarantine is probably not an option, so this > would > have to be done as a daily cron job. > > Thanks for any help. > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers Steve, The latest version of MailWatch can send out the Quarantine notifications your boss wants to send. (And a LOT more :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Nov 1 21:09:18 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie) Date: Thu Jan 12 21:31:04 2006 Subject: Installation of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Lucas wrote: > How might I look to confirm this?? I've made sure that Notifications is > turned off. Put it into debugging mode and check your MailScanner.conf line by line. -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Tue Nov 1 20:24:33 2005 From: jd at BENTECMED.COM (JD Doelitzsch) Date: Thu Jan 12 21:31:04 2006 Subject: question about clamav-wrapper path Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hmmmmmm? Ok, clamav-wrapper is in /usr/lib/MailScanner. It only works when I type in the whole path. Im wondering if the path needs to be added to the environment in order for MailScanner to work correctly and if so, how do I add it to the environment? Im running fedora core 4 -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jules at ecs.soton.ac.uk Tue Nov 1 20:21:03 2005 From: jules at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:04 2006 Subject: Congratulations Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Many thanks. But without you it wouldn't have been anything like as possible as it was. Need a hosting provider ---- talk to BlacknightSolutions.com. > Congratulations to Julian for managing to get a stable release out under > the > current conditions. > > > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > UK: 0870 163 0607 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Wed Nov 2 15:42:55 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi Marcin, thanks for your answer. I guess I could go ahead and install all Perl-modules myself. Even though I was under the impression that install.sh would do it for me... It's source package is included in the rpm download of MailScanner. [root MailScanner-4.47.4-1]# ls CheckModuleVersion perl-File-Temp-0.16-1.src.rpm ExtUtils-MakeMaker-6.30.tar.gz perl-HTML-Parser-3.45-1.src.rpm install.sh perl-HTML-Tagset-3.03-1.src.rpm mailscanner-4.47.4-1.noarch.rpm perl-IO-stringy-2.108-1.src.rpm MailScanner-perl-MIME-Base64-3.05-5.src.rpm perl-MailTools-1.50-1.src.rpm perl-Archive-Zip-1.14-1.src.rpm perl-MIME-tools-5.417-1.src.rpm perl-Compress-Zlib-1.34-1.src.rpm perl-Net-CIDR-0.10-1.src.rpm perl-Convert-BinHex-1.119-2.src.rpm perl-TimeDate-1.1301-3.src.rpm perl-Convert-TNEF-0.17-1.src.rpm QuickInstall.txt perl-ExtUtils-MakeMaker-6.30-1.src.rpm README perl-File-Spec-0.82-1.src.rpm tnef-1.2.3.1-1.i386.rpm [root MailScanner-4.47.4-1]# /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Nov 2 16:06:06 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > Same here (although I'm already +1 to Denis' total:-). > Seems to be a pox of bagle variants "going on" right now, so you might > just be seeing the ... speed/frequency of updates put out by BD. > > I've been very glad to have BD this night, sole one picking up some of > them... And that with heuristics. > > So much for it being ... "quiet on the viral front", as discussed earlier:) > Yup. We had to shutdown all the computers yesterday. Was in a meeting discussing the dangers of hooking up laptops to our network, when one of our techs sticks his in the door and says we seem to be having a problem. I was only running ClamAV but it stopped all the Bagle variants hitting us through email. Just for grins I ran ClamAV and BitDefender against the email archives and lots of email infected, but not detected because they were identified as Spam. Must think on this because I have email not cleaned up so people can release from Quarantine. Now we could be releasing infected emails. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Wed Nov 2 16:12:39 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi Adri, thanks for your info. Guess I'll have to skip SA then. Don't wanna mess with the Perl-version in my Raq...... Even though, Mailscanner + F-prot will save us lot of trouble! /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 16:40:21 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Sigh. We had an outage on our central file server today. I really, truly thought that I'd built our mail gateways and their installations of MailScanner, Sophos Anti-Virus, etc to be independent of the central file server for exactly this eventuality, but it appears not... * The filer went off the air at around 8:11am. * At 9am the MailScanner scripts to update Sophos' IDE files kicked off. Up to this point MailScanner had been happily processing the messages arriving in the inbound Sendmail queue. * The 9am update of Sophos appeared to go OK ... it's just MailScanner didn't pick up processing e-mails again. * The same happened at the 10am update. * At 11:01am the filer came back online for a couple of minutes, at which point MailScanner started processing again. * The filer went offline again at 11:03am. MailScanner continued to work. * The filer was finally back online at 11:15am and MailScanner has worked ever since. When I built the installation I put Perl, Sophos, BerkeleyDB and MailScanner all on local disk (in /opt/york) rather than anything mounted from the filer, such as our shared /usr/local. It's a rather old installation of MailScanner (4.32.5) running under Solaris 8. I'm as sure as I can be that I didn't miss anything, yet it smacks to me of MailScanner trying to stat a lockfile, or perhaps looking for an executable along the PATH environment variable (which currently has filer-mounted directories before the local ones :-( But I can't see anywhere that MailScanner might be doing this: * The mailscnner.conf has Lockfile Dir = /tmp * I'd assume MailScanner restting SAVI and forking the new children wouldn't involve looking for any executables along the PATH? Does anyone have any thoughts, please? I enclose as an attachment a cut'n'pasted extract from the scannerlog for that time frame. Cheers, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] EXTRACT FROM SCANNERLOG ======================= Nov 2 08:59:16 mail-gw2.york.ac.uk MailScanner[23412]: Uninfected: Delivered 1 messages Nov 2 08:59:33 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 2 messages, 278702 bytes Nov 2 08:59:35 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 08:59:35 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 2 messages Nov 2 08:59:36 mail-gw2.york.ac.uk MailScanner[23403]: New Batch: Scanning 1 messages, 2945 bytes Nov 2 08:59:37 mail-gw2.york.ac.uk MailScanner[23403]: Virus and Content Scanning: Starting Nov 2 08:59:37 mail-gw2.york.ac.uk MailScanner[23403]: Uninfected: Delivered 1 messages Nov 2 08:59:41 mail-gw2.york.ac.uk MailScanner[23412]: New Batch: Scanning 1 messages, 8391 bytes Nov 2 08:59:42 mail-gw2.york.ac.uk MailScanner[23412]: Virus and Content Scanning: Starting Nov 2 08:59:42 mail-gw2.york.ac.uk MailScanner[23412]: Uninfected: Delivered 1 messages Nov 2 08:59:45 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 1 messages, 6108 bytes Nov 2 08:59:46 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 08:59:46 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 1 messages Nov 2 08:59:56 mail-gw2.york.ac.uk MailScanner[23424]: New Batch: Scanning 2 messages, 15368 bytes Nov 2 08:59:57 mail-gw2.york.ac.uk MailScanner[23424]: Virus and Content Scanning: Starting Nov 2 08:59:58 mail-gw2.york.ac.uk MailScanner[23424]: Uninfected: Delivered 2 messages Nov 2 09:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Found sophos installed Nov 2 09:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Running autoupdate for sophos Nov 2 09:00:07 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 1 messages, 3852 bytes Nov 2 09:00:07 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 09:00:08 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 1 messages Nov 2 09:00:12 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 66618 bytes Nov 2 09:00:12 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:00:13 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:00:13 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 4032 bytes Nov 2 09:00:13 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:00:14 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:00:17 mail-gw2.york.ac.uk MailScanner[23375]: New Batch: Scanning 1 messages, 5300 bytes Nov 2 09:00:18 mail-gw2.york.ac.uk MailScanner[23375]: Virus and Content Scanning: Starting Nov 2 09:00:18 mail-gw2.york.ac.uk MailScanner[23375]: Uninfected: Delivered 1 messages Nov 2 09:00:27 mail-gw2.york.ac.uk MailScanner[23393]: New Batch: Scanning 1 messages, 33937 bytes Nov 2 09:00:28 mail-gw2.york.ac.uk MailScanner[23393]: Virus and Content Scanning: Starting Nov 2 09:00:28 mail-gw2.york.ac.uk MailScanner[23393]: Content Checks: Detected and will disarm HTML message in jA290Ms7029496 Nov 2 09:00:28 mail-gw2.york.ac.uk MailScanner[23393]: Uninfected: Delivered 1 messages Nov 2 09:00:39 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 3493 bytes Nov 2 09:00:40 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:00:40 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:00:51 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 1 messages, 74541 bytes Nov 2 09:00:52 mail-gw2.york.ac.uk MailScanner[23432]: Virus and Content Scanning: Starting Nov 2 09:00:53 mail-gw2.york.ac.uk MailScanner[23432]: Content Checks: Detected and will disarm HTML message in jA290ps7029512 Nov 2 09:00:53 mail-gw2.york.ac.uk MailScanner[23432]: Uninfected: Delivered 1 messages Nov 2 09:01:10 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 2 messages, 82530 bytes Nov 2 09:01:11 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:01:12 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA2918s7029520 Nov 2 09:01:12 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 2 messages Nov 2 09:01:27 mail-gw2.york.ac.uk MailScanner[23422]: New Batch: Scanning 2 messages, 18758 bytes Nov 2 09:01:28 mail-gw2.york.ac.uk MailScanner[23422]: Virus and Content Scanning: Starting Nov 2 09:01:29 mail-gw2.york.ac.uk MailScanner[23422]: Uninfected: Delivered 2 messages Nov 2 09:01:37 mail-gw2.york.ac.uk MailScanner[23433]: New Batch: Scanning 2 messages, 18532 bytes Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Found 3 messages waiting Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 1 messages, 31926 bytes Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23433]: Virus and Content Scanning: Starting Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23432]: Virus and Content Scanning: Starting Nov 2 09:01:39 mail-gw2.york.ac.uk MailScanner[23432]: Content Checks: Detected and will disarm HTML message in jA291bs7029544 Nov 2 09:01:39 mail-gw2.york.ac.uk MailScanner[23432]: Uninfected: Delivered 1 messages Nov 2 09:01:39 mail-gw2.york.ac.uk MailScanner[23433]: Uninfected: Delivered 2 messages Nov 2 09:01:48 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 1 messages, 5118 bytes Nov 2 09:01:48 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 09:01:49 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 1 messages Nov 2 09:01:52 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 2 messages, 28494 bytes Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Found 3 messages waiting Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 1 messages, 101269 bytes Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA291ms7029566 Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA291ns7029571 Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23432]: Virus and Content Scanning: Starting Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 2 messages Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Found 2 messages waiting Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 14244 bytes Nov 2 09:01:56 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:01:56 mail-gw2.york.ac.uk MailScanner[23432]: Uninfected: Delivered 1 messages Nov 2 09:01:56 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA291ss7029580 Nov 2 09:01:57 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:02:02 mail-gw2.york.ac.uk Sophos-autoupdate[29459]: Sophos successfully updated in /opt/york/Sophos/398.200511020900 Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: New Batch: Found 3 messages waiting Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: New Batch: Scanning 2 messages, 78345 bytes Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: Config: calling custom end function Hostname Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: MailScanner child dying of old age Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: Config: calling custom end function Hostname Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: MailScanner child dying of old age Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: Config: calling custom end function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: MailScanner child dying of old age Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[29604]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[29604]: Config: calling custom init function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[29604]: Bayes database rebuild is due Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: Config: calling custom end function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: MailScanner child dying of old age Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: Config: calling custom end function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: MailScanner child dying of old age Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: Config: calling custom end function Hostname Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: MailScanner child dying of old age Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: Config: calling custom end function Hostname Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: MailScanner child dying of old age Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: New Batch: Found 4 messages waiting Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: New Batch: Scanning 2 messages, 78261 bytes Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: New Batch: Found 4 messages waiting Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: New Batch: Scanning 2 messages, 78345 bytes Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: Config: calling custom end function Hostname Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: MailScanner child dying of old age Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: Config: calling custom end function Hostname Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: MailScanner child dying of old age Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: Config: calling custom end function Hostname Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: MailScanner child dying of old age Nov 2 09:02:14 mail-gw2.york.ac.uk MailScanner[29608]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:14 mail-gw2.york.ac.uk MailScanner[29608]: Config: calling custom init function Hostname Nov 2 09:02:24 mail-gw2.york.ac.uk MailScanner[29614]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:24 mail-gw2.york.ac.uk MailScanner[29614]: Config: calling custom init function Hostname Nov 2 09:02:34 mail-gw2.york.ac.uk MailScanner[29617]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:34 mail-gw2.york.ac.uk MailScanner[29617]: Config: calling custom init function Hostname Nov 2 09:02:44 mail-gw2.york.ac.uk MailScanner[29621]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:44 mail-gw2.york.ac.uk MailScanner[29621]: Config: calling custom init function Hostname Nov 2 09:02:54 mail-gw2.york.ac.uk MailScanner[29623]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:54 mail-gw2.york.ac.uk MailScanner[29623]: Config: calling custom init function Hostname Nov 2 09:03:04 mail-gw2.york.ac.uk MailScanner[29627]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:04 mail-gw2.york.ac.uk MailScanner[29627]: Config: calling custom init function Hostname Nov 2 09:03:14 mail-gw2.york.ac.uk MailScanner[29628]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:14 mail-gw2.york.ac.uk MailScanner[29628]: Config: calling custom init function Hostname Nov 2 09:03:24 mail-gw2.york.ac.uk MailScanner[29634]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:24 mail-gw2.york.ac.uk MailScanner[29634]: Config: calling custom init function Hostname Nov 2 09:03:34 mail-gw2.york.ac.uk MailScanner[29637]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:34 mail-gw2.york.ac.uk MailScanner[29637]: Config: calling custom init function Hostname Nov 2 10:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Found sophos installed Nov 2 10:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Running autoupdate for sophos Nov 2 10:01:46 mail-gw2.york.ac.uk Sophos-autoupdate[391]: Sophos successfully updated in /opt/york/Sophos/398.200511021000 Nov 2 11:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Found sophos installed Nov 2 11:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Running autoupdate for sophos Nov 2 11:00:30 mail-gw2.york.ac.uk Sophos-autoupdate[1366]: Sophos successfully updated in /opt/york/Sophos/398.200511021100 Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29634]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29634]: SophosSAVI using 207 IDE files Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29623]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29623]: SophosSAVI using 207 IDE files Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29637]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29637]: SophosSAVI using 207 IDE files Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29614]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29614]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29604]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29604]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29614]: Using locktype = flock Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29617]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29617]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29614]: New Batch: Found 1513 messages waiting Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29614]: New Batch: Scanning 30 messages, 515556 bytes Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29627]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29627]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29604]: Using locktype = flock Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29608]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29608]: SophosSAVI using 207 IDE files Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29634]: Using locktype = flock Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29621]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29621]: SophosSAVI using 207 IDE files Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29637]: Using locktype = flock Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29604]: New Batch: Found 1513 messages waiting Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29604]: New Batch: Scanning 30 messages, 399223 bytes Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29628]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29628]: SophosSAVI using 207 IDE files Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29623]: Using locktype = flock Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29634]: New Batch: Found 1513 messages waiting Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29634]: New Batch: Scanning 30 messages, 160234 bytes Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29627]: Using locktype = flock Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29617]: Using locktype = flock Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29637]: New Batch: Found 1513 messages waiting Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29637]: New Batch: Scanning 30 messages, 244209 bytes Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29623]: New Batch: Found 1513 messages waiting Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29623]: New Batch: Scanning 30 messages, 486390 bytes Nov 2 11:02:15 mail-gw2.york.ac.uk MailScanner[29621]: Using locktype = flock Nov 2 11:02:15 mail-gw2.york.ac.uk MailScanner[29627]: New Batch: Found 1513 messages waiting Nov 2 11:02:15 mail-gw2.york.ac.uk MailScanner[29627]: New Batch: Scanning 30 messages, 2599162 bytes ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Wed Nov 2 17:41:32 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: On Wed, 2005-11-02 at 17:27 +0000, Mike Brudenell wrote > I carefully went through all the MailScanner scripts and changed references > to /usr/local/... to /opt/york/... in (I think!) every relevant location. > I've been using 'find' and 'grep' most of the afternoon to try and track > down any I missed but to no avail. Have you got the 'lsof' (list open files) and 'lslk' (list locks) installed (I don't know anything about Solaris) - as these usually help me out in cases like this. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Nov 3 14:36:59 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Glenn Steen wrote: >> That ol' thing still works like a charm, yes. Used it for ages. >> Downside is that it doesn't really keep the spam quarantine clean, it >> just make sure that that message is detected as a virus carrier (scan >> is "forced" since it is delivered). In a MailWatch environment, where >> you never (or seldom:) release messages from commandline, this is not >> a problem. >> >> But the Keep Clean thing should work too, and this time really keep >> the spam quarantine clean. >> >> Ed, might it be as simple as you looking in the wrong place for the >> quarantined message? Or were they ... "munged up" in some unfortunate >> way? >> > What happened is I had reject emails with encrypted zip files. Except > to certain combinations of sender and receiver. Well somebody sent an > email to the boss at a little used email address. This email was > marked as dangerous. When I went to use the release from quarantine I > didn't have that option. I was able to go to the quarantine and > manually find the email and get the zip file, so I was just being lazy > and not keeping quarantine clean, I will be setting this back and do > the manually release steps. To be sure I wasn't total confused (which I'm still am but a little less so) I turned back on clean up quarantine. With this set I can't use MailWatch to view or release any message. No matter if its marked clean, spam, high spam (which I never should as its deleted), or marked as Bad Content/Infected. When I changed it back to no clean up quarantine I was able to view messages and release them from quarantine. I'm using MS 4.45.4 and postfix. My quarantine options are: Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Message As Queue Files = no (yes = lost all view/release functionality of MW) Keep Spam And MCP Archive Clean = no (yes = lost all view/release functionality of MW) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 3 13:03:55 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: Thursday, November 03, 2005 1:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: installing libmilter > > MailScanner mailing list <> scribbled on Thursday, November > 03, 2005 6:04 > AM: > > > Hi all pro's :) > > > > Could somone shed some light how to do the libmilter > installation on > > CentOS. > > I managed to figure out I need the source to build the libmilter > > included in the package > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > > before I can do the rest but Im not sure how to actually do the > > libmilter/sendmail rebuild thingy. > > > > If this is something someone like me should not do pls > informa and Ill > > drop it until I actually know what Im doing > > > > Never even tried to rebuild sendmail since I only use out > of the box > > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > > > /Anders > > > You should be able to just rebuild the .src.rpm as is. If > you watch the build process, you will see "milter" scroll > across your screen several times. Are you certain you don't > already have the milter support? > > Mike > Nope, Im not sure and dont have a clue how to check :( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Nov 2 18:37:29 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: Ed Yup. We had to shutdown all the computers yesterday. Was in a meeting discussing the dangers of hooking up laptops to our network, when one of our techs sticks his in the door and says we seem to be having a problem. I was only running ClamAV but it stopped all the Bagle variants hitting us through email. Just for grins I ran ClamAV and BitDefender against the email archives and lots of email infected, but not detected because they were identified as Spam. Must think on this because I have email not cleaned up so people can release from Quarantine. Now we could be releasing infected emails. You could run with the "keep quarantine clean" option. WIll add to load because MailScanner will virus scan the spam also. But if I do that then I can't use MailWatch to release messages form quarantine. It appears that the clean up is storing emails in a format that can't be released from Quarantine. I'm still not sure what to do or what I did that may have caused this. I'm still looking at the options. We've had a few important emails that were misidentified and I was able to just release them from quarantine. But only because I had removed the keep quarantine clean option. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 3 09:30:33 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 03/11/05, Steve Freegard wrote: (snip) > If this is preventing you from releasing a legitimate message then you > need to treat the cause of the problem: a false-positive from the virus > scanner, most of them that I've seen can be fixed by raising the > 'ClamAVmodule Maximum Compression Ratio' module (if ClamAVmodule is > used) or changing the settings in clamav-wrapper to achieve the same. Ah, which would put the message as "un-releasable" (is there really such a word?) in MailWatch. Well, the simple fix (for the affected message, which is already past the stage where adjusting the system so that it wont happen again matters) is to just release it from the command line. most MTAs have a nice "sendmail convenience command" for this purpose... as easy as looking at the actual recipient in MW (if it differs from the headers) and doing "sendmail -oi recipient@add.ress < /path/to/message/file" (or similar... check the wiki when it's back online, perhaps there's something specific for your MTA there). (snip) > > Would adding an option to the spam actions ( and high scoring spam > > options) to forward to an alias pointed to the bitbucket cause a virus > > scan of an infected spam message "before" it is stored? > > Worth a try for a day or so. > > You could probably forward a real spammy example from your archives, > > with an eicar attachment and test it. > > > > This does exactly the same thing as 'Keep Spam And MCP Archive Clean' - > so it wouldn't make any difference. I would only recommend this on > MailScanner versions that don't have the proper option to do this. I was under the impression that unlike the hack, which will leave the message in both the spam and the virus quarantine, the "Keep Clean" thing will actually remove the virus infected message from the spam quarantine. Am I wrong in thinking this? > > Cheers, > Steve. > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brichter at INTERACCESS.COM Wed Nov 2 20:29:00 2005 From: brichter at INTERACCESS.COM (brichter) Date: Thu Jan 12 21:31:04 2006 Subject: Sendmail Access related question Message-ID: Please excuse this if this is not the proper list for this question.. It is related to Mailscanner in the sense that I learned on the Mailscanner WIKI how to do this - block all traffic to non valid AD Echange addresses. (At the front end, instead of letting it through then Exchange has to deal with the NDR's) We have several mail scanner/Spam Assassin/Sendmail servers that download all SMTP aliases from a VBS that runs on our Active Directory servers. These SMTP addresses are then allowed to relay through the sendmail access file. (so only properly addressed emails make it into our company, it's amazing up to 20,000 per day are spelled wrong!(denied)) Example: To: test.com REJECT Invalid Users Name. To:test@test.com RELAY To:test2@test.com RELAY This works great accept I am noticing a few stray messages still getting by sendmail. (if someone uses Bang notation I think it's called) - test!@test.com will get through. using To:!@test.com REJECT does not catch them or To:test@test.com REJECT How can I block this in the access file? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 3 15:13:28 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > >> > >>> Hi all pro's :) > >>> > >>> Could somone shed some light how to do the libmilter > >> installation on > >>> CentOS. > >>> I managed to figure out I need the source to build the libmilter > >>> included in the package > >>> > >> > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > >>> before I can do the rest but Im not sure how to actually do the > >>> libmilter/sendmail rebuild thingy. > >>> > >>> If this is something someone like me should not do pls > >> informa and Ill > >>> drop it until I actually know what Im doing > >>> > >>> Never even tried to rebuild sendmail since I only use out > >> of the box > >>> with some changes in sendmail.mc so go easy on a hardcore > > newbie :) > >>> > >>> /Anders > >>> > >> You should be able to just rebuild the .src.rpm as is. If > > you watch > >> the build process, you will see "milter" scroll across your screen > >> several times. Are you certain you don't already have the milter > >> support? > >> > >> Mike > >> > > > > Nope, Im not sure and dont have a clue how to check :( > > > > Recent versions of sendmail have libmilter included by > default. You are probably good to go already. > That sounds like something my eyes like to read :) /anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 17:39:01 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: --On 2 November 2005 17:27:42 +0000 Mike Brudenell wrote: > I carefully went through all the MailScanner scripts and changed > references to /usr/local/... to /opt/york/... in (I think!) every > relevant location. I've been using 'find' and 'grep' most of the > afternoon to try and track down any I missed but to no avail. Sorry, I should also have said... * We are using only the sophossavi scanner module * MailScanner is running as root (whose home directory is, of course, on local disk!) Cheers, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 21:31:41 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] H Milton, Thanks for the suggested partitions I will use the second one I think Lance Milton Calnek wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I'd setup a software mirror, if mirroring was your intended goal. > >The actual partition layout depends on your goals/situation. > >I'd probably do it one of 2 ways: >1. >/boot 100M >swap 2 * $RAM >/ The rest > >2. >/boot 100M >swap 2 * $RAM >/ 10G >/var 20G >/var/spool/mail the rest > > >Lance Haig wrote: > >>Hi, >> >>I have tried now for two days to get my SATA raid card to work with my >>new server but I have decided that it is to much effort to find drivers >>for it. >> >>I now have 2 80 gig SATA drives for my new MS server and was wondering >>wat you guys would suggest as the ideal way to partition my system >> >>I normaly create a 500MB boot with EXT2 and then the rest is set to / >> >>I am open to suggestions. >> >>Thanks >> >>Lance >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.2 (GNU/Linux) >Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > >iD8DBQFDaNpyHgnbf2T2QqMRAnVCAJ9PeDVa1H9F3WhD3VnQEueDcHQrUQCfbziw >LO42mVuy9RMenNwCOvD/3uQ= >=FTHd >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 2 18:50:58 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce spake the following on 11/2/2005 10:37 AM: > Scott Silva wrote: > >>Ed >> >>> >>>Yup. We had to shutdown all the computers yesterday. Was in a meeting >>>discussing the dangers of hooking up laptops to our network, when one of >>>our techs sticks his in the door and says we seem to be having a >>>problem. I was only running ClamAV but it stopped all the Bagle variants >>>hitting us through email. >>> >>>Just for grins I ran ClamAV and BitDefender against the email archives >>>and lots of email infected, but not detected because they were >>>identified as Spam. Must think on this because I have email not cleaned >>>up so people can release from Quarantine. Now we could be releasing >>>infected emails. >>> >>> >>> >>You could run with the "keep quarantine clean" option. >>WIll add to load because MailScanner will virus scan the spam also. >> >> >> >> > > But if I do that then I can't use MailWatch to release messages form > quarantine. It appears that the clean up is storing emails in a format > that can't be released from Quarantine. I'm still not sure what to do or > what I did that may have caused this. I'm still looking at the options. > We've had a few important emails that were misidentified and I was able > to just release them from quarantine. But only because I had removed the > keep quarantine clean option. > Would adding an option to the spam actions ( and high scoring spam options) to forward to an alias pointed to the bitbucket cause a virus scan of an infected spam message "before" it is stored? Worth a try for a day or so. You could probably forward a real spammy example from your archives, with an eicar attachment and test it. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 2 16:09:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi, > > I have tried now for two days to get my SATA raid card to work with my > new server but I have decided that it is to much effort to find drivers > for it. > > I now have 2 80 gig SATA drives for my new MS server and was wondering > wat you guys would suggest as the ideal way to partition my system > > I normaly create a 500MB boot with EXT2 and then the rest is set to / > > I am open to suggestions. I'd suggest having a separate /var partition. This way if /var/spool/* or /var/log/* fills up, you are not completely out of disk on all parts of the filesystem. Conversely, if a large download to your home dir takes up a lot of disk space, your mail queues can keep running without a hitch. I usually make separate /boot, /var, /home, /usr and /tmp partitions, in addition to /. This might be more than you'd want for your needs, but a separate /var and /tmp can both be useful. If your box is devoted to mailscanner you might even consider making a separate /var/spool too. Here's my current layup on a mailscanner/dns box. It's not optimal, but it works: Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda6 7060276 892608 5809020 14% / /dev/sda1 101089 13293 82577 14% /boot /dev/sda5 5036284 41340 4739112 1% /chroot /dev/sda7 4538124 501900 3805696 12% /home /dev/sda8 1510032 32980 1400344 3% /tmp /dev/sda2 10080520 1375392 8193060 15% /usr /dev/sda3 9068648 525800 8082188 7% /var ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 2 16:55:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Mike How are you handling the link to the file NFS with soft links or hard links. I've seen older versions of Solaris get upset when NFS links go offline, even when they are to soft links.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Brudenell > Sent: 02 November 2005 16:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] A well-hung MailScanner :-( > > Sigh. We had an outage on our central file server today. > > I really, truly thought that I'd built our mail gateways and their > installations of MailScanner, Sophos Anti-Virus, etc to be independent of > the central file server for exactly this eventuality, but it appears > not... > > * The filer went off the air at around 8:11am. > > * At 9am the MailScanner scripts to update Sophos' IDE files kicked off. > Up to this point MailScanner had been happily processing the messages > arriving in the inbound Sendmail queue. > > * The 9am update of Sophos appeared to go OK ... it's just MailScanner > didn't pick up processing e-mails again. > > * The same happened at the 10am update. > > * At 11:01am the filer came back online for a couple of minutes, at > which > point MailScanner started processing again. > > * The filer went offline again at 11:03am. MailScanner continued to > work. > > * The filer was finally back online at 11:15am and MailScanner has > worked > ever since. > > When I built the installation I put Perl, Sophos, BerkeleyDB and > MailScanner all on local disk (in /opt/york) rather than anything mounted > from the filer, such as our shared /usr/local. > > It's a rather old installation of MailScanner (4.32.5) running under > Solaris 8. I'm as sure as I can be that I didn't miss anything, yet it > smacks to me of MailScanner trying to stat a lockfile, or perhaps looking > for an executable along the PATH environment variable (which currently has > filer-mounted directories before the local ones :-( > > But I can't see anywhere that MailScanner might be doing this: > > * The mailscnner.conf has > Lockfile Dir = /tmp > > * I'd assume MailScanner restting SAVI and forking the new children > wouldn't involve looking for any executables along the PATH? > > Does anyone have any thoughts, please? I enclose as an attachment a > cut'n'pasted extract from the scannerlog for that time frame. > > Cheers, > Mike B-) > > -- > The Computing Service, University of York, Heslington, York Yo10 5DD, UK > Tel:+44-1904-433811 FAX:+44-1904-433740 > > * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Wed Nov 2 15:18:03 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:31:04 2006 Subject: MailWatch for MailScanner and database clean Message-ID: Is there a function in Mailwatch to remove old data from maillog? I found a php script in tools but it doesn't seem to work. Fatal error: Call to undefined function: mysql_pconnect() in /var/www/html/mailscanner/functions.php on line 498 Also, I didn't see any instructions in 1.0.3 for - Added SQLSpamScores.pm - allows users to set their own spam preferences, thanks to Dennis Willson for this. I'm guessing that this is supposed to be defined as a ruleset in MailScanner.conf for the scores but that needs clarification. -=B ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 3 12:33:47 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 03/11/05, Steve Freegard wrote: > On Thu, 2005-11-03 at 10:30 +0100, Glenn Steen wrote: > > On 03/11/05, Steve Freegard wrote: > > (snip) > > > > I was under the impression that unlike the hack, which will leave the > > message in both the spam and the virus quarantine, the "Keep Clean" > > thing will actually remove the virus infected message from the spam > > quarantine. > > Am I wrong in thinking this? > > Not really sure on this - it could have been a side-effect of the hack, > but it shouldn't make a difference as the message would be still be in > the main quarantine. > > Cheers, > Steve. > Well yes, it is a side-effect of the hack. As said earlier, the bad thing with it is if you release manually from the command line, since then you just *might* release what you think is spam *but is in reality a virus* to the end user... And one usually whitelist 127.0.0.1, so ... That whole sentence speaks in favour of client side protection, doesn't it:-). The "Keep Clean" thing should take care of that (IMO if nothing else). Once Jules is done assessing firedamage, I'm sure he'll set us straight:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 18:07:25 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi all... > smf@F2S.COM 02/11/05 16:51:56 >>> >I've just been building some RPM's for SA 3.1 - it appears that the >MakeMaker config has changed between 3.0.x and 3.1.x. >How did you build SpamAssassin?? - I found that I had run: >perl Makefile.PL PREFIX=/usr SYSCONFDIR=/etc/mail/spamassassin >to get it to look in the correct places (in 3.0.x I only had to specify >PREFIX). Ahhh that sort of explains things. I was being lazy, I used Julian's 'Install-Clam-SA', and all was fine apart from the obvious little omission. My kludge is okay for now(symlinking /usr/etc/mail/spamassassin), I guess I'll worry about it when 3.1.1 (or whatever) comes along! ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Nov 3 13:14:24 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Anders Andersson, IT > Sent: Thursday, November 03, 2005 7:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: installing libmilter > > Hi all pro's :) > > Could somone shed some light how to do the libmilter installation on > CentOS. > I managed to figure out I need the source to build the libmilter > included in the package > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > before I can do the rest but Im not sure how to actually do the > libmilter/sendmail rebuild thingy. > > If this is something someone like me should not do pls informa and Ill > drop it until I actually know what Im doing > > Never even tried to rebuild sendmail since I only use out of the box > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > /Anders You shouldn't need to build libmilter. Just install the sendmail-devel rpm. Then read /usr/share/doc/sendmail/README.libmilter for the gory details. Most milters are fairly easy to install. Some general instructions: 1. Download and unpack the milter source code 2. Configure build and install the milter 3. Install the init script so the milter can start on reboot (some milters do this automatically). 4. Start and test the milter (look at the mail logs for error) 5. Configure the init script to run at boot 6. Modify your sendmail.mc file to configure sendmail to user the milter. Typically it's just adding a line similar to: INPUT_MAIL_FILTER(`milter-greylist', `S=local:/var/milter-greylist/milter-greylist.sock') 7. Use m4 to rebuild your sendmail.cf file from your modified sendmail.mc file 8. Restart sendmail (don't forget to check the mail log for errors) Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbcadmin at GMAIL.COM Wed Nov 2 16:29:30 2005 From: lbcadmin at GMAIL.COM (Information Services) Date: Thu Jan 12 21:31:04 2006 Subject: /dev/null Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I set up a nonproduction system running CentOS 4.1, MailScanner 4.44.1-1, MailWatch 1.0.1, sendmail 8.13.4-1, webmin. I went into webmin, sendmail configuration, and under domain routing I put these rules: .domain.com local:/dev/null domain.com local:/dev/null When mail comes from this specified domain, then it will automatically be delivered to the "bit bucket." I was looking at /var/log/maillog, but I do not see anything telling me it is being delivered to /dev/null. Am I missing something or did I configure wrong? Are the messages just looking like they are being processed, and then getting stuck, or are they infact doing what I want them to do? I have no messages in the mail queue, and her is a snipit from /var/log/mailog Nov 2 10:26:37 wks-lin8 MailScanner[24632]: Message jA2FuBua024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:26:37 wks-lin8 MailScanner[24868]: Message jA2FuBv8024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:26:52 wks-lin8 MailScanner[24868]: Message jA2FuBuw024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:26:52 wks-lin8 MailScanner[24632]: Message jA2FuBuA024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:04 wks-lin8 sendmail[24403]: jA2FuBxg024403: from=, size=6799, class=0, nrcpts=1, msgid=<31351745.1130949883662.JavaMail.oracle@wks-psdb.lovebox.com>, proto=ESMTP, daemon=MTA, relay=[172.16.3.70] Nov 2 10:27:04 wks-lin8 sendmail[24403]: jA2FuBxh024403: from=, size=7735, class=0, nrcpts=1, msgid=<16704796.1130949883755.JavaMail.oracle@wks-psdb.lovebox.com>, proto=ESMTP, daemon=MTA, relay=[172.16.3.70] Nov 2 10:27:05 wks-lin8 MailScanner[24632]: Message jA2FuBue024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:05 wks-lin8 MailScanner[24868]: Message jA2FuBup024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:18 wks-lin8 MailScanner[24632]: Message jA2FuBuS024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:18 wks-lin8 MailScanner[24868]: Message jA2FuBv9024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:32 wks-lin8 MailScanner[24632]: Message jA2FuBuY024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:32 wks-lin8 MailScanner[24868]: Message jA2FuBv3024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:45 wks-lin8 MailScanner[24632]: Message jA2FuBuD024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:45 wks-lin8 MailScanner[24868]: Message jA2FuBv4024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:58 wks-lin8 MailScanner[24632]: Message jA2FuBuT024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:58 wks-lin8 MailScanner[24868]: Message jA2FuBur024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:11 wks-lin8 MailScanner[24632]: Message jA2FuBuJ024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:12 wks-lin8 MailScanner[24868]: Message jA2FuBug024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:25 wks-lin8 MailScanner[24868]: Message jA2FuBuo024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:25 wks-lin8 MailScanner[24632]: Message jA2FuBub024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Wed Nov 2 15:25:38 2005 From: mcalnek at PCPLACE.CA (Milton Calnek) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd setup a software mirror, if mirroring was your intended goal. The actual partition layout depends on your goals/situation. I'd probably do it one of 2 ways: 1. /boot 100M swap 2 * $RAM / The rest 2. /boot 100M swap 2 * $RAM / 10G /var 20G /var/spool/mail the rest Lance Haig wrote: > Hi, > > I have tried now for two days to get my SATA raid card to work with my > new server but I have decided that it is to much effort to find drivers > for it. > > I now have 2 80 gig SATA drives for my new MS server and was wondering > wat you guys would suggest as the ideal way to partition my system > > I normaly create a 500MB boot with EXT2 and then the rest is set to / > > I am open to suggestions. > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDaNpyHgnbf2T2QqMRAnVCAJ9PeDVa1H9F3WhD3VnQEueDcHQrUQCfbziw LO42mVuy9RMenNwCOvD/3uQ= =FTHd -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 2 17:39:37 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Mike Hmm by default MS will install/update the Sophos stuff to /usr/local/Sophos ...... are you sure that's local (I mean not on the filer). MS tends to get upset if it's not in that location. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Brudenell > Sent: 02 November 2005 17:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] A well-hung MailScanner :-( > > Greetings - > > --On 2 November 2005 16:55:55 +0000 Martin Hepworth > wrote: > > > How are you handling the link to the file NFS with soft links or hard > > links. > > > > I've seen older versions of Solaris get upset when NFS links go offline, > > even when they are to soft links.. > > Ummm, I'm not sure which file you're referring to... > > We have a directory tree (/opt/york) which is purely on locally attached > disk: > > * When I installed the system I built new versions of Perl, BerkeleyDB, > etc to just go into/use /opt/york > > * Sophos is also installed directly into /opt/york; there are no > symlinks > via the NFS-mounted /usr/local > > * Similarly MailScanner is installed directly into /opt/york; there are > no symlinks via /usr/local > > I carefully went through all the MailScanner scripts and changed > references > to /usr/local/... to /opt/york/... in (I think!) every relevant location. > I've been using 'find' and 'grep' most of the afternoon to try and track > down any I missed but to no avail. > > My head hurts. > > Cheers, > Mike B-} > > -- > The Computing Service, University of York, Heslington, York Yo10 5DD, UK > Tel:+44-1904-433811 FAX:+44-1904-433740 > > * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Nov 3 14:20:47 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: MailScanner mailing list <> scribbled on Thursday, November 03, 2005 7:04 AM: >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher >> Sent: Thursday, November 03, 2005 1:58 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: installing libmilter >> >> MailScanner mailing list <> scribbled on Thursday, November > 03, 2005 >> 6:04 >> AM: >> >>> Hi all pro's :) >>> >>> Could somone shed some light how to do the libmilter >> installation on >>> CentOS. >>> I managed to figure out I need the source to build the libmilter >>> included in the package >>> >> > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm >>> before I can do the rest but Im not sure how to actually do the >>> libmilter/sendmail rebuild thingy. >>> >>> If this is something someone like me should not do pls >> informa and Ill >>> drop it until I actually know what Im doing >>> >>> Never even tried to rebuild sendmail since I only use out >> of the box >>> with some changes in sendmail.mc so go easy on a hardcore > newbie :) >>> >>> /Anders >>> >> You should be able to just rebuild the .src.rpm as is. If > you watch >> the build process, you will see "milter" scroll across your screen >> several times. Are you certain you don't already have the milter >> support? >> >> Mike >> > > Nope, Im not sure and dont have a clue how to check :( > Recent versions of sendmail have libmilter included by default. You are probably good to go already. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joe at NAOS.STERLING.NET Thu Nov 3 16:09:27 2005 From: joe at NAOS.STERLING.NET (Joe Young) Date: Thu Jan 12 21:31:04 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: Help, I am running on CentOS release 4.0 (Final) with Perl version 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has been scoring lower than normal for the last couple of weeks. Most of the untagged spam has been the geocities link spam and the emails that contain mostly images. Almost all of the spam emails are scored with BAYES_00 -2.60. What are some possible steps to change the bayes score without feeding it spam? Thank you, Joe Young ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Nov 3 12:58:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: MailScanner mailing list <> scribbled on Thursday, November 03, 2005 6:04 AM: > Hi all pro's :) > > Could somone shed some light how to do the libmilter > installation on CentOS. > I managed to figure out I need the source to build the > libmilter included in the package > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > before I can do the rest but Im not sure how to actually do > the libmilter/sendmail rebuild thingy. > > If this is something someone like me should not do pls > informa and Ill drop it until I actually know what Im doing > > Never even tried to rebuild sendmail since I only use out of > the box with some changes in sendmail.mc so go easy on a > hardcore newbie :) > > /Anders > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! You should be able to just rebuild the .src.rpm as is. If you watch the build process, you will see "milter" scroll across your screen several times. Are you certain you don't already have the milter support? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 17:27:42 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Greetings - --On 2 November 2005 16:55:55 +0000 Martin Hepworth wrote: > How are you handling the link to the file NFS with soft links or hard > links. > > I've seen older versions of Solaris get upset when NFS links go offline, > even when they are to soft links.. Ummm, I'm not sure which file you're referring to... We have a directory tree (/opt/york) which is purely on locally attached disk: * When I installed the system I built new versions of Perl, BerkeleyDB, etc to just go into/use /opt/york * Sophos is also installed directly into /opt/york; there are no symlinks via the NFS-mounted /usr/local * Similarly MailScanner is installed directly into /opt/york; there are no symlinks via /usr/local I carefully went through all the MailScanner scripts and changed references to /usr/local/... to /opt/york/... in (I think!) every relevant location. I've been using 'find' and 'grep' most of the afternoon to try and track down any I missed but to no avail. My head hurts. Cheers, Mike B-} -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Nov 3 15:55:09 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > > Sent: Thursday, November 03, 2005 1:58 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: installing libmilter > > > > You should be able to just rebuild the .src.rpm as is. If > > you watch the build process, you will see "milter" scroll > > across your screen several times. Are you certain you don't > > already have the milter support? > > > > Mike > > > > Nope, Im not sure and dont have a clue how to check :( Run sendmail from the command line with -d0.2, eg: /usr/lib/sendmail -d0.2 Look at the output for 'MILTER' -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "I haven't lost my mind...I sold it on eBay!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 2 17:34:07 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce spake the following on 11/2/2005 8:06 AM: > Glenn Steen wrote: > >> Same here (although I'm already +1 to Denis' total:-). >> Seems to be a pox of bagle variants "going on" right now, so you might >> just be seeing the ... speed/frequency of updates put out by BD. >> >> I've been very glad to have BD this night, sole one picking up some of >> them... And that with heuristics. >> >> So much for it being ... "quiet on the viral front", as discussed >> earlier:) >> > > Yup. We had to shutdown all the computers yesterday. Was in a meeting > discussing the dangers of hooking up laptops to our network, when one of > our techs sticks his in the door and says we seem to be having a > problem. I was only running ClamAV but it stopped all the Bagle variants > hitting us through email. > > Just for grins I ran ClamAV and BitDefender against the email archives > and lots of email infected, but not detected because they were > identified as Spam. Must think on this because I have email not cleaned > up so people can release from Quarantine. Now we could be releasing > infected emails. > You could run with the "keep quarantine clean" option. WIll add to load because MailScanner will virus scan the spam also. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Wed Nov 2 16:51:56 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi Peter, On Wed, 2005-11-02 at 14:33 +0000, Peter Bates wrote: > Hello all/Steve! > > > smf@F2S.COM 02/11/05 13:21:35 >>> > >Curious - next best thing is going to be to pick a quiet time and run > a > >batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin > = > >yes' and see if anything shows up there. > > Well, I've done that, and I have a few odd results, which probably > explain why bits aren't working... > > Right at the top we have: > > [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules > pre files > [16029] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [16029] dbg: config: using "/usr/share/spamassassin" for default rules > dir > Whoops... I think that begins to explain my problem. > > I can also see: > > [16029] info: config: failed to parse line, skipping: urirhssub > URIBL_JP_SURBL > multi.surbl.org. A 64 > > [16029] dbg: uri: running uri tests; score so far=0.96 > [16029] dbg: rules: no method found for eval test check_uridnsbl > rules: failed to run URIBL_JP_SURBL test, skipping: > (Can't locate object method "check_uridnsbl" via package > "Mail::SpamAssa > ssin::PerMsgStatus" at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgSt > atus.pm line 2581. > ) > > ... which also explain why I seem to be seeing no hits on URIs since > upgrading. > > Any thoughts? > > There's clearly something that was okay in my MailScanner.conf (or > spam.assassin.prefs.conf) for 3.0.4 but is now very *unhappy*. > > In MailScanner.conf: > > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > > Oh, just as it seemed an obvious thing to do, > I symlinked /usr/etc/mail/spamassassin to /etc/mail/spamassassin, > and guess what? It now works... > > Is there some default setting here I'm missing in what is a fairly > 'out of the box' install? I've just been building some RPM's for SA 3.1 - it appears that the MakeMaker config has changed between 3.0.x and 3.1.x. How did you build SpamAssassin?? - I found that I had run: perl Makefile.PL PREFIX=/usr SYSCONFDIR=/etc/mail/spamassassin to get it to look in the correct places (in 3.0.x I only had to specify PREFIX). Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Nov 3 08:52:57 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: On Wed, 2005-11-02 at 10:50 -0800, Scott Silva wrote: > Ed Bruce spake the following on 11/2/2005 10:37 AM: > > Scott Silva wrote: > > > >>Ed > >> > >>> > >>>Yup. We had to shutdown all the computers yesterday. Was in a meeting > >>>discussing the dangers of hooking up laptops to our network, when one of > >>>our techs sticks his in the door and says we seem to be having a > >>>problem. I was only running ClamAV but it stopped all the Bagle variants > >>>hitting us through email. > >>> > >>>Just for grins I ran ClamAV and BitDefender against the email archives > >>>and lots of email infected, but not detected because they were > >>>identified as Spam. Must think on this because I have email not cleaned > >>>up so people can release from Quarantine. Now we could be releasing > >>>infected emails. > >>> > >>> > >>> > >>You could run with the "keep quarantine clean" option. > >>WIll add to load because MailScanner will virus scan the spam also. > >> > >> > >> > >> > > > > But if I do that then I can't use MailWatch to release messages form > > quarantine. It appears that the clean up is storing emails in a format > > that can't be released from Quarantine. I'm still not sure what to do or > > what I did that may have caused this. I'm still looking at the options. > > We've had a few important emails that were misidentified and I was able > > to just release them from quarantine. But only because I had removed the > > keep quarantine clean option. Not so - I always use the 'Keep Spam And MCP Archive Clean' setting when using MailWatch to prevent users/admins from releasing anything that was detected as infected by a virus scanner. If this is preventing you from releasing a legitimate message then you need to treat the cause of the problem: a false-positive from the virus scanner, most of them that I've seen can be fixed by raising the 'ClamAVmodule Maximum Compression Ratio' module (if ClamAVmodule is used) or changing the settings in clamav-wrapper to achieve the same. The clue as to why the message is marked as infected will be in the 'Report:' section on the Message Detail screen in MailWatch - it might be worth posting the message here. > > > Would adding an option to the spam actions ( and high scoring spam > options) to forward to an alias pointed to the bitbucket cause a virus > scan of an infected spam message "before" it is stored? > Worth a try for a day or so. > You could probably forward a real spammy example from your archives, > with an eicar attachment and test it. > This does exactly the same thing as 'Keep Spam And MCP Archive Clean' - so it wouldn't make any difference. I would only recommend this on MailScanner versions that don't have the proper option to do this. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 2 17:16:08 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:04 2006 Subject: Reporting Spam by E-mail. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Aaron K. Moore wrote: > Anyone setup an e-mail address for bouncing spam to be processed by > spamassassin? I'd like to set up addresses for reporting spam and ham. > > I've found a few old links on setting it up with SpamAssassin, but > nothing with MailScanner. I'd check the wiki, but it's not back up yet. > > Thanks. > > Aaron > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > E-mail: amoore@dekalbmemorial.com > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* It's a bit complicated since most users don't know how to properly forward messages intact, without useless headers or html. Perhaps your best bet is to set up a public imap folder where they can just "throw them in", and you can use a script to train your spamassassin every night while disregarding your own headers. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 2 18:10:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bates spake the following on 11/2/2005 6:33 AM: > Hello all/Steve! > > >>smf@F2S.COM 02/11/05 13:21:35 >>> >>Curious - next best thing is going to be to pick a quiet time and run > > a > >>batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin > > = > >>yes' and see if anything shows up there. > > > Well, I've done that, and I have a few odd results, which probably > explain why bits aren't working... > > Right at the top we have: > > [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules > pre files > [16029] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [16029] dbg: config: using "/usr/share/spamassassin" for default rules > dir > > ... the second two are OK, but the first is an empty directory > (init.pre is in /etc/mail/spamassassin) > > [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules > dir > [16029] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" > for user > prefs file > > Same problem here... it has found the .conf file, but site rules is set > to an empty dir. > > [16029] info: config: failed to parse line, skipping: > auto_whitelist_path > /var/spool/MailScanner/spamassassin/auto-whitelist > [16029] info: config: failed to parse line, skipping: > auto_whitelist_file_mode > 0600 > [16029] info: config: failed to parse line, skipping: pyzor_path > /usr/bin/pyzor > [16029] info: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dc > cproc > [16029] info: config: failed to parse line, skipping: razor_timeout 10 > [16029] info: config: failed to parse line, skipping: pyzor_timeout 10 > > Whoops... I think that begins to explain my problem. > > I can also see: > > [16029] info: config: failed to parse line, skipping: urirhssub > URIBL_JP_SURBL > multi.surbl.org. A 64 > > [16029] dbg: uri: running uri tests; score so far=0.96 > [16029] dbg: rules: no method found for eval test check_uridnsbl > rules: failed to run URIBL_JP_SURBL test, skipping: > (Can't locate object method "check_uridnsbl" via package > "Mail::SpamAssa > ssin::PerMsgStatus" at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgSt > atus.pm line 2581. > ) > > ... which also explain why I seem to be seeing no hits on URIs since > upgrading. > > Any thoughts? > > There's clearly something that was okay in my MailScanner.conf (or > spam.assassin.prefs.conf) for 3.0.4 but is now very *unhappy*. > > In MailScanner.conf: > > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > > Oh, just as it seemed an obvious thing to do, > I symlinked /usr/etc/mail/spamassassin to /etc/mail/spamassassin, > and guess what? It now works... > > Is there some default setting here I'm missing in what is a fairly > 'out of the box' install? > I had this problem also, temporarily solved it with softlinks from /usr/etc/mail/spamassassin to /etc/mail/spamassassin I think Julian's install package needs to be tweaked to fix the default SYSCONFDIR. Something must have changed in spamassassin with 3.1.0. I would have a look at it, but Julian would probably have it fixed and posted before I could get it e-mailed to him. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Nov 2 15:51:43 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi, Besides installing the missing or outdated modules from CPAN, as suggested by another reply, I think you will also have other problems, since SpamAssassin 3.x requires perl 5.6 or higher! You will have to install a second copy of Perl along side the RAQ version 5.003, which is used by some of the RAQ admin-scripts. Adri. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders > Sent: woensdag 2 november 2005 10:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mailscanner 4.46/4.47 on Raq4 > > Hi, > trying to install Mailscanner on a well maintained Cobalt > Raq4 (fully patched etc...) > > I am using the rpm.package and trying to follow instructions > found at http://www.qitc.net/ support/mailscanner/ (linked > from the Mailscanner installation guides page). > > I run into problem almost immediately, please see the > following excerpt from my installation log: > --------------------------------------------------------------- > [root MailScanner-4.46.2-2]# ./install.sh > > > Good. You have the patch command. > > Good, you have /usr/src/redhat in place. > > Good, unpackaged files will not break the build process. > > Good, you appear to only have 1 copy of Perl installed. > > I think you are running Perl 5.00503. > Ensuring that you have all the header files that are needed > to build HTML-Parser which is used by both MailScanner and > SpamAssassin. > > This script will pause for a few seconds after each major > step, so do not worry if it appears to stop for a while. > If you want it to stop so you can scroll back through the > output then press Ctrl-S to stop the output and Ctrl-Q to > start it again. > > > If this fails due to dependency checks, and you wish to > ignore these problems, you can run > ./install.sh nodeps > > Setting Perl5 search path > > I think your system will build architecture-dependent modules for i386 > > Rebuilding all the Perl RPMs for your version of Perl > > Attempting to build and install > perl-ExtUtils-MakeMaker-6.30-1 Installing > perl-ExtUtils-MakeMaker-6.30-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.55082 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd /usr/src/redhat/BUILD > + rm -rf ExtUtils-MakeMaker-6.30 > + /bin/gzip -dc /usr/src/redhat/SOURCES/ExtUtils-MakeMaker-6.30.tar.gz > + tar -xf - > + STATUS=0 > + [ 0 -ne 0 ] > + cd ExtUtils-MakeMaker-6.30 > ++ /usr/bin/id -u > + [ 0 = 0 ] > + /bin/chown -Rhf root . > ++ /usr/bin/id -u > + [ 0 = 0 ] > + /bin/chgrp -Rhf root . > + /bin/chmod -Rf a+rX,g-w,o-w . > + exit 0 > Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.55082 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd ExtUtils-MakeMaker-6.30 > + CFLAGS=-O2 -m486 -fno-strength-reduce > + perl Makefile.PL > + PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr > You have File::Spec version 0.6 > ExtUtils::MakeMaker requires File::Spec >= 0.8 to build at all. > BEGIN failed--compilation aborted at Makefile.PL line 20. > Bad exit status from /var/tmp/rpm-tmp.55082 (%build) > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm. > Maybe it did not build correctly? > --------------------------------------------------------------- > Not a very good start to my installation..... I get other > errors further along the installation as well. > When extracted, I can see that there is a File::Spec package > included. ??? > > So, anyone has any idea on how to proceed? > > Regards, > Anders > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 21:28:38 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Brian, This is exactly what I want to do. I will then remove the setting in bios for raid and setup software raid instead. Thanks for the help. Lance Mailscanner wrote: >Lance Haig wrote: > > >>Hi, >> >>I have tried now for two days to get my SATA raid card to work with my >>new server but I have decided that it is to much effort to find >>drivers for it. >> >>I now have 2 80 gig SATA drives for my new MS server and was wondering >>wat you guys would suggest as the ideal way to partition my system >> >>I normaly create a 500MB boot with EXT2 and then the rest is set to / >> >>I am open to suggestions. >> >>Thanks >> >>Lance >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > >Lance, > > >Did you want to use the raid controllers raid ? Or were you planning on >using software raid ? Most raid controllers are fake-raid anyways. Do a >google search for 'linux fake raid' > >I use centos 4.2 and software raid with lvm etc. Works like a charm, you >can even online resize etc. Its way more flexible than hardware raid, in >particular because you can do things like, stripe a certain part of the >disk and mirror another part. Also, the benefit of using software raid >is that your data is not dependant on the raid controller being around, >by that I mean, if your raid controller dies, you may well find yourself >in the situation where you need to get *exactly* the same raid >controller card, and possibly, the same firmware version, before you can >get at your data. Not a nice situation. > >Give us some more details on what your trying to do and I'm sure there >are plenty people who would be willing to help. > > >Cheers, > >Brian. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Thu Nov 3 16:49:38 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:31:04 2006 Subject: How to debug IPBlock? Message-ID: On Sat, 29 Oct 2005, Jeff A. Earickson wrote: > IPBlock. It has been in the code for a while, works great, provided > you don't have stupid typos in your IPBlock.conf file. When Julian released the latest MS on Nov 1st, I decided to gave IPBlock a try for the first time. I'm using a temporary hash file, not the "real" access.db. So, over the last couple of days I watch the contents of that file and noticed that some entries are never purged by the cronjob. They were added when I changed to a low default, say 10 mails/hour and afterwards added to the whitelist (1000/hour). Let's say, my IPBlock.conf looks like this: # Whitelists 192.168.1.100 10 # MX #default default 1000 Now, in the hash file, I have an entry MX "451 Site blocked by MailScanner due to excessive email" where MX is the real hostname of the MX, not the IP. It never gets removed from the access file. I really think it's a great feature, I just fear that someday, I may block hosts without ever taking notice of. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 3 12:03:44 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:04 2006 Subject: OT: installing libmilter Message-ID: Hi all pro's :) Could somone shed some light how to do the libmilter installation on CentOS. I managed to figure out I need the source to build the libmilter included in the package http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm before I can do the rest but Im not sure how to actually do the libmilter/sendmail rebuild thingy. If this is something someone like me should not do pls informa and Ill drop it until I actually know what Im doing Never even tried to rebuild sendmail since I only use out of the box with some changes in sendmail.mc so go easy on a hardcore newbie :) /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Nov 3 13:45:12 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > That ol' thing still works like a charm, yes. Used it for ages. > Downside is that it doesn't really keep the spam quarantine clean, it > just make sure that that message is detected as a virus carrier (scan > is "forced" since it is delivered). In a MailWatch environment, where > you never (or seldom:) release messages from commandline, this is not > a problem. > > But the Keep Clean thing should work too, and this time really keep > the spam quarantine clean. > > Ed, might it be as simple as you looking in the wrong place for the > quarantined message? Or were they ... "munged up" in some unfortunate > way? > What happened is I had reject emails with encrypted zip files. Except to certain combinations of sender and receiver. Well somebody sent an email to the boss at a little used email address. This email was marked as dangerous. When I went to use the release from quarantine I didn't have that option. I was able to go to the quarantine and manually find the email and get the zip file, so I was just being lazy and not keeping quarantine clean, I will be setting this back and do the manually release steps. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Wed Nov 2 14:28:21 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:31:04 2006 Subject: Reporting Spam by E-mail. Message-ID: Anyone setup an e-mail address for bouncing spam to be processed by spamassassin? I'd like to set up addresses for reporting spam and ham. I've found a few old links on setting it up with SpamAssassin, but nothing with MailScanner. I'd check the wiki, but it's not back up yet. Thanks. Aaron -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Wed Nov 2 14:48:59 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders wrote: > + umask 022 > + cd /usr/src/redhat/BUILD > + cd ExtUtils-MakeMaker-6.30 > + CFLAGS=-O2 -m486 -fno-strength-reduce > + perl Makefile.PL PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr > You have File::Spec version 0.6 > ExtUtils::MakeMaker requires File::Spec >= 0.8 to build at all. > BEGIN failed--compilation aborted at Makefile.PL line 20. > Bad exit status from /var/tmp/rpm-tmp.55082 (%build) Do as it says - install File::Spec version >= 0.8 http://search.cpan.org/CPAN/authors/id/K/KW/KWILLIAMS/File-Spec-0.90.tar.gz -- Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Nov 2 14:24:01 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 02/11/05, Denis Beauchemin wrote: > Ugo Bellavance wrote: > > > Hi, > > > > Anyone had to update Bitdefender manually recently? I've seen > > servers that weren't at the latest defs, but nothing weird in the log. > > > > Regards, > > Ugo, everything is fine here: > bdc --info > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Engine signatures: 232371 > Scan engines: 13 > Archive engines: 39 > Unpack engines: 3 > Mail engines: 6 > System engines: 0 > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > Same here (although I'm already +1 to Denis' total:-). Seems to be a pox of bagle variants "going on" right now, so you might just be seeing the ... speed/frequency of updates put out by BD. I've been very glad to have BD this night, sole one picking up some of them... And that with heuristics. So much for it being ... "quiet on the viral front", as discussed earlier:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 14:33:51 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hello all/Steve! > smf@F2S.COM 02/11/05 13:21:35 >>> >Curious - next best thing is going to be to pick a quiet time and run a >batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin = >yes' and see if anything shows up there. Well, I've done that, and I have a few odd results, which probably explain why bits aren't working... Right at the top we have: [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules pre files [16029] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [16029] dbg: config: using "/usr/share/spamassassin" for default rules dir ... the second two are OK, but the first is an empty directory (init.pre is in /etc/mail/spamassassin) [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules dir [16029] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file Same problem here... it has found the .conf file, but site rules is set to an empty dir. [16029] info: config: failed to parse line, skipping: auto_whitelist_path /var/spool/MailScanner/spamassassin/auto-whitelist [16029] info: config: failed to parse line, skipping: auto_whitelist_file_mode 0600 [16029] info: config: failed to parse line, skipping: pyzor_path /usr/bin/pyzor [16029] info: config: failed to parse line, skipping: dcc_path /usr/local/bin/dc cproc [16029] info: config: failed to parse line, skipping: razor_timeout 10 [16029] info: config: failed to parse line, skipping: pyzor_timeout 10 Whoops... I think that begins to explain my problem. I can also see: [16029] info: config: failed to parse line, skipping: urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 [16029] dbg: uri: running uri tests; score so far=0.96 [16029] dbg: rules: no method found for eval test check_uridnsbl rules: failed to run URIBL_JP_SURBL test, skipping: (Can't locate object method "check_uridnsbl" via package "Mail::SpamAssa ssin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgSt atus.pm line 2581. ) ... which also explain why I seem to be seeing no hits on URIs since upgrading. Any thoughts? There's clearly something that was okay in my MailScanner.conf (or spam.assassin.prefs.conf) for 3.0.4 but is now very *unhappy*. In MailScanner.conf: SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = Oh, just as it seemed an obvious thing to do, I symlinked /usr/etc/mail/spamassassin to /etc/mail/spamassassin, and guess what? It now works... Is there some default setting here I'm missing in what is a fairly 'out of the box' install? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 18:09:47 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Greetings - --On 2 November 2005 17:39:37 +0000 Martin Hepworth wrote: > Hmm by default MS will install/update the Sophos stuff to > /usr/local/Sophos ...... are you sure that's local (I mean not on the > filer). MS tends to get upset if it's not in that location. I think you're thinking of using the install.sh script or a package: I use neither but instead prefer to unpack and un-tar the tar archive. There is *no* part of the MailScanner distribution on /usr/local (which in non-local, being NFS-mounted); it really is all unpacked onto /opt/york (which _is_ on local disk). --On 2 November 2005 17:41:32 +0000 Steve Freegard wrote: > Have you got the 'lsof' (list open files) and 'lslk' (list locks) > installed (I don't know anything about Solaris) - as these usually help > me out in cases like this. We have lsof (not sure about lslk). The trouble is that MailScanner doesn't seem to have anything outstanding as far as I can see ... it worked just fine when the filer was down apart from when the hourly Sophos update triggered. There seems to be 'something' related directly to this event that's the problem. Unfortunately at the time I didn't realise it had hung, do didn't login to try and work out what was wrong. I've only discovered the hang after the filer was restored to service, by which time whatever was hanging now isn't and nothing else MailScanner-related seems to be trying to gets its sticky fingers on /usr/local. I guess what I really need is for our filer to die again. (I hope my colleague who was fighting it all morning doesn't read that! ;-) Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Nov 3 09:50:15 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: On Thu, 2005-11-03 at 10:30 +0100, Glenn Steen wrote: > On 03/11/05, Steve Freegard wrote: > (snip) > > I was under the impression that unlike the hack, which will leave the > message in both the spam and the virus quarantine, the "Keep Clean" > thing will actually remove the virus infected message from the spam > quarantine. > Am I wrong in thinking this? Not really sure on this - it could have been a side-effect of the hack, but it shouldn't make a difference as the message would be still be in the main quarantine. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Thu Nov 3 17:16:25 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:04 2006 Subject: How to determine proper whitelist value Message-ID: Hello, One of my users is confused about why negative scoring emails still gets marked as spam. The answer I gave him was that it has to do with it being on 2 or more BLs. This is correct isn't? When whitelisting something should I whitelist whatever is found in the X--MailScanner-From: header? He forwarded some to me and Outlook says the From is abc@yahoo.com but the X--MailScanner-From: header says it is from sentto-2142155-6148-1142153036-=swatgear.com@returns.groups.ya hoo.com. This is from a mailing list and more than one person on the list gets a negative spam score... so I'm thinking I should whitelist *@returns.groups.yahoo.com as opposed to something horrid like *@yahoo.com. How do I properly handle this situation? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Nov 3 15:56:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:04 2006 Subject: update_phishing_sites script Message-ID: Julian, After upgrading to 4.47.2, I surmised that I needed a daily cronjob to run update_phishing_sites, to get the latest info from you. So I added one. It failed, since root does not have /usr/local/bin in its path on my box. I suggest the following addition to update_phishing_sites: *** update_phishing_sites.orig Thu Nov 3 08:33:10 2005 --- update_phishing_sites Thu Nov 3 08:36:12 2005 *************** *** 31,36 **** --- 31,38 ---- # United Kingdom # + PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin + if [ -d /opt/MailScanner/etc ]; then cd /opt/MailScanner/etc else Jeff Earickson Colby College PS. Sorry to hear about your fire. When are you going to start writing "FireScanner"? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 3 09:16:16 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 02/11/05, Scott Silva wrote: > Ed Bruce spake the following on 11/2/2005 10:37 AM: (snip) > > > > But if I do that then I can't use MailWatch to release messages form > > quarantine. It appears that the clean up is storing emails in a format > > that can't be released from Quarantine. I'm still not sure what to do or > > what I did that may have caused this. I'm still looking at the options. > > We've had a few important emails that were misidentified and I was able > > to just release them from quarantine. But only because I had removed the > > keep quarantine clean option. > > > Would adding an option to the spam actions ( and high scoring spam > options) to forward to an alias pointed to the bitbucket cause a virus > scan of an infected spam message "before" it is stored? > Worth a try for a day or so. That ol' thing still works like a charm, yes. Used it for ages. Downside is that it doesn't really keep the spam quarantine clean, it just make sure that that message is detected as a virus carrier (scan is "forced" since it is delivered). In a MailWatch environment, where you never (or seldom:) release messages from commandline, this is not a problem. But the Keep Clean thing should work too, and this time really keep the spam quarantine clean. Ed, might it be as simple as you looking in the wrong place for the quarantined message? Or were they ... "munged up" in some unfortunate way? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 21:32:59 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Matt, Thanks for the detailed setup I will read through this with interest. i just need to twork out software raid now Lance Matt Kettler wrote: >Lance Haig wrote: > >>Hi, >> >>I have tried now for two days to get my SATA raid card to work with my >>new server but I have decided that it is to much effort to find drivers >>for it. >> >>I now have 2 80 gig SATA drives for my new MS server and was wondering >>wat you guys would suggest as the ideal way to partition my system >> >>I normaly create a 500MB boot with EXT2 and then the rest is set to / >> >>I am open to suggestions. >> > >I'd suggest having a separate /var partition. This way if /var/spool/* or >/var/log/* fills up, you are not completely out of disk on all parts of the >filesystem. Conversely, if a large download to your home dir takes up a lot of >disk space, your mail queues can keep running without a hitch. > >I usually make separate /boot, /var, /home, /usr and /tmp partitions, in >addition to /. This might be more than you'd want for your needs, but a >separate /var and /tmp can both be useful. > >If your box is devoted to mailscanner you might even consider making a separate >/var/spool too. > >Here's my current layup on a mailscanner/dns box. It's not optimal, but it works: > >Filesystem 1K-blocks Used Available Use% Mounted on >/dev/sda6 7060276 892608 5809020 14% / >/dev/sda1 101089 13293 82577 14% /boot >/dev/sda5 5036284 41340 4739112 1% /chroot >/dev/sda7 4538124 501900 3805696 12% /home >/dev/sda8 1510032 32980 1400344 3% /tmp >/dev/sda2 10080520 1375392 8193060 15% /usr >/dev/sda3 9068648 525800 8082188 7% /var > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Wed Nov 2 13:21:35 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi Peter, On Wed, 2005-11-02 at 12:55 +0000, Peter Bates wrote: > Hi all... > > > smf@F2S.COM 02/11/05 12:45:31 >>> > >Just a guess - but are you running MailScanner as a non-root user > e.g. > >running as postfix/exim?? > > Yes, indeed. I'm running Postfix, and MS is running as 'postfix'. > > >How about running 'su - postfix/exim' and the running 'spamassassin > >-p /etc/MailScanner/spam.assassin.prefs.con -D --lint 2>&1' and see > what > >clues you get from that? > > A wise plan that I hadn't thought of... unfortunately, no joy. > The lint runs, I see network traffic, I get: <> > ... the above is snipped a bit, but shows Razor, Pyzor and DCC being > run. Curious - next best thing is going to be to pick a quiet time and run a batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin = yes' and see if anything shows up there. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 2 13:41:26 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:04 2006 Subject: Disabling Bad Filename / Virus Notifications Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon:: Blacknight.ie wrote: > >The plural of virus is viruses. > > > It's not viri (which is plural for man) or virii, *that* we can agree with. Virus is a mass noun, like "vulgus" (the crowd), which doesn't appear to have a proper plural. In English it's customary to use "viruses", but only out of convention. I usually avoid the discussion by avoiding the use of the plural using grammatical sleight-of-hand, replacing phrases such as "messages with viruses" with "virus-infected messages" and so on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Nov 2 13:47:47 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Hi, > > Anyone had to update Bitdefender manually recently? I've seen > servers that weren't at the latest defs, but nothing weird in the log. > > Regards, Ugo, everything is fine here: bdc --info BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Engine signatures: 232371 Scan engines: 13 Archive engines: 39 Unpack engines: 3 Mail engines: 6 System engines: 0 Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at GMAIL.COM Wed Nov 2 12:32:31 2005 From: devonharding at GMAIL.COM (Devon Harding) Date: Thu Jan 12 21:31:04 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What about IPBlock? Will this work for me? Where can I find more info on this? On 11/1/05, Raylund Lai < raylund.lai@kankanwoo.com> wrote: A useful article http://www.technoids.org/dossed.html Cheers Raylund Devon Harding wrote: > How can I protect my MailScanner/sendmail server against DoS attacks? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at f2s.com Wed Nov 2 12:45:31 2005 From: smf at f2s.com (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi Peter, On Wed, 2005-11-02 at 12:37 +0000, Peter Bates wrote: > Hello all... > > MailScanner 4.4.7 on RHEL4... up and till earlier today, SA 3.0.4 > > Today I upgraded to 3.1, using the handy 'Install-Clam-SA' package, > all went well. > > However, I'm beginning to see a problem with the 'hash-based network > tests' > sort of features ... I'd seen this on another box running just > spamc/spamd > and didn't really think it would affect my MS production service, but I > seem > to have run into the same bug. > > Basically... a lint is fine. > (I run: > spamassassin -D --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf > --lint ) > ... you can see the network traffic that is connected to > DCC/Pyzor/Razor, and there is mention of them in the lint output. Just a guess - but are you running MailScanner as a non-root user e.g. running as postfix/exim?? How about running 'su - postfix/exim' and the running 'spamassassin -p /etc/MailScanner/spam.assassin.prefs.con -D --lint 2>&1' and see what clues you get from that? Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 12:37:21 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hello all... MailScanner 4.4.7 on RHEL4... up and till earlier today, SA 3.0.4 Today I upgraded to 3.1, using the handy 'Install-Clam-SA' package, all went well. However, I'm beginning to see a problem with the 'hash-based network tests' sort of features ... I'd seen this on another box running just spamc/spamd and didn't really think it would affect my MS production service, but I seem to have run into the same bug. Basically... a lint is fine. (I run: spamassassin -D --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint ) ... you can see the network traffic that is connected to DCC/Pyzor/Razor, and there is mention of them in the lint output. However... running up SA from within MS, the first thing that becomes blindingly obvious is no more tcp/2703 (Razor), udp/24441 (Pyzor) or udp/6277 (DCC). Bayes and DNS are fine post the upgrade (plenty of BAYES_/DNS_FROM/RCVD_IN rules being hit). Anyone else running any of the above okay with 3.1? And yes, the 'install-Clam-SA' package enabled the DCC/Razor plugins in init.pre, as I say, the lint-test seems to be fine. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 12:55:28 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi all... > smf@F2S.COM 02/11/05 12:45:31 >>> >Just a guess - but are you running MailScanner as a non-root user e.g. >running as postfix/exim?? Yes, indeed. I'm running Postfix, and MS is running as 'postfix'. >How about running 'su - postfix/exim' and the running 'spamassassin >-p /etc/MailScanner/spam.assassin.prefs.con -D --lint 2>&1' and see what >clues you get from that? A wise plan that I hadn't thought of... unfortunately, no joy. The lint runs, I see network traffic, I get: [31038] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [31038] dbg: razor2: results: spam? 0 [31038] dbg: razor2: results: engine 8, highest cf score: 0 [31038] dbg: razor2: results: engine 4, highest cf score: 0 [31038] dbg: pyzor: pyzor is available: /usr/bin/pyzor [31038] dbg: info: entering helper-app run mode [31038] dbg: pyzor: opening pipe: /usr/bin/pyzor --homedir /var/spool/MailScanne r/spamassassin/pyzor check < /tmp/.spamassassin31038R3RESftmp [31067] dbg: util: setuid: ruid=89 euid=89 [31038] dbg: pyzor: [31067] finished: exit=0x0100 [31038] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0 [31038] dbg: dcc: dccifd is available: /var/dcc/dccifd [31038] dbg: info: entering helper-app run mode [31038] dbg: dcc: dccifd got response: X-DCC-NIET-Metrics: x.lshtm.ac.uk 1 080; Body=52393 Fuz1=771494 Fuz2=771488 [31038] dbg: info: leaving helper-app run mode ... the above is snipped a bit, but shows Razor, Pyzor and DCC being run. Observing this behaviour at home (admittedly in a spamc/spamd setup) I'd had some thoughts that perhaps the timeouts weren't being defined properly so all 3 things were timing out before they'd even properly been started up... however I'm at a bit of a loss here. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Wed Nov 2 11:28:41 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi, > > I have tried now for two days to get my SATA raid card to work with my > new server but I have decided that it is to much effort to find > drivers for it. > > I now have 2 80 gig SATA drives for my new MS server and was wondering > wat you guys would suggest as the ideal way to partition my system > > I normaly create a 500MB boot with EXT2 and then the rest is set to / > > I am open to suggestions. > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Lance, Did you want to use the raid controllers raid ? Or were you planning on using software raid ? Most raid controllers are fake-raid anyways. Do a google search for 'linux fake raid' I use centos 4.2 and software raid with lvm etc. Works like a charm, you can even online resize etc. Its way more flexible than hardware raid, in particular because you can do things like, stripe a certain part of the disk and mirror another part. Also, the benefit of using software raid is that your data is not dependant on the raid controller being around, by that I mean, if your raid controller dies, you may well find yourself in the situation where you need to get *exactly* the same raid controller card, and possibly, the same firmware version, before you can get at your data. Not a nice situation. Give us some more details on what your trying to do and I'm sure there are plenty people who would be willing to help. Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 09:16:36 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have tried now for two days to get my SATA raid card to work with my new server but I have decided that it is to much effort to find drivers for it. I now have 2 80 gig SATA drives for my new MS server and was wondering wat you guys would suggest as the ideal way to partition my system I normaly create a 500MB boot with EXT2 and then the rest is set to / I am open to suggestions. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Wed Nov 2 09:23:00 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi, trying to install Mailscanner on a well maintained Cobalt Raq4 (fully patched etc...) I am using the rpm.package and trying to follow instructions found at http://www.qitc.net/ support/mailscanner/ (linked from the Mailscanner installation guides page). I run into problem almost immediately, please see the following excerpt from my installation log: --------------------------------------------------------------- [root MailScanner-4.46.2-2]# ./install.sh Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. Good, you appear to only have 1 copy of Perl installed. I think you are running Perl 5.00503. Ensuring that you have all the header files that are needed to build HTML-Parser which is used by both MailScanner and SpamAssassin. This script will pause for a few seconds after each major step, so do not worry if it appears to stop for a while. If you want it to stop so you can scroll back through the output then press Ctrl-S to stop the output and Ctrl-Q to start it again. If this fails due to dependency checks, and you wish to ignore these problems, you can run ./install.sh nodeps Setting Perl5 search path I think your system will build architecture-dependent modules for i386 Rebuilding all the Perl RPMs for your version of Perl Attempting to build and install perl-ExtUtils-MakeMaker-6.30-1 Installing perl-ExtUtils-MakeMaker-6.30-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.55082 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf ExtUtils-MakeMaker-6.30 + /bin/gzip -dc /usr/src/redhat/SOURCES/ExtUtils-MakeMaker-6.30.tar.gz + tar -xf - + STATUS=0 + [ 0 -ne 0 ] + cd ExtUtils-MakeMaker-6.30 ++ /usr/bin/id -u + [ 0 = 0 ] + /bin/chown -Rhf root . ++ /usr/bin/id -u + [ 0 = 0 ] + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.55082 + umask 022 + cd /usr/src/redhat/BUILD + cd ExtUtils-MakeMaker-6.30 + CFLAGS=-O2 -m486 -fno-strength-reduce + perl Makefile.PL PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr You have File::Spec version 0.6 ExtUtils::MakeMaker requires File::Spec >= 0.8 to build at all. BEGIN failed--compilation aborted at Makefile.PL line 20. Bad exit status from /var/tmp/rpm-tmp.55082 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm. Maybe it did not build correctly? --------------------------------------------------------------- Not a very good start to my installation..... I get other errors further along the installation as well. When extracted, I can see that there is a File::Spec package included. ??? So, anyone has any idea on how to proceed? Regards, Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at dcdata.co.za Wed Nov 2 08:08:16 2005 From: matt at dcdata.co.za (matt) Date: Thu Jan 12 21:31:04 2006 Subject: Disabling Bad Filename / Virus Notifications Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi guys Loving mailscanner. It's so much more flexible than amavis-* Anyway, I was wondering if it was possible to disable to notifications sent to recipients regarding bad filenames and virii that have been blocked and have the postmaster be the only person being notified. Alot of our users are not too bright and they get scared and can't sleep for weeks when they get the warning messages. -- matt erasmus DCData -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 2 08:34:16 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:04 2006 Subject: Disabling Bad Filename / Virus Notifications Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] matt wrote: > Hi guys > > Loving mailscanner. It's so much more flexible than amavis-* > > Anyway, I was wondering if it was possible to disable to notifications > sent to recipients regarding bad filenames and virii that have been > blocked and have the postmaster be the only person being notified. The plural of virus is viruses. > > Alot of our users are not too bright and they get scared and can't sleep > for weeks when they get the warning messages. > It is possible. Read MailScanner.conf and you will see how to disable it -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Wed Nov 2 04:56:14 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:31:04 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A useful article http://www.technoids.org/dossed.html Cheers Raylund Devon Harding wrote: > How can I protect my MailScanner/sendmail server against DoS attacks? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 2 03:16:27 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:05 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Anyone had to update Bitdefender manually recently? I've seen servers that weren't at the latest defs, but nothing weird in the log. Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 18:23:59 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:05 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Young spake the following on 11/3/2005 8:09 AM: > > Help, > > I am running on CentOS release 4.0 (Final) with Perl version > 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has been > scoring lower than normal for the last couple of weeks. Most of the untagged > spam has been the geocities link spam and the emails that contain mostly > images. Almost all of the spam emails are scored with BAYES_00 -2.60. What > are some possible steps to change the bayes score without feeding it spam? > > Thank you, > > Joe Young > In your spam.assassin.prefs.conf file you can change the score to closer to zero, otherwise it will keep poisoning the bayes cache. You could try score BAYES_00 -1.00, or add some more rules to help bump the scores up. The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an excellent addition to an excellent product. There are also some rules floating around the list archives for the geocities url junk. Do the e-mails with mostly images score as such? You could bump the scores on those. It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. The scores on the latter are fairly low. Look at http://spamassassin.apache.org/tests_3_1_x.html for the default scores in 3.1.0 If you haven't moved up yet, you might just want to find some time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 2 02:57:51 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:05 2006 Subject: Perl modules for SA 3.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Found while testing SA: > > [19744] dbg: diag: module not installed: Archive::Tar ('require' failed) > [19744] dbg: diag: module not installed: IO::Zlib ('require' failed) > [19744] dbg: diag: module not installed: IP::Country::Fast ('require' > failed) > [19744] dbg: diag: module not installed: Net::Ident ('require' failed) > [19744] dbg: diag: module not installed: IO::Socket::INET6 ('require' > failed) > [19744] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) > > Should I install those modules? Read The Fine INSTALL file that comes with SA 3.1. Under the "Optional Modules" section it will describe what optional features of SpamAssassin make use of these modules. If you don't have the INSTALL file there's a web link to it at: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/INSTALL In short, probably not. Most of those are for spamd features, or sa-update which isn't really on-line yet. The only one that affects MailScanner users at this time would be IP::Country::Fast, and that's for if you want to use the RelayCountry plugin (enhances bayes data with relay country tokens). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From djlucas at ORCSD.ORG Tue Nov 1 21:00:48 2005 From: djlucas at ORCSD.ORG (David Lucas) Date: Thu Jan 12 21:31:05 2006 Subject: Installation of MailScanner Message-ID: How might I look to confirm this?? I've made sure that Notifications is turned off. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: Tuesday, November 01, 2005 3:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Installation of MailScanner On 1 Nov 2005, at 20:28, David Lucas wrote: > Hello, > > I have installed MailScanner 4.46.2 on a Fedora Core 4 box. I'm > constantly > getting Mail Delivery Errors from mail servers on the web. An > example would > be: > > The following recipient(s) could not be reached: > > qodiishla@yahoo.com on 11/1/2005 2:58 PM > The format of the e-mail address is incorrect. Check the > address, look up the recipient in the Address Book, or contact the > recipient > directly to find out the correct address. > < durham.orcsd.org #5.1.3 SMTP; 553 VS10-RT Possible > forgery or > deactivated due to abuse (#5.1.1) 132.177.176.33> > > Or: > > The following recipient(s) could not be reached: > > wpascual@unfauxgettable.net on 11/1/2005 2:56 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the > address and > try again, or contact your system administrator to verify > connectivity to the > email system of the recipient. > < durham.orcsd.org #5.1.2> > > If I stop MailScanner I don't get these errors. But once I start > it I'm > getting about 6 an hour. Does anyone have an idea why?? You are not bouncing spam (or indeed virus warning notifications) by chance are you? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 1 21:59:00 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:05 2006 Subject: question about clamav-wrapper path Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JD Doelitzsch spake the following on 11/1/2005 12:24 PM: > Hmmmmmm? > Ok, clamav-wrapper is in /usr/lib/MailScanner. It only works when I type in > the whole path. Im wondering if the path needs to be added to the > environment in order for MailScanner to work correctly and if so, how do I > add it to the environment? Im running fedora core 4 > > -JD > I wouldn't think you need to, as many people have been sucessfully running MailScanner and ClamAV together without altering the environment. But you do need to check that the virus.scanners.conf entry for clam points to the proper directory for your clam binaries. On my system clam is set to; clamav /usr/lib/MailScanner/clamav-wrapper /usr/local and which clamscan gives; /usr/local/bin/clamscan -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 2 03:17:39 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:05 2006 Subject: Perl modules for SA 3.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Ugo Bellavance wrote: >> Found while testing SA: >> >> [19744] dbg: diag: module not installed: Archive::Tar ('require' failed) >> [19744] dbg: diag: module not installed: IO::Zlib ('require' failed) >> [19744] dbg: diag: module not installed: IP::Country::Fast ('require' >> failed) >> [19744] dbg: diag: module not installed: Net::Ident ('require' failed) >> [19744] dbg: diag: module not installed: IO::Socket::INET6 ('require' >> failed) >> [19744] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) >> >> Should I install those modules? > > Read The Fine INSTALL file that comes with SA 3.1. Done, I also read the UPGRADE file. Turned out I should have read that a long ago :(. > > Under the "Optional Modules" section it will describe what optional features of > SpamAssassin make use of these modules. > > If you don't have the INSTALL file there's a web link to it at: > http://svn.apache.org/repos/asf/spamassassin/branches/3.1/INSTALL > > In short, probably not. Most of those are for spamd features, or sa-update which > isn't really on-line yet. > I see. > The only one that affects MailScanner users at this time would be > IP::Country::Fast, and that's for if you want to use the RelayCountry plugin > (enhances bayes data with relay country tokens). > That was the one that interested me most. Thanks a lot, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 14:52:16 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:05 2006 Subject: Quarantine Not Working? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 14:29, Johnny Stork wrote: > It appears that my quarantine is no longer working after upgrading to 4.47? This may have started earlier but I had not tested or seen virus attachements for some time so I am not sure. Although my quarantine directory (/var/spool/MailScanner/quarantine), has a few folders from previous bad attachements, a recent test with an attached eicar.zip was caught by clamav/mailscanner, an email went out that it was cleaned and quarantined, but nothing new showed up in the quarantine directory? Which MTA are you using? Do you have the permissions set correctly in the quarantine directory? Drew PS Please don't set your return address to only you. If you ask the list, the list might want to know the answer ;-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jeff at DYNAMICTELECARD.COM Tue Nov 1 21:11:13 2005 From: jeff at DYNAMICTELECARD.COM (Jeff Davis) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner book reviews? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Has anyone on the list purchased the latest edition of the Mailscanner book? I'm curious about what you think of it. (If not the updated August 2005 version, a previous version is okay.) Do you think the book is worth the cost? Perhaps you don't think it's worth it but want to support the project. I can't find a list of what is covered in the book so I'm left with a public plea for information. Feel free to email me offlist if you prefer not to make a public statement. Thanks, -Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at yahoo.com Tue Nov 1 18:17:25 2005 From: hermit921 at yahoo.com (hermit921) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: A risk assessment would be a nice idea. Totally useless, though, and I am not supposed to spend time on such things: "The decision has been made". A business needs assessment would be a good idea, too. This is my first experience in how companies choose to use Exchange. Hopefully my last. hermit921 At 09:17 AM 11/1/2005, Martin Hepworth wrote: >Risk.... > >Do a risk assessment of putting the MS-Exch system 'in the internet'. Look >at the threats and LIKELIHOOD of the threat which will give you the business >risk associated with doing this. > >That way you can make an informed choice, rather than get into a my dad is >bigger that yours type argument. > >If you care to publish this after on the wiki (when it's back) that would be >nice too. > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of hermit921 > > Sent: 01 November 2005 17:08 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] MailScanner on Exchange > > > > The idea is to get rid of the MailScanner systems as being a waste of > > time, > > money, hardware, etc. There will be a cluster of Exchange servers facing > > the internet that do something, and then pass email to the back end where > > users will interact. > > > > "All the functionality of MailScanner" will be replicated on either the > > front end or back end - that isn't clear. Of course we will have to go > > from free products to much more expensive commercial products, but that > > doesn't seem to be relevant. > > > > My question is very specific. Do people have a comparison chart, or even > > product list, of applications that run on an Exchange server to duplicate > > MailScanner functionality? > > > > hermit921 > > > > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > > > -----Original Message----- > > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > > Behalf Of hermit921 > > > > Sent: Tuesday, November 01, 2005 11:20 AM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: MailScanner on Exchange > > > > > > > > My company decided to move to Exchange for its main mail server "It's a > > > > Management decision". The two people hired to manage Exchange > claim there > > > > are products that run on the Exchange server that do everything > MailScanner > > > > (and associated programs) can do. I don't believe it. Could I be > wrong, > > > > or even mostly wrong, about this? > > > > > > > > hermit921 > > > > > >This question should set off a flurry of responses :) An Exchange > server can > > >work quite well if you have many $$$, plenty of good technical support and > > >lots of computer resources but they should always be protected from the > > >Internet. I come from a paranoid investment banking environment and there > > >they always protect the Exchange servers behind gateways! > > > > > >A few of my comments: > > > > > >1. Exchange servers tend to be relatively BUSY. Having a MailScanner > gateway > > >in front of the Exchange server will GREATLY reduce the load on the > Exchange > > >server because it will stop most of the Junk at the gateway. We have > > >installed MailScanner gateways on sites that thought they needed an > > >expensive Exchange hardware upgrade. The load was so greatly reduced; the > > >old hardware is still running quietly with no strain. > > > > > >2. You can run multiple free (or lower cost) Virus scanners on the > > >MailScanner gateway. You'll still want a virus scanner on the Exchange > > >server to internal mail for viruses but if you have an enterprise license > > >for a virus scanner, you can probably also use that scanner on the gateway > > >at no additional cost. > > > > > >3. I like to keep Microsoft servers as far away from the Internet as > > >possible. Having a gateway and configuring your Exchange server correctly > > >will keep it a lot safer, more reliable and quieter. > > > > > >4. Read Microsoft's white paper on how to stop spam :) The list is > down so I > > >can't find the link but it's quite amusing and quit sophomoric. Possibly > > >some packrat can send you the link. > > > > > >Stephen Swaney > > >Fort Systems Ltd. > > >stephen.swaney@fsl.com > > >www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at TAC.ESI.NET Tue Nov 1 23:04:25 2005 From: chris at TAC.ESI.NET (chris hammond) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner book reviews? Message-ID: I have but it is still on it's way from CA. Let you know when I get it. Chris >>>jeff@DYNAMICTELECARD.COM 11/01/05 4:11 pm >>> Has anyone on the list purchased the latest edition of the Mailscanner book? I'm curious about what you think of it. (If not the updated August 2005 version, a previous version is okay.) Do you think the book is worth the cost? Perhaps you don't think it's worth it but want to support the project. I can't find a list of what is covered in the book so I'm left with a public plea for information. Feel free to email me offlist if you prefer not to make a public statement. Thanks, -Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at PRESLING.COM Tue Nov 1 02:08:41 2005 From: mark at PRESLING.COM (Mark Presling) Date: Thu Jan 12 21:31:05 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: >Do it on a domain level, we do this all the time and it works very well, you'll have to set up a relay_domains for the mail for the client. >The way we've set it up is to accept on postfix -> mailscanner (spam and virus with Sophos) -> postfix -> domains. > > Doesn't Postfix just lookup the MX entries for the domain in relay_domains and send it on to the higher priority MX than itself? Do you have to run your own internal DNS that flips the MX entries? What I mean is, if you have your server set up as the MX on the Internet DNS servers for somedomain.com (and not their own server), how do you use relay_domains feature of Postfix to forward it on to their server without DNS changes? I have had a MS box in front of an Exchange server inside a LAN by using internal DNS, but haven't tried setting it up outside of the internal network. I'm sorry this is getting away from the original question relating to Exim, but it is a similar problem and I am going to need to do exactly this in the coming weeks for a client. Cheers, Mark >Jon > >Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA >Director/Sr Systems Consultant >MMT Networks Pty Ltd >http://www.mmtnetworks.com.au >Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl > >"I don't know the key to success, but the key to failure > is trying to please everybody." -Bill Cosby > > > > > >>>>chardlist@CHARD.NET 3:44:23 am 1/11/2005 >>> >>>> >>>> >I have a Redhat Linux server running MS for a bunch of virtual domains. >Ultimately all mail is delivered to the appropriate POP account on the same >server. I have a client that would like to still utilize my MS services for >spam and virus protection but instead of having POP accounts would now like >all mail for their domain forwarded to their exchange server after MS has >finished scanning it. Basically a scan and forward service. > >What is the best way to accomplish this? > >I'm running > >Redhat 9 >MS 4.45.4 >Exim 4.52 > > >Thank you, >-Brendan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "mark.vcf") 9 lines. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Tue Nov 1 10:13:53 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:05 2006 Subject: Congratulations Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 09:39, Michele Neylon :: Blacknight Solutions wrote: > Congratulations to Julian for managing to get a stable release out under > the > current conditions. Hear, hear! May I also add my congratulations to yourselves (and the rest of the community who offered assistance) in managing to stand mailscanner.info back up. Sometimes it's the small glimmers of perceived 'normality' that make these things seem just a little less unpleasant. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Tue Nov 1 00:31:12 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:05 2006 Subject: Working with Exchange Message-ID: Do it on a domain level, we do this all the time and it works very well, you'll have to set up a relay_domains for the mail for the client. The way we've set it up is to accept on postfix -> mailscanner (spam and virus with Sophos) -> postfix -> domains. Jon Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby >>> chardlist@CHARD.NET 3:44:23 am 1/11/2005 >>> I have a Redhat Linux server running MS for a bunch of virtual domains. Ultimately all mail is delivered to the appropriate POP account on the same server. I have a client that would like to still utilize my MS services for spam and virus protection but instead of having POP accounts would now like all mail for their domain forwarded to their exchange server after MS has finished scanning it. Basically a scan and forward service. What is the best way to accomplish this? I'm running Redhat 9 MS 4.45.4 Exim 4.52 Thank you, -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Nov 1 16:46:41 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of hermit921 > Sent: Tuesday, November 01, 2005 11:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner on Exchange > > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange claim there > are products that run on the Exchange server that do everything > MailScanner > (and associated programs) can do. I don't believe it. Could I be wrong, > or even mostly wrong, about this? > > hermit921 This question should set off a flurry of responses :) An Exchange server can work quite well if you have many $$$, plenty of good technical support and lots of computer resources but they should always be protected from the Internet. I come from a paranoid investment banking environment and there they always protect the Exchange servers behind gateways! A few of my comments: 1. Exchange servers tend to be relatively BUSY. Having a MailScanner gateway in front of the Exchange server will GREATLY reduce the load on the Exchange server because it will stop most of the Junk at the gateway. We have installed MailScanner gateways on sites that thought they needed an expensive Exchange hardware upgrade. The load was so greatly reduced; the old hardware is still running quietly with no strain. 2. You can run multiple free (or lower cost) Virus scanners on the MailScanner gateway. You'll still want a virus scanner on the Exchange server to internal mail for viruses but if you have an enterprise license for a virus scanner, you can probably also use that scanner on the gateway at no additional cost. 3. I like to keep Microsoft servers as far away from the Internet as possible. Having a gateway and configuring your Exchange server correctly will keep it a lot safer, more reliable and quieter. 4. Read Microsoft's white paper on how to stop spam :) The list is down so I can't find the link but it's quite amusing and quit sophomoric. Possibly some packrat can send you the link. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at pbco.ca Tue Nov 1 14:29:47 2005 From: jstork at pbco.ca (Johnny Stork) Date: Thu Jan 12 21:31:05 2006 Subject: Quarantine Not Working? Message-ID: It appears that my quarantine is no longer working after upgrading to 4.47? This may have started earlier but I had not tested or seen virus attachements for some time so I am not sure. Although my quarantine directory (/var/spool/MailScanner/quarantine), has a few folders from previous bad attachements, a recent test with an attached eicar.zip was caught by clamav/mailscanner, an email went out that it was cleaned and quarantined, but nothing new showed up in the quarantine directory? RHES 4 Mailscanner 4.47 Clamav 0.87 Spamassassin 3.01 _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 he website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 1 17:17:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: Risk.... Do a risk assessment of putting the MS-Exch system 'in the internet'. Look at the threats and LIKELIHOOD of the threat which will give you the business risk associated with doing this. That way you can make an informed choice, rather than get into a my dad is bigger that yours type argument. If you care to publish this after on the wiki (when it's back) that would be nice too. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of hermit921 > Sent: 01 November 2005 17:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] MailScanner on Exchange > > The idea is to get rid of the MailScanner systems as being a waste of > time, > money, hardware, etc. There will be a cluster of Exchange servers facing > the internet that do something, and then pass email to the back end where > users will interact. > > "All the functionality of MailScanner" will be replicated on either the > front end or back end - that isn't clear. Of course we will have to go > from free products to much more expensive commercial products, but that > doesn't seem to be relevant. > > My question is very specific. Do people have a comparison chart, or even > product list, of applications that run on an Exchange server to duplicate > MailScanner functionality? > > hermit921 > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of hermit921 > > > Sent: Tuesday, November 01, 2005 11:20 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: MailScanner on Exchange > > > > > > My company decided to move to Exchange for its main mail server "It's > a > > > Management decision". The two people hired to manage Exchange claim > there > > > are products that run on the Exchange server that do everything > > > MailScanner > > > (and associated programs) can do. I don't believe it. Could I be > wrong, > > > or even mostly wrong, about this? > > > > > > hermit921 > > > >This question should set off a flurry of responses :) An Exchange server > can > >work quite well if you have many $$$, plenty of good technical support > and > >lots of computer resources but they should always be protected from the > >Internet. I come from a paranoid investment banking environment and there > >they always protect the Exchange servers behind gateways! > > > >A few of my comments: > > > >1. Exchange servers tend to be relatively BUSY. Having a MailScanner > gateway > >in front of the Exchange server will GREATLY reduce the load on the > Exchange > >server because it will stop most of the Junk at the gateway. We have > >installed MailScanner gateways on sites that thought they needed an > >expensive Exchange hardware upgrade. The load was so greatly reduced; the > >old hardware is still running quietly with no strain. > > > >2. You can run multiple free (or lower cost) Virus scanners on the > >MailScanner gateway. You'll still want a virus scanner on the Exchange > >server to internal mail for viruses but if you have an enterprise license > >for a virus scanner, you can probably also use that scanner on the > gateway > >at no additional cost. > > > >3. I like to keep Microsoft servers as far away from the Internet as > >possible. Having a gateway and configuring your Exchange server correctly > >will keep it a lot safer, more reliable and quieter. > > > >4. Read Microsoft's white paper on how to stop spam :) The list is down > so I > >can't find the link but it's quite amusing and quit sophomoric. Possibly > >some packrat can send you the link. > > > >Stephen Swaney > >Fort Systems Ltd. > >stephen.swaney@fsl.com > >www.fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 1 09:01:11 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:05 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Postfix, just use the Transport map. As simple as creating the transport map with an entry like mydomain.com smtp:[exchangeip] Use [] to prevent it looked up in for every connection Mark Presling wrote: > > Jon Miller wrote: > >> Do it on a domain level, we do this all the time and it works very >> well, you'll have to set up a relay_domains for the mail for the >> client. >> The way we've set it up is to accept on postfix -> mailscanner (spam >> and virus with Sophos) -> postfix -> domains. >> >> > Doesn't Postfix just lookup the MX entries for the domain in > relay_domains and send it on to the higher priority MX than itself? Do > you have to run your own internal DNS that flips the MX entries? > > What I mean is, if you have your server set up as the MX on the Internet > DNS servers for somedomain.com (and not their own server), how do you > use relay_domains feature of Postfix to forward it on to their server > without DNS changes? > > I have had a MS box in front of an Exchange server inside a LAN by using > internal DNS, but haven't tried setting it up outside of the internal > network. > > I'm sorry this is getting away from the original question relating to > Exim, but it is a similar problem and I am going to need to do exactly > this in the coming weeks for a client. > > Cheers, > Mark > > >> Jon >> >> Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA >> Director/Sr Systems Consultant >> MMT Networks Pty Ltd >> http://www.mmtnetworks.com.au >> Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl >> >> "I don't know the key to success, but the key to failure >> is trying to please everybody." -Bill Cosby >> >> >> >> >> >>>>> chardlist@CHARD.NET 3:44:23 am 1/11/2005 >>> >>>>> >> >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on the >> same >> server. I have a client that would like to still utilize my MS >> services for >> spam and virus protection but instead of having POP accounts would now >> like >> all mail for their domain forwarded to their exchange server after MS has >> finished scanning it. Basically a scan and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 2 02:27:41 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:05 2006 Subject: Perl modules for SA 3.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found while testing SA: [19744] dbg: diag: module not installed: Archive::Tar ('require' failed) [19744] dbg: diag: module not installed: IO::Zlib ('require' failed) [19744] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [19744] dbg: diag: module not installed: Net::Ident ('require' failed) [19744] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [19744] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) Should I install those modules? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at pbco.ca Tue Nov 1 15:10:49 2005 From: jstork at pbco.ca (Johnny Stork) Date: Thu Jan 12 21:31:05 2006 Subject: Quarantine Not Working? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MTA is sendmail 8.13.1. I dont recall what those permission "should" be...I never changed anything after the upgrade though? Below is the current perms drwx------   7 root apache 4096 Sep 19 11:37 quarantine ----- Original Message ----- From: Drew Marshall Sent: Tue Nov 01 2005 06:55:10 GMT-0800 (Pacific Standard Time) To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Quarantine Not Working? On Tue, November 1, 2005 14:29, Johnny Stork wrote: > It appears that my quarantine is no longer working after upgrading to 4.47? This may have started earlier but I had not tested or seen virus attachements for some time so I am not sure. Although my quarantine directory (/var/spool/MailScanner/quarantine), has a few folders from previous bad attachements, a recent test with an attached eicar.zip was caught by clamav/mailscanner, an email went out that it was cleaned and quarantined, but nothing new showed up in the quarantine directory? Which MTA are you using? Do you have the permissions set correctly in the quarantine directory? Drew PS Please don't set your return address to only you. If you ask the list, the list might want to know the answer ;-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jules at ecs.soton.ac.uk Tue Nov 1 09:08:53 2005 From: jules at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner ANNOUNCE: Stable 4.47 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable edition of MailScanner, 4.47. The main changes this month are: * Automatic updating of phishing safe sites list. All changes you make to this file will be kept in the updates, which will happen nightly on Linux systems. Solaris and other admins will need to add a cron job for this * Improvements to various installation and init.d scripts to save you work and make the initial installation easier. * Fixed a few bugs including the "Highlight Phishing Fraud" problem and the "Max Attachments" problem. Download as usual from www.mailscanner.info. Please note this is not currently a redirect to another website, but is all hosted under www.mailscanner.info itself. This is due to extensive fire damage. The full Change Log is this: * New Features and Improvements * - Automatically updates your phishing.safe.sites.conf file with new additions (and any subsequent deletions) from a master file I keep on www.mailscanner.info. All your local changes and additions will be kept of course, it will just add any new sites listed in my master list. If you want to *not* list a site which is in my master list, just put a "REMOVE site.com" line in your phishing.safe.sites.conf and that will make it ignore any listing for site.com that appears in my master list. Updates are done once per day. - Quietened ClamAV log output when it scans 0-length files. - Improved ClamAV+SA install.sh to add the 3 missing plugins to init.pre. - Improved init.d scripts for RedHat and SuSE so they setup the queue dir ownerships automatically and generally help new users get started without them having to follow all the instructions to the letter. - Added news about fire at ECS and moved all hosting out of Southampton. * Fixes * - Corrected rare problem where an empty X-MailScanner-SpamCheck header could appear in a non-spam email. - Problem with empty or null filename.rules.conf or filetype.rules.conf fixed. - Problem with Max Attachments setting not be honoured fixed. - Problem with "Highlight Phishing Fraud" being ignored fixed. -- Jules (currently @mailscanner.info or @jules.fm) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at HOME.CARLO65.DE Tue Nov 1 08:45:15 2005 From: mailscanner at HOME.CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:31:05 2006 Subject: change location from /var/tmp Message-ID: Hi John, Am Montag, den 31.10.2005, 21:01 +0000 schrieb John K: > I have a relatively smal /var filesystem that periodically fills up with > Mailscanner and clam-av temp files and directories. Where can I change the > location of the files created in here? I usually work with symbolic links. Create a directory in a partition with more space and link /var/tmp to that directory. Regards, Roland ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Nov 1 18:12:17 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dennis Willson > Sent: Tuesday, November 01, 2005 12:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner on Exchange > > Well, unfortunetly, my experience tells me it's over for you. How do you > defend a bad decision when Management is willing to ignore both cost and > security? I have worked a lot with exchange and found that it should > NEVER directly receive from the Internet (send either for that matter). > It's something the company will pay for, over and over and over again. > However it's doubtful if they will ever see (because they don't want to) > the real cost of that decision. > > Dennis > > hermit921 wrote: > > > The idea is to get rid of the MailScanner systems as being a waste of > > time, money, hardware, etc. There will be a cluster of Exchange > > servers facing the internet that do something, and then pass email to > > the back end where users will interact. > > > > "All the functionality of MailScanner" will be replicated on either > > the front end or back end - that isn't clear. Of course we will have > > to go from free products to much more expensive commercial products, > > but that doesn't seem to be relevant. > > > > My question is very specific. Do people have a comparison chart, or > > even product list, of applications that run on an Exchange server to > > duplicate MailScanner functionality? > > > > hermit921 > > > > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > > >> > -----Original Message----- > >> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> > Behalf Of hermit921 > >> > Sent: Tuesday, November 01, 2005 11:20 AM > >> > To: MAILSCANNER@JISCMAIL.AC.UK > >> > Subject: MailScanner on Exchange > >> > > >> > My company decided to move to Exchange for its main mail server > >> "It's a > >> > Management decision". The two people hired to manage Exchange > >> claim there > >> > are products that run on the Exchange server that do everything > >> > MailScanner > >> > (and associated programs) can do. I don't believe it. Could I be > >> wrong, > >> > or even mostly wrong, about this? > >> > > >> > hermit921 > >> > >> This question should set off a flurry of responses :) An Exchange > >> server can > >> work quite well if you have many $$$, plenty of good technical > >> support and > >> lots of computer resources but they should always be protected from the > >> Internet. I come from a paranoid investment banking environment and > >> there > >> they always protect the Exchange servers behind gateways! > >> > >> A few of my comments: > >> > >> 1. Exchange servers tend to be relatively BUSY. Having a MailScanner > >> gateway > >> in front of the Exchange server will GREATLY reduce the load on the > >> Exchange > >> server because it will stop most of the Junk at the gateway. We have > >> installed MailScanner gateways on sites that thought they needed an > >> expensive Exchange hardware upgrade. The load was so greatly reduced; > >> the > >> old hardware is still running quietly with no strain. > >> > >> 2. You can run multiple free (or lower cost) Virus scanners on the > >> MailScanner gateway. You'll still want a virus scanner on the Exchange > >> server to internal mail for viruses but if you have an enterprise > >> license > >> for a virus scanner, you can probably also use that scanner on the > >> gateway > >> at no additional cost. > >> > >> 3. I like to keep Microsoft servers as far away from the Internet as > >> possible. Having a gateway and configuring your Exchange server > >> correctly > >> will keep it a lot safer, more reliable and quieter. > >> > >> 4. Read Microsoft's white paper on how to stop spam :) The list is > >> down so I > >> can't find the link but it's quite amusing and quit sophomoric. > Possibly > >> some packrat can send you the link. > >> > >> Stephen Swaney > >> Fort Systems Ltd. > >> stephen.swaney@fsl.com > >> www.fsl.com > > I can tell you from personal experience that no New York Investment bank (think names like Goldman Sachs, USB, Morgan Stanley, Chase, etc.) would ever think of connecting an Exchange server directly to the Internet. Their security officers would not allow it. While most New York Investment banks use Exchange servers, I'm fairly certain that most, if not all, are protected by non- Microsoft gateways. Google for: Microsoft Exchange security vulnerabilities. I'd list the results but there are a few too many: Results 1 - 10 of about 2,030,000 for Microsoft Exchange security vulnerabilities. (0.29 seconds) So if: Your "consultant" knows more about security than the big Investment banks. Your "consultant" wants to spend many $$$ on adding third party software to the MS server to try and stop spam and viruses. Your "consultant" wants to impose unnecessary load on your new Exchange servers You want to throw away a perfectly good MailScanner gateway that can be easily modified to compliment and protect your new Exchange servers. You can easily add such new free anti-spam features such as grey-listing, greet_pause, connection_rate_throttle (and many more) to your Exchange servers. Just tell the boss to bend over and proceed. I've seen this before where a clueless "consultant" just wants to sell and install the very profitable Microsoft and third party accessories plus the "consulting: fees to install and configure all these products. They help justify the excessive costs by saying that you can "save money by retiring the MailScanner gateway(s)". If they had a clue they would retain the MailScanner gateway(s). Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Nov 1 14:48:57 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:31:06 2006 Subject: Working with Exchange Message-ID: You can also do... destination.tld esmtp:nexthop.somedomain.tld:failovernexthop.somedomain.tld If the first host is unavailable it will use the second. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Philip Parsons Sent: Monday, October 31, 2005 7:49 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Working with Exchange Here is an example as per our config sendmail/exchange something.com smtp:[exchange.something.com] something.com smtp:[exchange.something.com] something.ca smtp:[exchange.something.com] The square brackets tell the system NOT to do a lookup everytime... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Milton Calnek Sent: Monday, October 31, 2005 4:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Working with Exchange -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use this with sendmail/exchange. But I've never found a good example of what the mailer table should look like. For instance: domain.lan: exchange-server.domain.lan Dennis Willson wrote: > Use the mailertable to send the email to the exchange server. You do > this on a domain level. I do this all the time and it works very well. > > Dennis > > chardlist wrote: > >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on >> the same server. I have a client that would like to still utilize my >> MS services for spam and virus protection but instead of having POP >> accounts would now like all mail for their domain forwarded to their >> exchange server after MS has finished scanning it. Basically a scan >> and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDZrk6Hgnbf2T2QqMRArbMAJ48y4KmreyorofMD7RBKqbUZVvJgwCgh1yC MAVumxEvojGv0FMfmEOLfoM= =eKHp -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Nov 1 17:15:43 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:31:06 2006 Subject: Spamassassin 3.1 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all! Since I migrated to spamassassin 3.1 I'm receiving the following message in a lint: [3921] dbg: pyzor: got response: Traceback (most recent call last):\n File "/usr/local/bin/pyzor", line 4, in ?\n pyzor.client.run()\n File "/usr/local/lib/python2.3/site-packages/pyzor/client.py", line 934, in run\n ExecCall().run()\n File "/usr/local/lib/python2.3/site-packages/pyzor/client.py", line 169, in run\n os.mkdir(homedir)\nOSError: [Errno 13] Permission denied: '/var/www/.pyzor' And pyzor seems to fail: [3921] warn: pyzor: check failed: internal error Should I create this directory "/var/www/.pyzor" ? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Nov 1 12:37:04 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:06 2006 Subject: Major fire Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > The main step at the moment is for us systems staff to get into the > building. Once we are in, we can start getting infrastructure services > back on-line. Once that is done the dept can start operating again. At > which point we have to house several hundred people in space we haven't > got. For several years while new buildings are built. > > That brings back memories. I was on a project that was fully staffed, problem was our new offices weren't ready so we had about 300 people in the space for 100. I shared an office with 2 others that was designed for one. One day we all leaned back and hit heads. One of those Stooges moments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Wed Nov 2 01:12:37 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:31:06 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How can I protect my MailScanner/sendmail server against DoS attacks? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 1 16:52:54 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hermit921 spake the following on 11/1/2005 8:20 AM: > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange claim > there are products that run on the Exchange server that do everything > MailScanner (and associated programs) can do. I don't believe it. > Could I be wrong, or even mostly wrong, about this? > > hermit921 > And the Microsoft solutions will grow hair, cure impotence, and they drive the women crazy with desire.... ;) I'm sure you could do most of it, but if that is their intent, maybe they have a lot of money they need to throw down a hole real quick! They could throw it at Julian and get a first rate system, and he would ( I'm sure) gladly accept it!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Tue Nov 1 00:44:37 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:31:06 2006 Subject: Working with Exchange Message-ID: The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 2 01:38:42 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:06 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: > How can I protect my MailScanner/sendmail server against DoS attacks? Well, that's at least a 300 page book.. Is there some specific aspect of DoS protection you're interested in? I'll take it from the sendmail perspective, and keep it brief. In general, you'll never get to 100% DoS proof on a mailserver, short of unplugging it. But, you can make yourself a lot more resistant to DoS attacks. First things to do are to enforce some basic limits in your sendmail.mc. Here's a quick sample of some important settings to consider. Although you might want different settings than these, it's a quick reference of some things to consider. #suggested options for privacy reasons: define(`confPRIVACY_FLAGS',`needmailhelo,authwarnings,novrfy,noexpn,restrictqrun') #put up a banner stating that UCE is prohibited define(`confSMTP_LOGIN_MSG', `$j Unsolicited Commercial Email prohibited') #Some minor DoS protection: #limit the number of sendmail children define(`confMAX_DAEMON_CHILDREN', 50) #no more than 500 connections per second. define(`confCONNECTION_RATE_THROTTLE',500) #limit messages to 1gig max. This is pretty huge. define(`confMAX_MESSAGE_SIZE', 1000000000) #don't accept mail if less than 1mb of space in queue partition define(`confMIN_FREE_BLOCKS', 1000) #Limit email messages to at most 32kb of headers define(`confMAX_HEADERS_LENGTH', 32768) #at most 150 recepients per message define(`confMAX_RCPTS_PER_MESSAGE', 150) #after 15 invalid recpipients, start slowing them down with #1 second sleeps (dictionary attack control) define(`confBAD_RCPT_THROTTLE',15) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 1 16:29:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: That's why even the hosted Exchange services run third party virus/spam scanners then. 'cos the built in support is soooooo good ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of hermit921 > Sent: 01 November 2005 16:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] MailScanner on Exchange > > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange claim there > are products that run on the Exchange server that do everything > MailScanner > (and associated programs) can do. I don't believe it. Could I be wrong, > or even mostly wrong, about this? > > hermit921 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at yahoo.com Tue Nov 1 17:08:17 2005 From: hermit921 at yahoo.com (hermit921) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: The idea is to get rid of the MailScanner systems as being a waste of time, money, hardware, etc. There will be a cluster of Exchange servers facing the internet that do something, and then pass email to the back end where users will interact. "All the functionality of MailScanner" will be replicated on either the front end or back end - that isn't clear. Of course we will have to go from free products to much more expensive commercial products, but that doesn't seem to be relevant. My question is very specific. Do people have a comparison chart, or even product list, of applications that run on an Exchange server to duplicate MailScanner functionality? hermit921 At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of hermit921 > > Sent: Tuesday, November 01, 2005 11:20 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: MailScanner on Exchange > > > > My company decided to move to Exchange for its main mail server "It's a > > Management decision". The two people hired to manage Exchange claim there > > are products that run on the Exchange server that do everything > > MailScanner > > (and associated programs) can do. I don't believe it. Could I be wrong, > > or even mostly wrong, about this? > > > > hermit921 > >This question should set off a flurry of responses :) An Exchange server can >work quite well if you have many $$$, plenty of good technical support and >lots of computer resources but they should always be protected from the >Internet. I come from a paranoid investment banking environment and there >they always protect the Exchange servers behind gateways! > >A few of my comments: > >1. Exchange servers tend to be relatively BUSY. Having a MailScanner gateway >in front of the Exchange server will GREATLY reduce the load on the Exchange >server because it will stop most of the Junk at the gateway. We have >installed MailScanner gateways on sites that thought they needed an >expensive Exchange hardware upgrade. The load was so greatly reduced; the >old hardware is still running quietly with no strain. > >2. You can run multiple free (or lower cost) Virus scanners on the >MailScanner gateway. You'll still want a virus scanner on the Exchange >server to internal mail for viruses but if you have an enterprise license >for a virus scanner, you can probably also use that scanner on the gateway >at no additional cost. > >3. I like to keep Microsoft servers as far away from the Internet as >possible. Having a gateway and configuring your Exchange server correctly >will keep it a lot safer, more reliable and quieter. > >4. Read Microsoft's white paper on how to stop spam :) The list is down so I >can't find the link but it's quite amusing and quit sophomoric. Possibly >some packrat can send you the link. > >Stephen Swaney >Fort Systems Ltd. >stephen.swaney@fsl.com >www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Nov 1 09:39:51 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:06 2006 Subject: Congratulations Message-ID: Congratulations to Julian for managing to get a stable release out under the current conditions. Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 1 17:01:19 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of hermit921 > Sent: Tuesday, November 01, 2005 11:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner on Exchange > > > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange > claim there > are products that run on the Exchange server that do everything > MailScanner > (and associated programs) can do. I don't believe it. Could I be wrong, > or even mostly wrong, about this? > There are, one that comes to mind is GFI (http://www.gfi.com/mailsecurity/msecfeatures.htm). But there are caveats when it comes to pricing, support costs, etc. And, not trying to sound like a Microsoft-phoebe, I think MS products should never be placed on the outside of a network. If I were told we had to install exchange servers tomorrow because the powers that be wanted to use some of the outlook/exchange only features I would be happy to do so... behind an Exim/MailScanner *nix box. Exchange for intranet communications is fine, if you want to invest the $$, but Exchange should not be allowed to interact directly with the world, IMHO. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Tue Nov 1 00:39:22 2005 From: mcalnek at PCPLACE.CA (Milton Calnek) Date: Thu Jan 12 21:31:06 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use this with sendmail/exchange. But I've never found a good example of what the mailer table should look like. For instance: domain.lan: exchange-server.domain.lan Dennis Willson wrote: > Use the mailertable to send the email to the exchange server. You do > this on a domain level. I do this all the time and it works very well. > > Dennis > > chardlist wrote: > >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on the >> same >> server. I have a client that would like to still utilize my MS >> services for >> spam and virus protection but instead of having POP accounts would now >> like >> all mail for their domain forwarded to their exchange server after MS has >> finished scanning it. Basically a scan and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDZrk6Hgnbf2T2QqMRArbMAJ48y4KmreyorofMD7RBKqbUZVvJgwCgh1yC MAVumxEvojGv0FMfmEOLfoM= =eKHp -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Tue Nov 1 20:51:24 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:31:06 2006 Subject: list of quarantined notification to recipient Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I keep most of the emails from Mailscanner in an inbox folder, and have searched there and also on the archive list, but I apparently can't seem to come up with the proper search terms, so here goes - My boss thinks it would be a good idea to notify recipients here of all mail for that individual that has been quarantined for the day in a single mailing to the recipient. I recall at least one, maybe more, scripts that were submitted to the list that would do this. I just can't remember whether it was this list or the mailwatch list, but I can't find it in either. Does anyone recall anything like this that may have been posted? Notification after each quarantine is probably not an option, so this would have to be done as a daily cron job. Thanks for any help. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From djlucas at ORCSD.ORG Tue Nov 1 20:28:19 2005 From: djlucas at ORCSD.ORG (David Lucas) Date: Thu Jan 12 21:31:06 2006 Subject: Installation of MailScanner Message-ID: Hello, I have installed MailScanner 4.46.2 on a Fedora Core 4 box. I'm constantly getting Mail Delivery Errors from mail servers on the web. An example would be: The following recipient(s) could not be reached: qodiishla@yahoo.com on 11/1/2005 2:58 PM The format of the e-mail address is incorrect. Check the address, look up the recipient in the Address Book, or contact the recipient directly to find out the correct address. < durham.orcsd.org #5.1.3 SMTP; 553 VS10-RT Possible forgery or deactivated due to abuse (#5.1.1) 132.177.176.33> Or: The following recipient(s) could not be reached: wpascual@unfauxgettable.net on 11/1/2005 2:56 PM The message could not be delivered because the recipient's destination email system is unknown or invalid. Please check the address and try again, or contact your system administrator to verify connectivity to the email system of the recipient. < durham.orcsd.org #5.1.2> If I stop MailScanner I don't get these errors. But once I start it I'm getting about 6 an hour. Does anyone have an idea why?? ************************** David J. Lucas, CCNA Oyster River Cooperative School District Phone: (603) 868-5100 ext. 41 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at yahoo.com Tue Nov 1 16:20:01 2005 From: hermit921 at yahoo.com (hermit921) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: My company decided to move to Exchange for its main mail server "It's a Management decision". The two people hired to manage Exchange claim there are products that run on the Exchange server that do everything MailScanner (and associated programs) can do. I don't believe it. Could I be wrong, or even mostly wrong, about this? hermit921 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 20:47:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:06 2006 Subject: Installation of MailScanner Message-ID: On 1 Nov 2005, at 20:28, David Lucas wrote: > Hello, > > I have installed MailScanner 4.46.2 on a Fedora Core 4 box. I'm > constantly > getting Mail Delivery Errors from mail servers on the web. An > example would > be: > > The following recipient(s) could not be reached: > > qodiishla@yahoo.com on 11/1/2005 2:58 PM > The format of the e-mail address is incorrect. Check the > address, look up the recipient in the Address Book, or contact the > recipient > directly to find out the correct address. > < durham.orcsd.org #5.1.3 SMTP; 553 VS10-RT Possible > forgery or > deactivated due to abuse (#5.1.1) 132.177.176.33> > > Or: > > The following recipient(s) could not be reached: > > wpascual@unfauxgettable.net on 11/1/2005 2:56 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the > address and > try again, or contact your system administrator to verify > connectivity to the > email system of the recipient. > < durham.orcsd.org #5.1.2> > > If I stop MailScanner I don't get these errors. But once I start > it I'm > getting about 6 an hour. Does anyone have an idea why?? You are not bouncing spam (or indeed virus warning notifications) by chance are you? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david at GNSA.US Tue Nov 1 16:39:21 2005 From: david at GNSA.US (David Nalley) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hermit921 wrote: > My company decided to move to Exchange for its main mail server "It's > a Management decision". The two people hired to manage Exchange claim > there are products that run on the Exchange server that do everything > MailScanner (and associated programs) can do. I don't believe it. > Could I be wrong, or even mostly wrong, about this? > > hermit921 Are there other products that scan for spam, viruses and other undesirable content, sure. Symantec, Kapersky, BitDefender, RAV. and CA are just a few of the solutions out there. There are a number of big advantages: 1)Multiple virus scanners - providing defense in depths as deep as you are willing to specify 2.) Heterogenous environment. - Security wise it requires a different set of knowledge to compromise an Exchange box as opposed to a Linux box running mailscanner. Those are the ones that immediately come to mind. I suppose that licensing costs could also be a factor, but really for any organization large enough to need two Exchange admins, my guess is cost isn't that big of a factor. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at HBCS.ORG Tue Nov 1 15:48:10 2005 From: lists at HBCS.ORG (Dave Coults) Date: Thu Jan 12 21:31:06 2006 Subject: Major fire Message-ID: Julian, If you need some of the old versions I have a number of them( being the packrat that I am ;-) ) Dave Coults HBCS Postmaster/Network Admin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 09:31:19 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:07 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 02:08, Mark Presling wrote: > > Jon Miller wrote: > >>Do it on a domain level, we do this all the time and it works very well, >> you'll have to set up a relay_domains for the mail for the client. >>The way we've set it up is to accept on postfix -> mailscanner (spam and >> virus with Sophos) -> postfix -> domains. >> >> > Doesn't Postfix just lookup the MX entries for the domain in > relay_domains and send it on to the higher priority MX than itself? Do > you have to run your own internal DNS that flips the MX entries? > > What I mean is, if you have your server set up as the MX on the Internet > DNS servers for somedomain.com (and not their own server), how do you > use relay_domains feature of Postfix to forward it on to their server > without DNS changes? It can be done using internal and external zones but that does make life far more complex than it needs to be. From the Postfix point of view, just make an entry in the transport file like: domain.tld smtp:exchange.domain.tld #This assumes you make an 'A' record for exchange.domain.tld otherwise do domain.tld smtp:exch.ip.add.ress and postmap the transport file. There is quite a lot of Postfix stuff in the wiki (As and when Jules is able to de-smoke it and make it available again). AFAIK Exim is fairly similar although it is routers that you configure (I don't know much about Exim so don't take my word for it ;-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 09:33:45 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:07 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 09:31, Drew Marshall wrote: > On Tue, November 1, 2005 02:08, Mark Presling wrote: >> >> Jon Miller wrote: >> >>>Do it on a domain level, we do this all the time and it works very well, >>> you'll have to set up a relay_domains for the mail for the client. >>>The way we've set it up is to accept on postfix -> mailscanner (spam and >>> virus with Sophos) -> postfix -> domains. >>> >>> >> Doesn't Postfix just lookup the MX entries for the domain in >> relay_domains and send it on to the higher priority MX than itself? Do >> you have to run your own internal DNS that flips the MX entries? >> >> What I mean is, if you have your server set up as the MX on the Internet >> DNS servers for somedomain.com (and not their own server), how do you >> use relay_domains feature of Postfix to forward it on to their server >> without DNS changes? > > It can be done using internal and external zones but that does make life > far more complex than it needs to be. From the Postfix point of view, just > make an entry in the transport file like: > > domain.tld smtp:exchange.domain.tld #This assumes you make an 'A' record > for exchange.domain.tld otherwise do > domain.tld smtp:exch.ip.add.ress Bah, that ^^^^^^^^^^^^^^^^^^^^^^^^^^^ should read: domain.tld smtp:[exch.ip.add.ress] /Note to self: Read before Send... > > and postmap the transport file. There is quite a lot of Postfix stuff in > the wiki (As and when Jules is able to de-smoke it and make it available > again). > > AFAIK Exim is fairly similar although it is routers that you configure (I > don't know much about Exim so don't take my word for it ;-) ) > > Drew > > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Tue Nov 1 17:12:33 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:31:07 2006 Subject: MailScanner on Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, unfortunetly, my experience tells me it's over for you. How do you defend a bad decision when Management is willing to ignore both cost and security? I have worked a lot with exchange and found that it should NEVER directly receive from the Internet (send either for that matter). It's something the company will pay for, over and over and over again. However it's doubtful if they will ever see (because they don't want to) the real cost of that decision. Dennis hermit921 wrote: > The idea is to get rid of the MailScanner systems as being a waste of > time, money, hardware, etc. There will be a cluster of Exchange > servers facing the internet that do something, and then pass email to > the back end where users will interact. > > "All the functionality of MailScanner" will be replicated on either > the front end or back end - that isn't clear. Of course we will have > to go from free products to much more expensive commercial products, > but that doesn't seem to be relevant. > > My question is very specific. Do people have a comparison chart, or > even product list, of applications that run on an Exchange server to > duplicate MailScanner functionality? > > hermit921 > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > >> > -----Original Message----- >> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> > Behalf Of hermit921 >> > Sent: Tuesday, November 01, 2005 11:20 AM >> > To: MAILSCANNER@JISCMAIL.AC.UK >> > Subject: MailScanner on Exchange >> > >> > My company decided to move to Exchange for its main mail server >> "It's a >> > Management decision". The two people hired to manage Exchange >> claim there >> > are products that run on the Exchange server that do everything >> > MailScanner >> > (and associated programs) can do. I don't believe it. Could I be >> wrong, >> > or even mostly wrong, about this? >> > >> > hermit921 >> >> This question should set off a flurry of responses :) An Exchange >> server can >> work quite well if you have many $$$, plenty of good technical >> support and >> lots of computer resources but they should always be protected from the >> Internet. I come from a paranoid investment banking environment and >> there >> they always protect the Exchange servers behind gateways! >> >> A few of my comments: >> >> 1. Exchange servers tend to be relatively BUSY. Having a MailScanner >> gateway >> in front of the Exchange server will GREATLY reduce the load on the >> Exchange >> server because it will stop most of the Junk at the gateway. We have >> installed MailScanner gateways on sites that thought they needed an >> expensive Exchange hardware upgrade. The load was so greatly reduced; >> the >> old hardware is still running quietly with no strain. >> >> 2. You can run multiple free (or lower cost) Virus scanners on the >> MailScanner gateway. You'll still want a virus scanner on the Exchange >> server to internal mail for viruses but if you have an enterprise >> license >> for a virus scanner, you can probably also use that scanner on the >> gateway >> at no additional cost. >> >> 3. I like to keep Microsoft servers as far away from the Internet as >> possible. Having a gateway and configuring your Exchange server >> correctly >> will keep it a lot safer, more reliable and quieter. >> >> 4. Read Microsoft's white paper on how to stop spam :) The list is >> down so I >> can't find the link but it's quite amusing and quit sophomoric. Possibly >> some packrat can send you the link. >> >> Stephen Swaney >> Fort Systems Ltd. >> stephen.swaney@fsl.com >> www.fsl.com > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Nov 1 00:48:59 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:31:07 2006 Subject: Working with Exchange Message-ID: Here is an example as per our config sendmail/exchange something.com smtp:[exchange.something.com] something.com smtp:[exchange.something.com] something.ca smtp:[exchange.something.com] The square brackets tell the system NOT to do a lookup everytime... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Milton Calnek Sent: Monday, October 31, 2005 4:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Working with Exchange -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use this with sendmail/exchange. But I've never found a good example of what the mailer table should look like. For instance: domain.lan: exchange-server.domain.lan Dennis Willson wrote: > Use the mailertable to send the email to the exchange server. You do > this on a domain level. I do this all the time and it works very well. > > Dennis > > chardlist wrote: > >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on >> the same server. I have a client that would like to still utilize my >> MS services for spam and virus protection but instead of having POP >> accounts would now like all mail for their domain forwarded to their >> exchange server after MS has finished scanning it. Basically a scan >> and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDZrk6Hgnbf2T2QqMRArbMAJ48y4KmreyorofMD7RBKqbUZVvJgwCgh1yC MAVumxEvojGv0FMfmEOLfoM= =eKHp -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 19:01:40 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Am I missing something, or can I change the Subject on the warnings for blocked content. As it is now, if blocked content comes in, they are sent back a message with Warning: E-mail viruses detected I would rather have something stating that it had blocked content,such as "Warning: blocked content detected" as most users have learned to ignore virus bounce messages as false or virus propagation attempts. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Nov 3 19:27:11 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: Hi Scott, On Thu, 2005-11-03 at 11:01 -0800, Scott Silva wrote: > Am I missing something, or can I change the Subject on the warnings for > blocked content. > As it is now, if blocked content comes in, they are sent back a message > with Warning: E-mail viruses detected > > I would rather have something stating that it had blocked content,such > as "Warning: blocked content detected" as most users have learned to > ignore virus bounce messages as false or virus propagation attempts. > Have a look in /etc/MailScanner/reports/en/languages.conf for NoticeHeading and NoticeSubject. I think that's what you're after. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Thu Nov 3 21:16:29 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Geeze, not sure why but i seem to be getting lots of viagra and other medical spams lately... And that darn wrist watch spam too.... I am running MS 4.41and SA 3.04 and i update rules everyday... unless i am missing a certain rules set.... Any suggestions? These spams are coming through either marked clean or a score of 1 "s" Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 21:20:44 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Geeze, not sure why but i seem to be getting lots of viagra and other > medical spams lately... > > And that darn wrist watch spam too.... > > I am running MS 4.41and SA 3.04 and i update rules everyday... unless i > am missing a certain rules set.... > > Any suggestions? These spams are coming through either marked clean or > a score of 1 "s" Got an X-MailScanner-SpamCheck header you can quote? a score alone doesn't really say much about the problem. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joe at NAOS.STERLING.NET Thu Nov 3 21:52:13 2005 From: joe at NAOS.STERLING.NET (Joe Young) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: Scott, Thank you for your reply. I had Steve Swaney from FSL set up the filter servers with RulesDuJour. Steve said that BAYES should learn from Spamassassin. However, BAYES has now learned that some of the spam emails are ham mails. I will review my spamassassin scores. Thanks. By the way. My Spamassassin is at version 3.0.4. In the next couple of weeks, I will be upgrading to 3.1. Thank you, Joe Young -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva Sent: Thursday, November 03, 2005 10:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Joe Young spake the following on 11/3/2005 8:09 AM: > > Help, > > I am running on CentOS release 4.0 (Final) with Perl version > 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has > been scoring lower than normal for the last couple of weeks. Most of > the untagged spam has been the geocities link spam and the emails that > contain mostly images. Almost all of the spam emails are scored with > BAYES_00 -2.60. What are some possible steps to change the bayes score without feeding it spam? > > Thank you, > > Joe Young > In your spam.assassin.prefs.conf file you can change the score to closer to zero, otherwise it will keep poisoning the bayes cache. You could try score BAYES_00 -1.00, or add some more rules to help bump the scores up. The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an excellent addition to an excellent product. There are also some rules floating around the list archives for the geocities url junk. Do the e-mails with mostly images score as such? You could bump the scores on those. It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. The scores on the latter are fairly low. Look at http://spamassassin.apache.org/tests_3_1_x.html for the default scores in 3.1.0 If you haven't moved up yet, you might just want to find some time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joe at NAOS.STERLING.NET Thu Nov 3 21:52:13 2005 From: joe at NAOS.STERLING.NET (Joe Young) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: Scott, Thank you for your reply. I had Steve Swaney from FSL set up the filter servers with RulesDuJour. Steve said that BAYES should learn from Spamassassin. However, BAYES has now learned that some of the spam emails are ham mails. I will review my spamassassin scores. Thanks. By the way. My Spamassassin is at version 3.0.4. In the next couple of weeks, I will be upgrading to 3.1. Thank you, Joe Young -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva Sent: Thursday, November 03, 2005 10:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Joe Young spake the following on 11/3/2005 8:09 AM: > > Help, > > I am running on CentOS release 4.0 (Final) with Perl version > 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has > been scoring lower than normal for the last couple of weeks. Most of > the untagged spam has been the geocities link spam and the emails that > contain mostly images. Almost all of the spam emails are scored with > BAYES_00 -2.60. What are some possible steps to change the bayes score without feeding it spam? > > Thank you, > > Joe Young > In your spam.assassin.prefs.conf file you can change the score to closer to zero, otherwise it will keep poisoning the bayes cache. You could try score BAYES_00 -1.00, or add some more rules to help bump the scores up. The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an excellent addition to an excellent product. There are also some rules floating around the list archives for the geocities url junk. Do the e-mails with mostly images score as such? You could bump the scores on those. It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. The scores on the latter are fairly low. Look at http://spamassassin.apache.org/tests_3_1_x.html for the default scores in 3.1.0 If you haven't moved up yet, you might just want to find some time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:05:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I made the change you suggested of adding Always Include SpamAssassin > Report = yes in the conf file.... > Somehow i do remember it use to be in the headers... :) > > As for the other stuff of DNS and URIBLs , well i use the default set up > that comes with mailscanner and i have added the below rules via > rules_du_jour my config file from /etc/rulesdujour/ > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG > SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS MRWIGGLY SARE_HEADER_ABUSE SARE_RATWARE RANDOMVAL > SARE_GENLSUBJ"; > > > > i once tried the URL blacklist once but it was a big load on the server... > > Any suggestions? Unfortunately there's not a lot of static rulesets that do much for that message. The only one that helps much is SARE's specific rulset and you've already got that... The bulk of the points I got were from RBLs, URIBLs and hashes. If you're using bayes you might be able to train it to cover them.. Other than that, you might selectively experiment with network tests one at at time, but if load is an issue, you're forced to make the accuracy vs CPU load trade off of disabling network checks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:05:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I made the change you suggested of adding Always Include SpamAssassin > Report = yes in the conf file.... > Somehow i do remember it use to be in the headers... :) > > As for the other stuff of DNS and URIBLs , well i use the default set up > that comes with mailscanner and i have added the below rules via > rules_du_jour my config file from /etc/rulesdujour/ > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG > SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS MRWIGGLY SARE_HEADER_ABUSE SARE_RATWARE RANDOMVAL > SARE_GENLSUBJ"; > > > > i once tried the URL blacklist once but it was a big load on the server... > > Any suggestions? Unfortunately there's not a lot of static rulesets that do much for that message. The only one that helps much is SARE's specific rulset and you've already got that... The bulk of the points I got were from RBLs, URIBLs and hashes. If you're using bayes you might be able to train it to cover them.. Other than that, you might selectively experiment with network tests one at at time, but if load is an issue, you're forced to make the accuracy vs CPU load trade off of disabling network checks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:17:33 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: {SPAM} Re: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i once tried the URL blacklist once but it was a big load on the server... One other thing I thought about.. If you can't enable RBL checks you should consider getting the Spamcop top 200 list from SARE and updating it with RDJ. http://www.rulesemporium.com/rules/70_sc_top200.cf For sites running RBLs, this is a subset of RCVD_IN_BL_SPAMCOP_NET, but if you can't run RBLs this at least gets you the top 200 offenders. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:17:33 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: {SPAM} Re: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i once tried the URL blacklist once but it was a big load on the server... One other thing I thought about.. If you can't enable RBL checks you should consider getting the Spamcop top 200 list from SARE and updating it with RDJ. http://www.rulesemporium.com/rules/70_sc_top200.cf For sites running RBLs, this is a subset of RCVD_IN_BL_SPAMCOP_NET, but if you can't run RBLs this at least gets you the top 200 offenders. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Thu Nov 3 23:00:37 2005 From: w.reimink at GMAIL.COM (w.reimink@gmail.com) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I'am quite new to mailscanner (and mailing lists.) I've installed mailscanner and I am testing it right now. so far so good. However I have a question. Our mailserver is responsible for several companies and for all those companies have the same rules (attachments, spam checking and so on) The only thing that is different for all our companies are the values of : %org-name%, %org-long-name%, and %web-site% For example : we want to sign outgoing messages with inline.sig.html (or .txt) So a message sent from company X would be signed by company X So is it possible to set the vallue of these variables by a rule set ? (if not this would be a feature request) It would be much easier to sing messages with the right company, and i wouldn't have to maintain a lot rulesets and different reports. Now I will have to set up rulesets and reports for all the companies just to get a different %web-site% in the signature (or virus warnings). Or is there another way ? With kind regards, Wijnand Reimink ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Thu Nov 3 23:00:37 2005 From: w.reimink at GMAIL.COM (w.reimink@gmail.com) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I'am quite new to mailscanner (and mailing lists.) I've installed mailscanner and I am testing it right now. so far so good. However I have a question. Our mailserver is responsible for several companies and for all those companies have the same rules (attachments, spam checking and so on) The only thing that is different for all our companies are the values of : %org-name%, %org-long-name%, and %web-site% For example : we want to sign outgoing messages with inline.sig.html (or .txt) So a message sent from company X would be signed by company X So is it possible to set the vallue of these variables by a rule set ? (if not this would be a feature request) It would be much easier to sing messages with the right company, and i wouldn't have to maintain a lot rulesets and different reports. Now I will have to set up rulesets and reports for all the companies just to get a different %web-site% in the signature (or virus warnings). Or is there another way ? With kind regards, Wijnand Reimink ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:27:09 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Young spake the following on 11/3/2005 1:52 PM: > Scott, > > Thank you for your reply. I had Steve Swaney from FSL set up the > filter servers with RulesDuJour. Steve said that BAYES should learn from > Spamassassin. However, BAYES has now learned that some of the spam emails > are ham mails. I will review my spamassassin scores. Thanks. By the way. My > Spamassassin is at version 3.0.4. In the next couple of weeks, I will be > upgrading to 3.1. > > Thank you, > > Joe Young > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Scott Silva > Sent: Thursday, November 03, 2005 10:24 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple > of weeks. > > Joe Young spake the following on 11/3/2005 8:09 AM: > >> >>Help, >> >> I am running on CentOS release 4.0 (Final) with Perl version >>5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has >>been scoring lower than normal for the last couple of weeks. Most of >>the untagged spam has been the geocities link spam and the emails that >>contain mostly images. Almost all of the spam emails are scored with >>BAYES_00 -2.60. What are some possible steps to change the bayes score > > without feeding it spam? > >>Thank you, >> >>Joe Young >> > > In your spam.assassin.prefs.conf file you can change the score to closer to > zero, otherwise it will keep poisoning the bayes cache. > > You could try score BAYES_00 -1.00, or add some more rules to help bump the > scores up. > The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an > excellent addition to an excellent product. > There are also some rules floating around the list archives for the > geocities url junk. > > Do the e-mails with mostly images score as such? > You could bump the scores on those. > It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. > The scores on the latter are fairly low. > Look at http://spamassassin.apache.org/tests_3_1_x.html > for the default scores in 3.1.0 > If you haven't moved up yet, you might just want to find some time. > > > Are you using Mailwatch? It makes it easy to get bayes to forget some mails. I archive everything for 2 weeks, and that way I can reverse any weird auto learned stuff. Here is something I added to my spam.assassin.prefs.conf file for the Geocities spam. uri PROLO_GEO_CHECK1 /^http:\/\/.*\.geocities\.com\// describe PROLO_GEO_CHECK1 PROLO_GEO_CHECK1, Body score PROLO_GEO_CHECK1 5.0 Got it from the list, and modified it to hit all geocities, and not just uk and italy. Change the score to suit your situation. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:27:09 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Young spake the following on 11/3/2005 1:52 PM: > Scott, > > Thank you for your reply. I had Steve Swaney from FSL set up the > filter servers with RulesDuJour. Steve said that BAYES should learn from > Spamassassin. However, BAYES has now learned that some of the spam emails > are ham mails. I will review my spamassassin scores. Thanks. By the way. My > Spamassassin is at version 3.0.4. In the next couple of weeks, I will be > upgrading to 3.1. > > Thank you, > > Joe Young > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Scott Silva > Sent: Thursday, November 03, 2005 10:24 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple > of weeks. > > Joe Young spake the following on 11/3/2005 8:09 AM: > >> >>Help, >> >> I am running on CentOS release 4.0 (Final) with Perl version >>5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has >>been scoring lower than normal for the last couple of weeks. Most of >>the untagged spam has been the geocities link spam and the emails that >>contain mostly images. Almost all of the spam emails are scored with >>BAYES_00 -2.60. What are some possible steps to change the bayes score > > without feeding it spam? > >>Thank you, >> >>Joe Young >> > > In your spam.assassin.prefs.conf file you can change the score to closer to > zero, otherwise it will keep poisoning the bayes cache. > > You could try score BAYES_00 -1.00, or add some more rules to help bump the > scores up. > The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an > excellent addition to an excellent product. > There are also some rules floating around the list archives for the > geocities url junk. > > Do the e-mails with mostly images score as such? > You could bump the scores on those. > It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. > The scores on the latter are fairly low. > Look at http://spamassassin.apache.org/tests_3_1_x.html > for the default scores in 3.1.0 > If you haven't moved up yet, you might just want to find some time. > > > Are you using Mailwatch? It makes it easy to get bayes to forget some mails. I archive everything for 2 weeks, and that way I can reverse any weird auto learned stuff. Here is something I added to my spam.assassin.prefs.conf file for the Geocities spam. uri PROLO_GEO_CHECK1 /^http:\/\/.*\.geocities\.com\// describe PROLO_GEO_CHECK1 PROLO_GEO_CHECK1, Body score PROLO_GEO_CHECK1 5.0 Got it from the list, and modified it to hit all geocities, and not just uk and italy. Change the score to suit your situation. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:59:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Freegard spake the following on 11/3/2005 11:27 AM: > Hi Scott, > > On Thu, 2005-11-03 at 11:01 -0800, Scott Silva wrote: > >>Am I missing something, or can I change the Subject on the warnings for >>blocked content. >>As it is now, if blocked content comes in, they are sent back a message >>with Warning: E-mail viruses detected >> >>I would rather have something stating that it had blocked content,such >>as "Warning: blocked content detected" as most users have learned to >>ignore virus bounce messages as false or virus propagation attempts. >> > > > Have a look in /etc/MailScanner/reports/en/languages.conf for > NoticeHeading and NoticeSubject. > > I think that's what you're after. > > Cheers, > Steve. > Thanks Steve!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:59:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Freegard spake the following on 11/3/2005 11:27 AM: > Hi Scott, > > On Thu, 2005-11-03 at 11:01 -0800, Scott Silva wrote: > >>Am I missing something, or can I change the Subject on the warnings for >>blocked content. >>As it is now, if blocked content comes in, they are sent back a message >>with Warning: E-mail viruses detected >> >>I would rather have something stating that it had blocked content,such >>as "Warning: blocked content detected" as most users have learned to >>ignore virus bounce messages as false or virus propagation attempts. >> > > > Have a look in /etc/MailScanner/reports/en/languages.conf for > NoticeHeading and NoticeSubject. > > I think that's what you're after. > > Cheers, > Steve. > Thanks Steve!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Fri Nov 4 00:36:58 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:07 2006 Subject: Revisit: Spam with negative score Message-ID: Hello, Again I'm having issues with emails being marked as spam even though they end up having a negative score (sometimes as much as -10). Last time it was because emails were being found on spam lists and that is under control. This time the emails are not being found on any lists and on top of that the email address is whitelisted. The only thing I see in the logs that MailScanner might be flagging the email for is the following: Nov 3 13:58:42 localhost MailScanner[20826]: Message jA3LwZp6025097 from 66.94.237.36 (sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo. com) is whitelisted Nov 3 13:58:52 localhost MailScanner[20826]: tag found in message jA3LwZp6025097 from sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo.c om I searched the archives and Google and looked through MailScanner.conf but didn't find anything that made it apparent how I can solve this. Thanks! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Fri Nov 4 00:36:58 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:07 2006 Subject: Revisit: Spam with negative score Message-ID: Hello, Again I'm having issues with emails being marked as spam even though they end up having a negative score (sometimes as much as -10). Last time it was because emails were being found on spam lists and that is under control. This time the emails are not being found on any lists and on top of that the email address is whitelisted. The only thing I see in the logs that MailScanner might be flagging the email for is the following: Nov 3 13:58:42 localhost MailScanner[20826]: Message jA3LwZp6025097 from 66.94.237.36 (sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo. com) is whitelisted Nov 3 13:58:52 localhost MailScanner[20826]: tag found in message jA3LwZp6025097 from sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo.c om I searched the archives and Google and looked through MailScanner.conf but didn't find anything that made it apparent how I can solve this. Thanks! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 08:57:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Hi Only way I think of right now (caffeine levels still rising) is to have different instances of MailScanner watching separate inbound queues for the different domains. If you use a single instance of MS, and email to domain1 AND domain2, how would it handle this? In regards to 'from' the %org-name% parts are merely indications that mail has been scanned and shouldn't be relied on to be 'trusted' that it has indeed come from that firm. The reason the org-name is in the headers is that people started to trust the headers and let alleged MS scanned email straight through without virus scanning etc. So some clever virus writer noticed this and produced a virus that had the X-MailScanner headers in the email it sent in order to circumvent peoples security. This meant the more unique org-name was added to the headers in order to try and make the headers a little more unique and circumvent this issue. So I wouldn't really take much issue myself with the outbound email, people use all sorts or services for email lists and a great many are third party, where you have no control of people to do SPF or anything like that to verify the sender if who they say they are.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of w.reimink@gmail.com > Sent: 03 November 2005 23:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Value of the variables %org-name% %org-long-name% > %web-site% set by a ruleset > > Hi > > I'am quite new to mailscanner (and mailing lists.) > I've installed mailscanner and I am testing it right now. so far so good. > > However I have a question. > > Our mailserver is responsible for several companies and for all those > companies have the same rules (attachments, spam checking and so on) > > The only thing that is different for all our companies are the values of : > %org-name%, %org-long-name%, and %web-site% > For example : we want to sign outgoing messages with inline.sig.html (or > .txt) > So a message sent from company X would be signed by company X > > So is it possible to set the vallue of these variables by a rule set ? > (if not this would be a feature request) > It would be much easier to sing messages with the right company, and i > wouldn't have to maintain a lot rulesets and different reports. > > Now I will have to set up rulesets and reports for all the companies > just to get a different %web-site% in the signature (or virus > warnings). > > Or is there another way ? > > With kind regards, > > Wijnand Reimink > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 08:57:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Hi Only way I think of right now (caffeine levels still rising) is to have different instances of MailScanner watching separate inbound queues for the different domains. If you use a single instance of MS, and email to domain1 AND domain2, how would it handle this? In regards to 'from' the %org-name% parts are merely indications that mail has been scanned and shouldn't be relied on to be 'trusted' that it has indeed come from that firm. The reason the org-name is in the headers is that people started to trust the headers and let alleged MS scanned email straight through without virus scanning etc. So some clever virus writer noticed this and produced a virus that had the X-MailScanner headers in the email it sent in order to circumvent peoples security. This meant the more unique org-name was added to the headers in order to try and make the headers a little more unique and circumvent this issue. So I wouldn't really take much issue myself with the outbound email, people use all sorts or services for email lists and a great many are third party, where you have no control of people to do SPF or anything like that to verify the sender if who they say they are.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of w.reimink@gmail.com > Sent: 03 November 2005 23:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Value of the variables %org-name% %org-long-name% > %web-site% set by a ruleset > > Hi > > I'am quite new to mailscanner (and mailing lists.) > I've installed mailscanner and I am testing it right now. so far so good. > > However I have a question. > > Our mailserver is responsible for several companies and for all those > companies have the same rules (attachments, spam checking and so on) > > The only thing that is different for all our companies are the values of : > %org-name%, %org-long-name%, and %web-site% > For example : we want to sign outgoing messages with inline.sig.html (or > .txt) > So a message sent from company X would be signed by company X > > So is it possible to set the vallue of these variables by a rule set ? > (if not this would be a feature request) > It would be much easier to sing messages with the right company, and i > wouldn't have to maintain a lot rulesets and different reports. > > Now I will have to set up rulesets and reports for all the companies > just to get a different %web-site% in the signature (or virus > warnings). > > Or is there another way ? > > With kind regards, > > Wijnand Reimink > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 09:03:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.87.1 Message-ID: In case people haven't send this yet.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce- > bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: 03 November 2005 23:01 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.87.1 > > Dear ClamAV users, > > This release includes major bugfixes for problems with handling TNEF > attachments, cabinet files and FSG compressed executables. > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner > PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 > PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 09:03:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.87.1 Message-ID: In case people haven't send this yet.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce- > bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: 03 November 2005 23:01 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.87.1 > > Dear ClamAV users, > > This release includes major bugfixes for problems with handling TNEF > attachments, cabinet files and FSG compressed executables. > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner > PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 > PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From janetbindner at YAHOO.CO.UK Fri Nov 4 09:28:30 2005 From: janetbindner at YAHOO.CO.UK (Janet Bindner) Date: Thu Jan 12 21:31:07 2006 Subject: New RPM package(clamav, postfix, spamassassin, mailscanner) - PSCM Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I have created a new rpm package integrating postfix, spamassassin, clamav and mailscanner. This should help to eliminate the hassle of installing and making these applications work together. The latest package include: * Clamav: 0.87.1 * MailScanner: 4.47.4-1 * SpamAssassin: 3.1.0 * Postfix: 2.2.5 http://metawire.org/~pscm/index.html Cheers, Janet ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From janetbindner at YAHOO.CO.UK Fri Nov 4 09:28:30 2005 From: janetbindner at YAHOO.CO.UK (Janet Bindner) Date: Thu Jan 12 21:31:07 2006 Subject: New RPM package(clamav, postfix, spamassassin, mailscanner) - PSCM Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I have created a new rpm package integrating postfix, spamassassin, clamav and mailscanner. This should help to eliminate the hassle of installing and making these applications work together. The latest package include: * Clamav: 0.87.1 * MailScanner: 4.47.4-1 * SpamAssassin: 3.1.0 * Postfix: 2.2.5 http://metawire.org/~pscm/index.html Cheers, Janet ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 14:13:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I uncomment this in mailscanner.conf Spam List = ORDB-RBL SBL+XBL Also added this to spam.assassin.prefs.conf # JP data was taken out of the WS and SC SURBL zone files # JP will be a separate list in SA 3.1 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 Restarted mailscanner and SA Have not see any notciable increase in system load yet... Rob... ----- Original Message ----- From: "Pete Russell" To: Sent: Thursday, November 03, 2005 8:58 PM Subject: Re: Lots ne wmedical related spam... > How do I find out which URIBL i have enabled? Or turn on more of the ones > that are built in? Because i dont see all of those in my reports. > Thanks > Pete > > Matt Kettler wrote: >> Rob wrote: >> >>>The source as form MS outlook express... >>> >> >> >> >> >> Well, you're not set up to generate spamcheck headers for nonspam.. >> That's such >> a horridly lame default in MailScanner. >> >> Unless you're ready/willing to grep your maillogs for the SMTP ID to find >> the >> actual spam check results I would *STRONGLY* suggest changing your >> MailScanner.conf to include: >> >> Always Include SpamAssassin Report = yes >> >> >> That aside, are you using DNS checks and URIBLs? >> >> I got a LOT of hits on that message when I tested it locally. I'm using >> SA >> 3.1.0, but most of these tests apply to SA 3.0.4 as well. >> >> Relevant optional features: >> I'm using DNS checks (RBLs responsible for 10.1 points) >> I'm using URIBLs with uribl.com lists added on (8.2 points) >> I'm using Razor (1.7 points) >> I'm using DCC (2.2 points) >> I'm using 70_sare_specific.cf from rulesemporium.com (0.2 points) >> I'm using bayes (1.0 points) >> >> Content analysis details: (26.1 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- -------------------------------------------------- >> 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% >> [score: 0.6448] >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 0.2 SARE_SPEC_LEO_LINE03f RAW: common Leo body text >> 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level >> above 50% >> [cf: 100] >> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) >> 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level >> above 50% >> [cf: 100] >> 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% >> [cf: 100] >> 2.2 DCC_CHECK Listed in DCC >> (http://rhyolite.com/anti-spam/dcc/) >> 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP >> address >> [216.230.157.133 listed in dnsbl.sorbs.net] >> 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org >> [] >> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net >> [Blocked - see >> ] >> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL >> [216.230.157.133 listed in >> sbl-xbl.spamhaus.org] >> 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist >> [URIs: artistisen.com] >> 2.5 URIBL_BLACK Contains an URL listed in the URIBL blacklist >> [URIs: artistisen.com] >> 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL >> blocklist >> [URIs: artistisen.com] >> 0.8 DIGEST_MULTIPLE Message hits more than one network digest >> check >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 14:13:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I uncomment this in mailscanner.conf Spam List = ORDB-RBL SBL+XBL Also added this to spam.assassin.prefs.conf # JP data was taken out of the WS and SC SURBL zone files # JP will be a separate list in SA 3.1 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 Restarted mailscanner and SA Have not see any notciable increase in system load yet... Rob... ----- Original Message ----- From: "Pete Russell" To: Sent: Thursday, November 03, 2005 8:58 PM Subject: Re: Lots ne wmedical related spam... > How do I find out which URIBL i have enabled? Or turn on more of the ones > that are built in? Because i dont see all of those in my reports. > Thanks > Pete > > Matt Kettler wrote: >> Rob wrote: >> >>>The source as form MS outlook express... >>> >> >> >> >> >> Well, you're not set up to generate spamcheck headers for nonspam.. >> That's such >> a horridly lame default in MailScanner. >> >> Unless you're ready/willing to grep your maillogs for the SMTP ID to find >> the >> actual spam check results I would *STRONGLY* suggest changing your >> MailScanner.conf to include: >> >> Always Include SpamAssassin Report = yes >> >> >> That aside, are you using DNS checks and URIBLs? >> >> I got a LOT of hits on that message when I tested it locally. I'm using >> SA >> 3.1.0, but most of these tests apply to SA 3.0.4 as well. >> >> Relevant optional features: >> I'm using DNS checks (RBLs responsible for 10.1 points) >> I'm using URIBLs with uribl.com lists added on (8.2 points) >> I'm using Razor (1.7 points) >> I'm using DCC (2.2 points) >> I'm using 70_sare_specific.cf from rulesemporium.com (0.2 points) >> I'm using bayes (1.0 points) >> >> Content analysis details: (26.1 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- -------------------------------------------------- >> 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% >> [score: 0.6448] >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 0.2 SARE_SPEC_LEO_LINE03f RAW: common Leo body text >> 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level >> above 50% >> [cf: 100] >> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) >> 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level >> above 50% >> [cf: 100] >> 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% >> [cf: 100] >> 2.2 DCC_CHECK Listed in DCC >> (http://rhyolite.com/anti-spam/dcc/) >> 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP >> address >> [216.230.157.133 listed in dnsbl.sorbs.net] >> 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org >> [] >> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net >> [Blocked - see >> ] >> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL >> [216.230.157.133 listed in >> sbl-xbl.spamhaus.org] >> 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist >> [URIs: artistisen.com] >> 2.5 URIBL_BLACK Contains an URL listed in the URIBL blacklist >> [URIs: artistisen.com] >> 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL >> blocklist >> [URIs: artistisen.com] >> 0.8 DIGEST_MULTIPLE Message hits more than one network digest >> check >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Fri Nov 4 13:46:52 2005 From: w.reimink at GMAIL.COM (Wijnand Reimink) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Thanx for your response, Maybe I have to reconsider signing outgoing messages. That would indeed be an option Thank You Wijnand ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Fri Nov 4 13:46:52 2005 From: w.reimink at GMAIL.COM (Wijnand Reimink) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Thanx for your response, Maybe I have to reconsider signing outgoing messages. That would indeed be an option Thank You Wijnand ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:01:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I uncomment this in mailscanner.conf > > Spam List = ORDB-RBL SBL+XBL > > Also added this to spam.assassin.prefs.conf > > # JP data was taken out of the WS and SC SURBL zone files > # JP will be a separate list in SA 3.1 > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! Those rules already exist in the SA default config. You do not enable URIBLs by adding rules.. you enable them by loading the plugin. (see /etc/mail/spamassassin/*.pre) Force-adding the rules without the plugin loaded will cause parse errors in your config!!!!!!!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:01:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I uncomment this in mailscanner.conf > > Spam List = ORDB-RBL SBL+XBL > > Also added this to spam.assassin.prefs.conf > > # JP data was taken out of the WS and SC SURBL zone files > # JP will be a separate list in SA 3.1 > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! Those rules already exist in the SA default config. You do not enable URIBLs by adding rules.. you enable them by loading the plugin. (see /etc/mail/spamassassin/*.pre) Force-adding the rules without the plugin loaded will cause parse errors in your config!!!!!!!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 16:09:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: Added in by default to SA 3.0.4 ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: 04 November 2005 16:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Lots ne wmedical related spam... > > Rob wrote: > > I uncomment this in mailscanner.conf > > > > Spam List = ORDB-RBL SBL+XBL > > > > Also added this to spam.assassin.prefs.conf > > > > # JP data was taken out of the WS and SC SURBL zone files > > # JP will be a separate list in SA 3.1 > > > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > > describe URIBL_JP_SURBL Has URI in JP at > http://www.surbl.org/lists.html > > tflags URIBL_JP_SURBL net > > > > score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 16:09:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: Added in by default to SA 3.0.4 ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: 04 November 2005 16:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Lots ne wmedical related spam... > > Rob wrote: > > I uncomment this in mailscanner.conf > > > > Spam List = ORDB-RBL SBL+XBL > > > > Also added this to spam.assassin.prefs.conf > > > > # JP data was taken out of the WS and SC SURBL zone files > > # JP will be a separate list in SA 3.1 > > > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > > describe URIBL_JP_SURBL Has URI in JP at > http://www.surbl.org/lists.html > > tflags URIBL_JP_SURBL net > > > > score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:10:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done... Sorry man, i do not get to play with SA or MS much, just not enough time. In the past default settings after install were always sufficient to fight spam, but now its more tough..... so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this back out too? I do not have any files in my /etc/mail/spamassassin that are *.pre Here is what i have 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_evilnum0.cf 70_sare_genlsubj.cf 70_sare_header.cf 70_sare_html.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_ratware.cf 70_sare_specific.cf 70_sare_spoof.cf 72_sare_bml_post25x.cf 72_sare_redirect_post3.0.0.cf 99_sare_fraud_post25x.cf directory -->RulesDuJour antidrug.cf bogus-virus-warnings.cf local.cf random.cf tripwire.cf Thanks and i really appriciate all the help i get on this list. :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:01 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> I uncomment this in mailscanner.conf >> >> Spam List = ORDB-RBL SBL+XBL >> >> Also added this to spam.assassin.prefs.conf >> >> # JP data was taken out of the WS and SC SURBL zone files >> # JP will be a separate list in SA 3.1 >> >> urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 >> body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') >> describe URIBL_JP_SURBL Has URI in JP at >> http://www.surbl.org/lists.html >> tflags URIBL_JP_SURBL net >> >> score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:10:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done... Sorry man, i do not get to play with SA or MS much, just not enough time. In the past default settings after install were always sufficient to fight spam, but now its more tough..... so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this back out too? I do not have any files in my /etc/mail/spamassassin that are *.pre Here is what i have 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_evilnum0.cf 70_sare_genlsubj.cf 70_sare_header.cf 70_sare_html.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_ratware.cf 70_sare_specific.cf 70_sare_spoof.cf 72_sare_bml_post25x.cf 72_sare_redirect_post3.0.0.cf 99_sare_fraud_post25x.cf directory -->RulesDuJour antidrug.cf bogus-virus-warnings.cf local.cf random.cf tripwire.cf Thanks and i really appriciate all the help i get on this list. :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:01 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> I uncomment this in mailscanner.conf >> >> Spam List = ORDB-RBL SBL+XBL >> >> Also added this to spam.assassin.prefs.conf >> >> # JP data was taken out of the WS and SC SURBL zone files >> # JP will be a separate list in SA 3.1 >> >> urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 >> body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') >> describe URIBL_JP_SURBL Has URI in JP at >> http://www.surbl.org/lists.html >> tflags URIBL_JP_SURBL net >> >> score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:20:17 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Done... > > Sorry man, i do not get to play with SA or MS much, just not enough > time. In the past default settings after install were always sufficient > to fight spam, but now its more tough..... > > so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this > back out too? That isn't a SA thing.. So it doesn't matter. That enables RBL checking in MailScanner. Any message matching one of those RBLs will be spam tagged, no matter what SpamAssassin says. I personally have yet to see an RBL I trust enough to be an absolute spam criteria, but your results and sensitivity to FPs may differ from mine. > > I do not have any files in my /etc/mail/spamassassin that are *.pre Then you don't have a proper install of SA 3.0.0 or higher. Did you install from a distro-package, or from the source tarball? SA 3.0.0 and higher should add "init.pre". SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) If the init.pre is missing, and you installed from a distro package, send the maintainer a nastygram and re-install from the tarball. (who knows what other files they neglected to put in the right places) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:20:17 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Done... > > Sorry man, i do not get to play with SA or MS much, just not enough > time. In the past default settings after install were always sufficient > to fight spam, but now its more tough..... > > so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this > back out too? That isn't a SA thing.. So it doesn't matter. That enables RBL checking in MailScanner. Any message matching one of those RBLs will be spam tagged, no matter what SpamAssassin says. I personally have yet to see an RBL I trust enough to be an absolute spam criteria, but your results and sensitivity to FPs may differ from mine. > > I do not have any files in my /etc/mail/spamassassin that are *.pre Then you don't have a proper install of SA 3.0.0 or higher. Did you install from a distro-package, or from the source tarball? SA 3.0.0 and higher should add "init.pre". SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) If the init.pre is missing, and you installed from a distro package, send the maintainer a nastygram and re-install from the tarball. (who knows what other files they neglected to put in the right places) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Nov 4 16:27:37 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:07 2006 Subject: Time::HiRes for MessageBatch timing Message-ID: Julian, Per my recent request for batch timing in the logs, please look at my suggested changes for MessageBatch.pm (attached, against 4.47.4). My changes have NOT been tested at all, so I don't know if this will work. The changes: * added Time::HiRes for timing the start and end timing on a batch of messages. * changed output of information in EndBatch from integer to float * Added a "Batch Completed in x.x seconds" syslog, even if "Log Speed" is not turned on in the config file. Please see if my idea makes sense. Since HighRes is required for SpamAssassin, why not use it here too to give better info? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "MessageBatch.pm.diffs") 51 lines. ] [ Unable to print this part. ] From rob at THEHOSTMASTERS.COM Fri Nov 4 16:26:12 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] i am using 3.04 on Debian 3 dpkg -l |grep spam ii mailscanner 4.41.3-2 email virus scanner and spam tagger ii spamassassin 3.0.4-2 Perl-based spam filter using text analysis ii spamc 3.0.4-2 Client for SpamAssassin spam filtering daemo i will get the tarball and get the .pre files from it then? I like to use the apt-get as it makes it easy to maintain a bunch of servers... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:20 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> Done... >> >> Sorry man, i do not get to play with SA or MS much, just not enough >> time. In the past default settings after install were always sufficient >> to fight spam, but now its more tough..... >> >> so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this >> back out too? > > That isn't a SA thing.. So it doesn't matter. That enables RBL checking in > MailScanner. Any message matching one of those RBLs will be spam tagged, > no > matter what SpamAssassin says. > > I personally have yet to see an RBL I trust enough to be an absolute spam > criteria, but your results and sensitivity to FPs may differ from mine. >> >> I do not have any files in my /etc/mail/spamassassin that are *.pre > > Then you don't have a proper install of SA 3.0.0 or higher. Did you > install from > a distro-package, or from the source tarball? > > SA 3.0.0 and higher should add "init.pre". > SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) > > > If the init.pre is missing, and you installed from a distro package, send > the > maintainer a nastygram and re-install from the tarball. (who knows what > other > files they neglected to put in the right places) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:26:12 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] i am using 3.04 on Debian 3 dpkg -l |grep spam ii mailscanner 4.41.3-2 email virus scanner and spam tagger ii spamassassin 3.0.4-2 Perl-based spam filter using text analysis ii spamc 3.0.4-2 Client for SpamAssassin spam filtering daemo i will get the tarball and get the .pre files from it then? I like to use the apt-get as it makes it easy to maintain a bunch of servers... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:20 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> Done... >> >> Sorry man, i do not get to play with SA or MS much, just not enough >> time. In the past default settings after install were always sufficient >> to fight spam, but now its more tough..... >> >> so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this >> back out too? > > That isn't a SA thing.. So it doesn't matter. That enables RBL checking in > MailScanner. Any message matching one of those RBLs will be spam tagged, > no > matter what SpamAssassin says. > > I personally have yet to see an RBL I trust enough to be an absolute spam > criteria, but your results and sensitivity to FPs may differ from mine. >> >> I do not have any files in my /etc/mail/spamassassin that are *.pre > > Then you don't have a proper install of SA 3.0.0 or higher. Did you > install from > a distro-package, or from the source tarball? > > SA 3.0.0 and higher should add "init.pre". > SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) > > > If the init.pre is missing, and you installed from a distro package, send > the > maintainer a nastygram and re-install from the tarball. (who knows what > other > files they neglected to put in the right places) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Nov 4 16:27:37 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:07 2006 Subject: Time::HiRes for MessageBatch timing Message-ID: Julian, Per my recent request for batch timing in the logs, please look at my suggested changes for MessageBatch.pm (attached, against 4.47.4). My changes have NOT been tested at all, so I don't know if this will work. The changes: * added Time::HiRes for timing the start and end timing on a batch of messages. * changed output of information in EndBatch from integer to float * Added a "Batch Completed in x.x seconds" syslog, even if "Log Speed" is not turned on in the config file. Please see if my idea makes sense. Since HighRes is required for SpamAssassin, why not use it here too to give better info? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "MessageBatch.pm.diffs") 51 lines. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Fri Nov 4 16:36:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i am using 3.04 on Debian 3 > > dpkg -l |grep spam > ii mailscanner 4.41.3-2 email virus scanner and spam tagger > ii spamassassin 3.0.4-2 Perl-based spam filter using text > analysis > ii spamc 3.0.4-2 Client for SpamAssassin spam filtering > daemo > > i will get the tarball and get the .pre files from it then? > > I like to use the apt-get as it makes it easy to maintain a bunch of > servers... > Ooooooh.. wait.. you've got a bigger problem... debian uses /etc/spamassassin as their siteconfig. You should not have an /etc/mail/spamassassin directory at all. Move your files up to the proper siteconfig path and rmdir /etc/mail/spamassassin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:36:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i am using 3.04 on Debian 3 > > dpkg -l |grep spam > ii mailscanner 4.41.3-2 email virus scanner and spam tagger > ii spamassassin 3.0.4-2 Perl-based spam filter using text > analysis > ii spamc 3.0.4-2 Client for SpamAssassin spam filtering > daemo > > i will get the tarball and get the .pre files from it then? > > I like to use the apt-get as it makes it easy to maintain a bunch of > servers... > Ooooooh.. wait.. you've got a bigger problem... debian uses /etc/spamassassin as their siteconfig. You should not have an /etc/mail/spamassassin directory at all. Move your files up to the proper siteconfig path and rmdir /etc/mail/spamassassin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:42:42 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /etc/mail/spamassassin is a link to /etc/spamassassin That should be ok, no? I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:42:42 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /etc/mail/spamassassin is a link to /etc/spamassassin That should be ok, no? I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:46:01 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] looks like i finally got this guy marked now.... Return-Path: X-Original-To: hostmaster@thednsguys.com Delivered-To: rob@thehostmasters.com Received: from tcsnet.com (ile74-1-82-244-22-62.fbx.proxad.net [82.244.22.62]) by stewy (Postfix) with SMTP id 30EDFBF4A for ; Fri, 4 Nov 2005 09:43:21 -0500 (EST) From: "Lindsie Bucholtz" To: "Gioachino Raminez" Message-ID: <000401c5e14e$75347d00$c430a8c0@unhung> Subject: {Spam?} Re: Darrens just think about it Date: Fri, 4 Nov 2005 09:45:54 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E124.8C5E7500" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: spam, SBL+XBL, SpamAssassin (score=0.063, required 4, BAYES_50 0.00, HTML_90_100 0.02, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 0.04) X-MailScanner-From: linds@tcsnet.com Yuppie!! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:46:01 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] looks like i finally got this guy marked now.... Return-Path: X-Original-To: hostmaster@thednsguys.com Delivered-To: rob@thehostmasters.com Received: from tcsnet.com (ile74-1-82-244-22-62.fbx.proxad.net [82.244.22.62]) by stewy (Postfix) with SMTP id 30EDFBF4A for ; Fri, 4 Nov 2005 09:43:21 -0500 (EST) From: "Lindsie Bucholtz" To: "Gioachino Raminez" Message-ID: <000401c5e14e$75347d00$c430a8c0@unhung> Subject: {Spam?} Re: Darrens just think about it Date: Fri, 4 Nov 2005 09:45:54 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E124.8C5E7500" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: spam, SBL+XBL, SpamAssassin (score=0.063, required 4, BAYES_50 0.00, HTML_90_100 0.02, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 0.04) X-MailScanner-From: linds@tcsnet.com Yuppie!! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 17:26:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > /etc/mail/spamassassin is a link to /etc/spamassassin > > That should be ok, no? Yes, it should be fine.. SA will look for both (and a few others in places) and use the first one it finds. For what it's worth, here's SA's search order, as of SA 3.1.0 @site_rules_path = ( '__local_rules_dir__', '__prefix__/etc/mail/spamassassin', '__prefix__/etc/spamassassin', '/usr/local/etc/spamassassin', '/usr/pkg/etc/spamassassin', '/usr/etc/spamassassin', '/etc/mail/spamassassin', '/etc/spamassassin', ); where __local_rules_dir__ is a variable optionally passed to perl Makefile.pm. > > I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 17:26:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > /etc/mail/spamassassin is a link to /etc/spamassassin > > That should be ok, no? Yes, it should be fine.. SA will look for both (and a few others in places) and use the first one it finds. For what it's worth, here's SA's search order, as of SA 3.1.0 @site_rules_path = ( '__local_rules_dir__', '__prefix__/etc/mail/spamassassin', '__prefix__/etc/spamassassin', '/usr/local/etc/spamassassin', '/usr/pkg/etc/spamassassin', '/usr/etc/spamassassin', '/etc/mail/spamassassin', '/etc/spamassassin', ); where __local_rules_dir__ is a variable optionally passed to perl Makefile.pm. > > I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 17:40:08 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I also just installed Razor via apt-get install razor and ran..... razor-client razor-admin --create razor-admin --register The docs with debian say nothing else to do as SA will see razor is installed and use it... that seems a little too magically for me.... is there anything i should do to test that razor is installed properly? Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 12:26 PM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> /etc/mail/spamassassin is a link to /etc/spamassassin >> >> That should be ok, no? > > Yes, it should be fine.. SA will look for both (and a few others in > places) and > use the first one it finds. > > For what it's worth, here's SA's search order, as of SA 3.1.0 > > @site_rules_path = ( > '__local_rules_dir__', > '__prefix__/etc/mail/spamassassin', > '__prefix__/etc/spamassassin', > '/usr/local/etc/spamassassin', > '/usr/pkg/etc/spamassassin', > '/usr/etc/spamassassin', > '/etc/mail/spamassassin', > '/etc/spamassassin', > ); > > where __local_rules_dir__ is a variable optionally passed to perl > Makefile.pm. > > > >> >> I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and >> restart >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 17:40:08 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I also just installed Razor via apt-get install razor and ran..... razor-client razor-admin --create razor-admin --register The docs with debian say nothing else to do as SA will see razor is installed and use it... that seems a little too magically for me.... is there anything i should do to test that razor is installed properly? Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 12:26 PM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> /etc/mail/spamassassin is a link to /etc/spamassassin >> >> That should be ok, no? > > Yes, it should be fine.. SA will look for both (and a few others in > places) and > use the first one it finds. > > For what it's worth, here's SA's search order, as of SA 3.1.0 > > @site_rules_path = ( > '__local_rules_dir__', > '__prefix__/etc/mail/spamassassin', > '__prefix__/etc/spamassassin', > '/usr/local/etc/spamassassin', > '/usr/pkg/etc/spamassassin', > '/usr/etc/spamassassin', > '/etc/mail/spamassassin', > '/etc/spamassassin', > ); > > where __local_rules_dir__ is a variable optionally passed to perl > Makefile.pm. > > > >> >> I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and >> restart >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 18:00:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I also just installed Razor via apt-get install razor and ran..... > > razor-client > razor-admin --create > razor-admin --register > > The docs with debian say nothing else to do as SA will see razor is > installed and use it... that seems a little too magically for me.... is > there anything i should do to test that razor is installed properly? > > Thanks... Actually, if you're using SA 3.1.0, you need to enable the razor plugin in v310.pre. However, in SA 3.0.x, and lower it's purely automatic. If you want to see if razor is found by SA, you can run spamassassin --lint -D. You should see a pile of razor related lines in the debug output. SA 3.1.0 should have this in the debug output: ---------------- [9612] dbg: diag: module installed: Razor2::Client::Agent, version 2.71 [9612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [9612] dbg: razor2: razor2 is available, version 2.7 [9612] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [9612] dbg: razor2: results: spam? 0 [9612] dbg: razor2: results: engine 8, highest cf score: 0 [9612] dbg: razor2: results: engine 4, highest cf score: 0 [9612] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Pl ugin::Razor2=HASH(0x9174f0c)) [9612] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plu gin::Pyzor=HASH(0x90e9d34)) ---------------- 3.0.4 will have similar output, but it won't have anything about plugins.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 18:00:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I also just installed Razor via apt-get install razor and ran..... > > razor-client > razor-admin --create > razor-admin --register > > The docs with debian say nothing else to do as SA will see razor is > installed and use it... that seems a little too magically for me.... is > there anything i should do to test that razor is installed properly? > > Thanks... Actually, if you're using SA 3.1.0, you need to enable the razor plugin in v310.pre. However, in SA 3.0.x, and lower it's purely automatic. If you want to see if razor is found by SA, you can run spamassassin --lint -D. You should see a pile of razor related lines in the debug output. SA 3.1.0 should have this in the debug output: ---------------- [9612] dbg: diag: module installed: Razor2::Client::Agent, version 2.71 [9612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [9612] dbg: razor2: razor2 is available, version 2.7 [9612] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [9612] dbg: razor2: results: spam? 0 [9612] dbg: razor2: results: engine 8, highest cf score: 0 [9612] dbg: razor2: results: engine 4, highest cf score: 0 [9612] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Pl ugin::Razor2=HASH(0x9174f0c)) [9612] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plu gin::Pyzor=HASH(0x90e9d34)) ---------------- 3.0.4 will have similar output, but it won't have anything about plugins.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:08:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: update_phishing_sites script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fair enough. Done. I added /usr/etc as well just in case (IRIX users will appreciate this). Jeff A. Earickson wrote: > Julian, > > After upgrading to 4.47.2, I surmised that I needed a > daily cronjob to run update_phishing_sites, to get the > latest info from you. So I added one. It failed, > since root does not have /usr/local/bin in its path > on my box. I suggest the following addition to update_phishing_sites: > > *** update_phishing_sites.orig Thu Nov 3 08:33:10 2005 > --- update_phishing_sites Thu Nov 3 08:36:12 2005 > *************** > *** 31,36 **** > --- 31,38 ---- > # United Kingdom > # > > + PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin > + > if [ -d /opt/MailScanner/etc ]; then > cd /opt/MailScanner/etc > else > > Jeff Earickson > Colby College > > PS. Sorry to hear about your fire. When are you going > to start writing "FireScanner"? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:08:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: update_phishing_sites script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fair enough. Done. I added /usr/etc as well just in case (IRIX users will appreciate this). Jeff A. Earickson wrote: > Julian, > > After upgrading to 4.47.2, I surmised that I needed a > daily cronjob to run update_phishing_sites, to get the > latest info from you. So I added one. It failed, > since root does not have /usr/local/bin in its path > on my box. I suggest the following addition to update_phishing_sites: > > *** update_phishing_sites.orig Thu Nov 3 08:33:10 2005 > --- update_phishing_sites Thu Nov 3 08:36:12 2005 > *************** > *** 31,36 **** > --- 31,38 ---- > # United Kingdom > # > > + PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin > + > if [ -d /opt/MailScanner/etc ]; then > cd /opt/MailScanner/etc > else > > Jeff Earickson > Colby College > > PS. Sorry to hear about your fire. When are you going > to start writing "FireScanner"? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:25:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All you need to do is make rulesets for the configuration options you need to change, such as the inline.sig.txt report, each of which contains the hardcoded domain names you want and doesn't use the %variables%. You can't use rulesets for the %variables%, but you just need to hard code that text into the report and then have a different report file for each customer's domain, and use a ruleset to switch between the rulees depending on the customer sending the mail. Read the book or the wiki for a plentiful supply of examples and tutorials on this. Wijnand Reimink wrote: >Thanx for your response, > >Maybe I have to reconsider signing outgoing messages. >That would indeed be an option > >Thank You > >Wijnand > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:25:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All you need to do is make rulesets for the configuration options you need to change, such as the inline.sig.txt report, each of which contains the hardcoded domain names you want and doesn't use the %variables%. You can't use rulesets for the %variables%, but you just need to hard code that text into the report and then have a different report file for each customer's domain, and use a ruleset to switch between the rulees depending on the customer sending the mail. Read the book or the wiki for a plentiful supply of examples and tutorials on this. Wijnand Reimink wrote: >Thanx for your response, > >Maybe I have to reconsider signing outgoing messages. >That would indeed be an option > >Thank You > >Wijnand > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Fri Nov 4 19:03:09 2005 From: w.reimink at GMAIL.COM (Wijnand Reimink) Date: Thu Jan 12 21:31:08 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Fair enough ! I Will buy the book and this way make a donation to your project ! Grtz Wijnand ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 19:15:38 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:08 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yup i see a bunch of razor stuff spewing out, cool... Thanks guy for all the help! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 1:00 PM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> I also just installed Razor via apt-get install razor and ran..... >> >> razor-client >> razor-admin --create >> razor-admin --register >> >> The docs with debian say nothing else to do as SA will see razor is >> installed and use it... that seems a little too magically for me.... is >> there anything i should do to test that razor is installed properly? >> >> Thanks... > > Actually, if you're using SA 3.1.0, you need to enable the razor plugin in > v310.pre. > > However, in SA 3.0.x, and lower it's purely automatic. > > If you want to see if razor is found by SA, you can run > spamassassin --lint -D. > You should see a pile of razor related lines in the debug output. > > > SA 3.1.0 should have this in the debug output: > ---------------- > [9612] dbg: diag: module installed: Razor2::Client::Agent, version 2.71 > > > [9612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [9612] dbg: razor2: razor2 is available, version 2.7 > > > > > [9612] dbg: razor2: part=0 engine=4 contested=0 confidence=0 > [9612] dbg: razor2: results: spam? 0 > [9612] dbg: razor2: results: engine 8, highest cf score: 0 > [9612] dbg: razor2: results: engine 4, highest cf score: 0 > [9612] dbg: plugin: registering glue method for check_razor2 > (Mail::SpamAssassin::Pl > ugin::Razor2=HASH(0x9174f0c)) > [9612] dbg: plugin: registering glue method for check_pyzor > (Mail::SpamAssassin::Plu > gin::Pyzor=HASH(0x90e9d34)) > > ---------------- > > 3.0.4 will have similar output, but it won't have anything about plugins.. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Fri Nov 4 19:35:30 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: We have Mailscanner setup to block .js/.htm/.exe attachments, but whats happening is when a customer has a zip file that contains any of these files, its blocked as well! How can we allow uninfected .zip thru that contain these file types yet block these types from being primarily attached to emails? Do I just have to start allowing all these file types all together? MailScanner with ClamAV ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Nov 4 19:38:27 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Lewis wrote: > We have Mailscanner setup to block .js/.htm/.exe attachments, but whats > happening is when a customer has a zip file that contains any of these > files, its blocked as well! How can we allow uninfected .zip thru that > contain these file types yet block these types from being primarily > attached to emails? Do I just have to start allowing all these file types > all together? > Have a look in MailScanner.conf You need to find the setting for "scan depth" in zip files. If you set it to "0" zipped .exe's will be allowed through Sorry I can't remember the exact line but it's Friday evening :) Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Nov 4 19:40:45 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight.ie wrote: >Brian Lewis wrote: > > >>We have Mailscanner setup to block .js/.htm/.exe attachments, but whats >>happening is when a customer has a zip file that contains any of these >>files, its blocked as well! How can we allow uninfected .zip thru that >>contain these file types yet block these types from being primarily >>attached to emails? Do I just have to start allowing all these file types >>all together? >> >> >> >Have a look in MailScanner.conf > >You need to find the setting for "scan depth" in zip files. If you set >it to "0" zipped .exe's will be allowed through > >Sorry I can't remember the exact line but it's Friday evening :) > >Michele > > > It is quite dangerous, though, because many viruses travel inside ZIP files nowadays... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Nov 4 19:46:40 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > It is quite dangerous, though, because many viruses travel inside ZIP > files nowadays... Maybe, but do you want your support staff to spend their entire day releasing blocked exe files? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 19:53:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight.ie wrote: >Denis Beauchemin wrote: > > >>It is quite dangerous, though, because many viruses travel inside ZIP >>files nowadays... >> >> > >Maybe, but do you want your support staff to spend their entire day >releasing blocked exe files? > > We are shortly going to publish a little managed quarantine retrieval system, so releasing a message attachment for someone is about 2 or 3 clicks. We have a few other issues to contend with at the moment, but hopefully it will be released soon when my colleague has time to finish it off and package it up. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Fri Nov 4 20:08:58 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: Will an infected ZIP still be blocked if ClamAV scans it and identifies a virus inside the zip? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 20:26:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. Brian Lewis wrote: >Will an infected ZIP still be blocked if ClamAV scans it and identifies a >virus inside the zip? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Nov 4 21:34:04 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: Has anyone read this? http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 New%20Exploit/164278_1.aspx Thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Nov 4 21:47:16 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ClamAV isn't on the list, so at least my servers will be fine. I'm going to guess that the file utility will not likely miss-guess the header, so it may be a good idea to have the linux file utility do its job. On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: Has anyone read this? http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 New%20Exploit/164278_1.aspx Thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 12:41:23 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, My sendmail system will not accept mail from anything other than localhost. I have tried to telnet onto port 25 from a workstation and it does not connact but if I try from the server it does. What have I missed? Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 13:08:08 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: This exact question came up on the CentOS list yesterday :) Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig Sent: Saturday, November 05, 2005 7:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Basic Sendmail question Thanks Mike Will give that a go Lance Mike Kercher wrote: Look at your sendmail.mc Your DEAMON_OPTIONS are telling sendmail to listen on 127.0.0.1 Make that line look like mine below, regen your .cf and restart. dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Mike -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 08:55:07 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Guys, I am having trouble finding the place to add the sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in line to my SUSE box. I have found a sendmail file in the init.d but the entries there do not look anything like the documentation. Can someone enlighten me please. latest MS and SUSE 93 Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Fri Nov 4 21:49:02 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:31:08 2006 Subject: Semi-OT: ClamAV Vulnerability Message-ID: Speaking of virus scanner vulnerabilities, here's one for ClamAV: Begin forwarded message: > > This one looks a bit nasty: > > http://lwn.net/Articles/158666/ > > I'd upgrade to ClamAV 0.87.1 if you run Clam. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Sat Nov 5 07:48:40 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:08 2006 Subject: quarnatine release not working Message-ID: I've tried to release a e-mail that was quarantined, but it has not shown up. When looking at the listing it shows up "green" and marked 'W/L" but still no e-mail. Any idea how to release this e-mail? Regards, Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Sat Nov 5 08:02:27 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:08 2006 Subject: quarantined mail Message-ID: This is the error I just discovered form MS after trying to release the mail again, anyone care to enlighten me as to what this all means. SA Learn: error code 13 returned from sa-learn: bayes expire_old_tokens: lock: 343 cannot create tmp lockfile /var/lib/MailScanner/bayes.lock.mail.mmtnetworks.com.au.343 for /var/lib/MailScanner/bayes.lock: Permission denied lock: 343 cannot create tmp lockfile /var/lib/MailScanner/bayes.lock.mail.mmtnetworks.com.au.343 for /var/lib/MailScanner/bayes.lock: Permission denied Learned from 0 message(s) (1 message(s) examined). Delete: not deleting file /var/spool/MailScanner/quarantine/20051105/3EBCE1500EC.29828/C1.bmp due to previous errors ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 12:44:24 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: Look at your sendmail.mc Your DEAMON_OPTIONS are telling sendmail to listen on 127.0.0.1 Make that line look like mine below, regen your .cf and restart. dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 6:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Basic Sendmail question > > Hi, > > My sendmail system will not accept mail from anything other > than localhost. > > I have tried to telnet onto port 25 from a workstation and it > does not connact but if I try from the server it does. > > What have I missed? > > Lance > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Nov 4 22:01:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin spake the following on 11/4/2005 11:40 AM: > Michele Neylon :: Blacknight.ie wrote: > >> Brian Lewis wrote: >> >> >>> We have Mailscanner setup to block .js/.htm/.exe attachments, but >>> whats happening is when a customer has a zip file that contains any >>> of these files, its blocked as well! How can we allow uninfected >>> .zip thru that contain these file types yet block these types from >>> being primarily attached to emails? Do I just have to start allowing >>> all these file types all together? >>> >>> >> >> Have a look in MailScanner.conf >> >> You need to find the setting for "scan depth" in zip files. If you set >> it to "0" zipped .exe's will be allowed through >> >> Sorry I can't remember the exact line but it's Friday evening :) >> >> Michele >> >> >> > It is quite dangerous, though, because many viruses travel inside ZIP > files nowadays... > > Denis > But it doesn't stop the virus scanners from checking zip files, just the filename/filetype filters. But I guess it could get a little dangerous if something goes through before the virus scanner updates are out. With daily updates,and 3 virus scanners, I haven't had this for a year or more. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 13:06:26 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Mike Will give that a go Lance Mike Kercher wrote: Look at your sendmail.mc Your DEAMON_OPTIONS are telling sendmail to listen on 127.0.0.1 Make that line look like mine below, regen your .cf and restart. dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Mike -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 13:27:36 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unfortunately that did not work for me mike :-( Any other ideas as to what might be wrong? Thanks Lance Mike Kercher wrote: >This exact question came up on the CentOS list yesterday :) > >Mike > > > >________________________________ > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 7:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Basic Sendmail question > > > Thanks Mike > > Will give that a go > > Lance > > Mike Kercher wrote: > > Look at your sendmail.mc Your DEAMON_OPTIONS are telling >sendmail to listen > on 127.0.0.1 Make that line look like mine below, regen >your .cf and > restart. > > > dnl # > dnl # The following causes sendmail to only listen on the >IPv4 loopback > address dnl # 127.0.0.1 and not on any other network >devices. Remove the > loopback dnl # address restriction to accept email from the >internet or > intranet. > dnl # > DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl > > > Mike > > > > -----Original Message----- > From: MailScanner mailing list > > ------------------------ MailScanner list >------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki >(http://wiki.mailscanner.info/) > and > the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off >the website! > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 13:41:26 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: Can you send me your sendmail.mc? Did you restart MailScanner after rebuilding your sendmail.cf? Did you rebuild your sendmail.cf? Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 7:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Basic Sendmail question > > Unfortunately that did not work for me mike :-( > > Any other ideas as to what might be wrong? > > Thanks > > Lance > > > Mike Kercher wrote: > > >This exact question came up on the CentOS list yesterday :) > > > >Mike > > > > > > > >________________________________ > > > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >On Behalf Of Lance Haig > > Sent: Saturday, November 05, 2005 7:06 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Basic Sendmail question > > > > > > Thanks Mike > > > > Will give that a go > > > > Lance > > > > Mike Kercher wrote: > > > > Look at your sendmail.mc Your DEAMON_OPTIONS > are telling sendmail to > >listen > > on 127.0.0.1 Make that line look like mine > below, regen your .cf and > > restart. > > > > > > dnl # > > dnl # The following causes sendmail to only > listen on the > >IPv4 loopback > > address dnl # 127.0.0.1 and not on any other > network devices. Remove > >the > > loopback dnl # address restriction to accept > email from the internet > >or > > intranet. > > dnl # > > DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl > > > > > > Mike > > > > > > > > -----Original Message----- > > From: MailScanner mailing list > > > > ------------------------ MailScanner list > >------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki > >(http://wiki.mailscanner.info/) > > and > > the archives > >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy > the book off the website! > > > > > >------------------------ MailScanner list > ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 13:42:03 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: Is iptables running? Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 7:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Basic Sendmail question > > Unfortunately that did not work for me mike :-( > > Any other ideas as to what might be wrong? > > Thanks > > Lance > > > Mike Kercher wrote: > > >This exact question came up on the CentOS list yesterday :) > > > >Mike > > > > > > > >________________________________ > > > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >On Behalf Of Lance Haig > > Sent: Saturday, November 05, 2005 7:06 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Basic Sendmail question > > > > > > Thanks Mike > > > > Will give that a go > > > > Lance > > > > Mike Kercher wrote: > > > > Look at your sendmail.mc Your DEAMON_OPTIONS > are telling sendmail to > >listen > > on 127.0.0.1 Make that line look like mine > below, regen your .cf and > > restart. > > > > > > dnl # > > dnl # The following causes sendmail to only > listen on the > >IPv4 loopback > > address dnl # 127.0.0.1 and not on any other > network devices. Remove > >the > > loopback dnl # address restriction to accept > email from the internet > >or > > intranet. > > dnl # > > DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl > > > > > > Mike > > > > > > > > -----Original Message----- > > From: MailScanner mailing list > > > > ------------------------ MailScanner list > >------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki > >(http://wiki.mailscanner.info/) > > and > > the archives > >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy > the book off the website! > > > > > >------------------------ MailScanner list > ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 14:07:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Semi-OT: ClamAV Vulnerability Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My ClamAV+SA installation package contains ClamAV 0.87.1. John Rudd wrote: > Speaking of virus scanner vulnerabilities, here's one for ClamAV: > > Begin forwarded message: > >> >> This one looks a bit nasty: >> >> http://lwn.net/Articles/158666/ >> >> I'd upgrade to ClamAV 0.87.1 if you run Clam. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 14:10:31 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Mike, iptables is not running. I rebuilt the sendmail.cf and also restarted the whole server. In SUSE the sendmail.cf is called linux.cf attached is mine. Thanks Lance Mike Kercher wrote: Can you send me your sendmail.mc? Did you restart MailScanner after rebuilding your sendmail.cf? Did you rebuild your sendmail.cf? Mike -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Sat Nov 5 14:11:18 2005 From: Dave (Dave) Date: Thu Jan 12 21:31:08 2006 Subject: smX and MailScanner Message-ID: Has nyone tried this yet? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 14:57:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You should be using the SuSE distribution of MailScanner. If you do that, everything will be done for you, just read the instructions in the output at the end of ./install.sh. You don't need to mess with any of this stuff by hand, you'll just get in a bit of a mess :-) Lance Haig wrote: > Hi Guys, > > I am having trouble finding the place to add the > >sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in > > >line to my SUSE box. I have found a sendmail file in the init.d but the entries there do not >look anything like the documentation. > >Can someone enlighten me please. > >latest MS and SUSE 93 > >Thanks > >Lance > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 15:13:52 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I think I am in a mess :-) Can I reinstall MS ? When I tried the last time it told me it was already installed. Thanks Lance Julian Field wrote: > You should be using the SuSE distribution of MailScanner. > If you do that, everything will be done for you, just read the > instructions in the output at the end of ./install.sh. > > You don't need to mess with any of this stuff by hand, you'll just get > in a bit of a mess :-) > > Lance Haig wrote: > >> Hi Guys, >> >> I am having trouble finding the place to add the >> >> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >> -OQueueDirectory=/var/spool/mqueue.in >> >> >> line to my SUSE box. I have found a sendmail file in the init.d but >> the entries there do not >> look anything like the documentation. >> >> Can someone enlighten me please. >> >> latest MS and SUSE 93 >> >> Thanks >> >> Lance >> >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 15:22:32 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] checked the mail log and found this unable to write pid to /var/run/sendmail.pid file in use by another process could that be causeing this? Lance Lance Haig wrote: > Julian, > > I think I am in a mess :-) > > Can I reinstall MS ? When I tried the last time it told me it was > already installed. > > Thanks > > Lance > > > Julian Field wrote: > >> You should be using the SuSE distribution of MailScanner. >> If you do that, everything will be done for you, just read the >> instructions in the output at the end of ./install.sh. >> >> You don't need to mess with any of this stuff by hand, you'll just >> get in a bit of a mess :-) >> >> Lance Haig wrote: >> >>> Hi Guys, >>> >>> I am having trouble finding the place to add the >>> >>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>> -OQueueDirectory=/var/spool/mqueue.in >>> >>> >>> line to my SUSE box. I have found a sendmail file in the init.d but >>> the entries there do not >>> look anything like the documentation. >>> >>> Can someone enlighten me please. >>> >>> latest MS and SUSE 93 >>> >>> Thanks >>> >>> Lance >>> >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 15:24:40 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is what is in the sendmail.pid 8384 /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in -O DaemonPortOptions=Addr=127.0.0.1 -L sendmail-in -Am -bd -om Lance Lance Haig wrote: > Julian, > > I think I am in a mess :-) > > Can I reinstall MS ? When I tried the last time it told me it was > already installed. > > Thanks > > Lance > > > Julian Field wrote: > >> You should be using the SuSE distribution of MailScanner. >> If you do that, everything will be done for you, just read the >> instructions in the output at the end of ./install.sh. >> >> You don't need to mess with any of this stuff by hand, you'll just >> get in a bit of a mess :-) >> >> Lance Haig wrote: >> >>> Hi Guys, >>> >>> I am having trouble finding the place to add the >>> >>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>> -OQueueDirectory=/var/spool/mqueue.in >>> >>> >>> line to my SUSE box. I have found a sendmail file in the init.d but >>> the entries there do not >>> look anything like the documentation. >>> >>> Can someone enlighten me please. >>> >>> latest MS and SUSE 93 >>> >>> Thanks >>> >>> Lance >>> >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 15:33:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You certainly don't want the DaemonPortOptions settings you have got, that will stop it receiving mail from the outside world. If you want me to log in remotely and fix it all up for you, give me a shout off list with access details and passwords. Be warned that I will expect some sort of recompense for doing this for you, I can't always work for nothing :-) But I can probably sort you out fairly quickly. Lance Haig wrote: > This is what is in the sendmail.pid > > 8384 > /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in -O > DaemonPortOptions=Addr=127.0.0.1 -L sendmail-in -Am -bd -om > > > Lance > > Lance Haig wrote: > >> Julian, >> >> I think I am in a mess :-) >> >> Can I reinstall MS ? When I tried the last time it told me it was >> already installed. >> >> Thanks >> >> Lance >> >> >> Julian Field wrote: >> >>> You should be using the SuSE distribution of MailScanner. >>> If you do that, everything will be done for you, just read the >>> instructions in the output at the end of ./install.sh. >>> >>> You don't need to mess with any of this stuff by hand, you'll just >>> get in a bit of a mess :-) >>> >>> Lance Haig wrote: >>> >>>> Hi Guys, >>>> >>>> I am having trouble finding the place to add the >>>> >>>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>>> -OQueueDirectory=/var/spool/mqueue.in >>>> >>>> >>>> line to my SUSE box. I have found a sendmail file in the init.d but >>>> the entries there do not >>>> look anything like the documentation. >>>> >>>> Can someone enlighten me please. >>>> >>>> latest MS and SUSE 93 >>>> >>>> Thanks >>>> >>>> Lance >>>> >>>> >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> *Support MailScanner development - buy the book off the website!* >>> >>> >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 16:00:18 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, I solved the problem by running the SUSE sendmail setup from YAST It then allowed me to recieve mail from anyone. Thanks for the offer though. Lance Julian Field wrote: > You certainly don't want the DaemonPortOptions settings you have got, > that will stop it receiving mail from the outside world. > > If you want me to log in remotely and fix it all up for you, give me a > shout off list with access details and passwords. Be warned that I > will expect some sort of recompense for doing this for you, I can't > always work for nothing :-) > > But I can probably sort you out fairly quickly. > > Lance Haig wrote: > >> This is what is in the sendmail.pid >> >> 8384 >> /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly >> -OQueueDirectory=/var/spool/mqueue.in -O >> DaemonPortOptions=Addr=127.0.0.1 -L sendmail-in -Am -bd -om >> >> >> Lance >> >> Lance Haig wrote: >> >>> Julian, >>> >>> I think I am in a mess :-) >>> >>> Can I reinstall MS ? When I tried the last time it told me it was >>> already installed. >>> >>> Thanks >>> >>> Lance >>> >>> >>> Julian Field wrote: >>> >>>> You should be using the SuSE distribution of MailScanner. >>>> If you do that, everything will be done for you, just read the >>>> instructions in the output at the end of ./install.sh. >>>> >>>> You don't need to mess with any of this stuff by hand, you'll just >>>> get in a bit of a mess :-) >>>> >>>> Lance Haig wrote: >>>> >>>>> Hi Guys, >>>>> >>>>> I am having trouble finding the place to add the >>>>> >>>>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>>>> -OQueueDirectory=/var/spool/mqueue.in >>>>> >>>>> >>>>> line to my SUSE box. I have found a sendmail file in the init.d >>>>> but the entries there do not >>>>> look anything like the documentation. >>>>> >>>>> Can someone enlighten me please. >>>>> >>>>> latest MS and SUSE 93 >>>>> >>>>> Thanks >>>>> >>>>> Lance >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> *Support MailScanner development - buy the book off the website!* >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Sat Nov 5 17:54:09 2005 From: ajos1 at onion.demon.co.uk (Dj Ajos1) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: Urgent update... as lots of people's mcafee systems will be out of date (I think it has been wrong for months)! In file:- /usr/lib/MailScanner/mcafee-autoupdate The line/entry... FTPDIR=http://download.nai.com/products/datfiles/4.x/nai Does not work any more... But this one does! FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x Thanks in advance... == ===================================================================== = = "What time is it when both hands are pointing up? Time to hand = over the money!" = = "Landlordism is, in any case, a philosophy of idleness..." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From victorm at ULA.VE Sat Nov 5 17:45:42 2005 From: victorm at ULA.VE (Victor Mendoza) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I didn't receive your linux.cf but... I would check /etc/hosts.{allow,deny} Victor Lance Haig wrote: > Hi Mike, > > iptables is not running. > > I rebuilt the sendmail.cf and also restarted the whole server. > > In SUSE the sendmail.cf is called linux.cf > > attached is mine. > > Thanks > > Lance > > Mike Kercher wrote: > >>Can you send me your sendmail.mc? Did you restart MailScanner after >>rebuilding your sendmail.cf? Did you rebuild your sendmail.cf? >> >>Mike >> >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>> >>>------------------------ MailScanner list ------------------------ >>> >>>To unsubscribe, email jiscmail@jiscmail.ac.uk >>>with the words: >>> >>>'leave mailscanner' in the body of the email. >>> >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> >>> >>>*Support MailScanner development - buy the book off the website!* >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 18:25:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please can other people confirm that this new suggested location is the best place to use. Dj Ajos1 wrote: >Urgent update... as lots of people's mcafee systems will be out of date (I think it has been wrong for months)! > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > >The line/entry... > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > >Does not work any more... > >But this one does! > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > >Thanks in advance... > >== >===================================================================== >= >= "What time is it when both hands are pointing up? Time to hand >= over the money!" >= >= "Landlordism is, in any case, a philosophy of idleness..." >= >= Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... >= Call... +44 8457 90 90 90 http://www.samaritans.org/ >= >===================================================================== > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Sat Nov 5 19:34:47 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:08 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ours has been working fine with the default location. I see no need to switch to one somewhere in Europe. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Sat Nov 5 20:50:02 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:31:08 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > > Please can other people confirm that this new suggested location is the > best place to use. The original (download.nai.com) still works, there's no problem whatsoever and has never been over the last few months/years. IMHO http is preferred over ftp, due to easier securing/firewalling issues. If however ftp is used, the mentioned url is fine for sites in Europe. The ftp sites in the US use ftp.nai.com. It may even be the case thay DNS replies for ftp.nai.com are now automatically pointing to the nearest ftp repositories (think I read this somewhere). Regards, Mike. > Dj Ajos1 wrote: > > >Urgent update... as lots of people's mcafee systems will be out of date > (I think it has been wrong for months)! > > > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > > > >The line/entry... > > > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > > > >Does not work any more... > > > >But this one does! > > > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > > > >Thanks in advance... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Sat Nov 5 21:10:48 2005 From: ajos1 at onion.demon.co.uk (Dj Ajos1) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: - Interesting replies... in the UK... from 3 different totally unrelated sites... we get... http://download.nai.com/products/datfiles/4.x/nai You are not authorized to view this page You might not have permission to view this directory or page using the credentials you supplied. Sounds like some form of IP origination firewalling? == ===================================================================== = = "What time is it when both hands are pointing up? Time to hand = over the money!" = = "Landlordism is, in any case, a philosophy of idleness..." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Nov 5 21:35:22 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dj Ajos1 writes: > Interesting replies... in the UK... from 3 different totally unrelated sites... we get... > > http://download.nai.com/products/datfiles/4.x/nai > > You are not authorized to view this page > You might not have permission to view this directory or page using the credentials you supplied. Try http://speedownload.nai.com/products/datfiles/4.x/nai, a few of us have been using this for months without any problems. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Sun Nov 6 03:45:46 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: Hi All, Has anyone got a simple how-to on this? I found some stuff from google about a gazilion things to modify, did it all and it fails still, one most google popular is some extract from a mailing list where it questions alot of useless doubling up, and using stuff from openprotect etc, still a miserable failure.. MS has a qmail-send program? but unless im blind (good chance) I see no docs on how to get this all working. One of the organisations I work for uses qmail and wont change, qmailscan is pretty CPU hogging and featureless, hence why if I cant put sendmail in (like i have on many working setups) then I need to find a way to get MS and qmail working happily, probably not going to happen tho, but as its approaching christmas I guess one can ask for small miracles :) Cheers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Sun Nov 6 10:06:44 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dj Ajos1 > > Interesting replies... in the UK... from 3 different totally unrelated > sites... we get... > > http://download.nai.com/products/datfiles/4.x/nai > > You are not authorized to view this page > You might not have permission to view this directory or page using the > credentials you supplied. > > Sounds like some form of IP origination firewalling? No, it just means that there is no index.html file and the web user is not authorized to view the directory. The base URL is used to download files. If you try http://download.nai.com/products/datfiles/4.x/nai/update.ini, you will notice that files can be downloaded, provided that you specify the /correct/ filename. There is/should be no problem with the autoupdate script, as it downloads the ini file(s) to determine version information and afterwards, if necessary, downloads the specific files mentioned in the ini files. Regards, Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sun Nov 6 10:51:34 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Res writes: > Hi All, > Has anyone got a simple how-to on this? > I found some stuff from google about a gazilion things to modify, did it > all and it fails still, one most google popular is some extract from a > mailing list where it questions alot of useless doubling up, and using > stuff from openprotect etc, still a miserable failure.. > MS has a qmail-send program? but unless im blind (good chance) I see no > docs on how to get this all working. You have 4 options a. Use a MS + sendmail/postfix front-end server to the qmail server (will require extra hardware). b. Use MS + sendmail/postfix on the same server and change the port for qmail to a different one (say 2525) c. Use Openprotect, they do a decent job for qmail integration. I also run at least 4 of them with qmail. d. See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/152.html for instructions on manually integrating qmail with MailScanner. hope that helps, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Sun Nov 6 12:30:51 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: Hi, On Sun, 6 Nov 2005, Dhawal Doshy wrote: > Res writes: >> Hi All, >> Has anyone got a simple how-to on this? > > You have 4 options > a. Use a MS + sendmail/postfix front-end server to the qmail server (will > require extra hardware). not possible, we are also a carrier, and host many vISP mail domains > b. Use MS + sendmail/postfix on the same server and change the port for qmail > to a different one (say 2525) as above > c. Use Openprotect, they do a decent job for qmail integration. I also run at > least 4 of them with qmail. this looks only possible goer, its at a cost isnt it...i doubt my biosses will go for it > d. See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/152.html for > instructions on manually integrating qmail with MailScanner. > hope that helps, thats the one we've tried and doesnt work. see the dilema :) -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sun Nov 6 13:15:19 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Res writes: >> c. Use Openprotect, they do a decent job for qmail integration. I also >> run at least 4 of them with qmail. > > this looks only possible goer, its at a cost isnt it...i doubt my biosses > will go for it > Openprotect is free (beer/speech) unless you also opt for the kaspersky antivirus as well.. so go ahead and give it a try. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Nov 6 13:04:25 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Res wrote: > >> c. Use Openprotect, they do a decent job for qmail integration. I also >> run at least 4 of them with qmail. > > > this looks only possible goer, its at a cost isnt it...i doubt my > biosses will go for it It's OSS afair -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at GMAIL.COM Sun Nov 6 14:29:56 2005 From: devonharding at GMAIL.COM (Devon Harding) Date: Thu Jan 12 21:31:08 2006 Subject: IPBlock info? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Where can I find docs on IPBlock with MailScanner? Install info? -Devon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Nov 6 18:27:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: IPBlock info? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Read the relevant bit of CustomConfig.pm, it contains installation instructions in the comments at the start of the code. Devon Harding wrote: > Where can I find docs on IPBlock with MailScanner? Install info? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ25K9xH2WUcUFbZUEQKDTACfW+3EYruviwj0TM2seTX9LdQYpGIAoKsQ a+4dEr9ZPciTq/pEJWjVZ8aC =WIie -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Nov 6 22:05:09 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on Postfix/RHEL4 with the service command, instead the out put service MailScanner start is [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found Any ideas? Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Sun Nov 6 22:50:08 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 09:05:09 +1100 Peter Russell wrote: > I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on > Postfix/RHEL4 with the service command, instead the out put service > MailScanner start is > > [root@mail01 en]# service MailScanner start > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory I can confirm it on Fedora Core 4 and RHEL. For now I am using /etc/rc.d/init.d/MailScanner file from 4.46. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Sun Nov 6 22:53:39 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: /etc/cron.daily/update_phishing_sites Message-ID: Hello, could update_phishing_sites script's output be silenced like update_virus_scanner? Because now I get an email every night: From: Cron Daemon Subject: Cron run-parts /etc/cron.daily /etc/cron.daily/update_phishing_sites: --04:47:47-- http://www.mailscanner.info/phishing.safe.sites.conf.master => `phishing.safe.sites.conf.master' Resolving www.mailscanner.info... 152.78.68.160 Connecting to www.mailscanner.info[152.78.68.160]:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/phishing.safe.sites.conf.master [following] --04:47:47-- http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/phishing.safe.sites.conf.master => `phishing.safe.sites.conf.master' Resolving www.sng.ecs.soton.ac.uk... 152.78.68.160 Connecting to www.sng.ecs.soton.ac.uk[152.78.68.160]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13,752 [text/plain] 0K .......... ... 100% 81.06 KB/s 04:47:48 (81.06 KB/s) - `phishing.safe.sites.conf.master' saved [13,752/13,752] Phishing safe sites list updated. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 00:03:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there any chance you can email me that file? The links on the MS website to the older beta version are busted and the file from 4.45 which i had doesnt work :( Thanks Pete Nerijus Baliunas wrote: > On Mon, 7 Nov 2005 09:05:09 +1100 Peter Russell wrote: > > >>I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on >>Postfix/RHEL4 with the service command, instead the out put service >>MailScanner start is >> >>[root@mail01 en]# service MailScanner start >>/etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory > > > I can confirm it on Fedora Core 4 and RHEL. For now I am using > /etc/rc.d/init.d/MailScanner file from 4.46. > > Regards, > Nerijus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 01:12:02 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks but even using that script gives an error. maybe this install is borked? The wiki and maq arent available does anyone know the procedure for reverting to my back up copy? I error i get when i use your startup script is; [root@mail01 ~]# MailScanner start Cannot open config file start, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 592. Compilation failed in require at /usr/sbin/MailScanner line 65. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. But at those lines in those files there isnt unusal (to me) Appreciate any further tips. Pete Peter Russell wrote: > Is there any chance you can email me that file? The links on the MS > website to the older beta version are busted and the file from 4.45 > which i had doesnt work :( > Thanks > Pete > > Nerijus Baliunas wrote: > >> On Mon, 7 Nov 2005 09:05:09 +1100 Peter Russell >> wrote: >> >> >>> I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on >>> Postfix/RHEL4 with the service command, instead the out put service >>> MailScanner start is >>> >>> [root@mail01 en]# service MailScanner start >>> /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or >>> directory >> >> >> >> I can confirm it on Fedora Core 4 and RHEL. For now I am using >> /etc/rc.d/init.d/MailScanner file from 4.46. >> >> Regards, >> Nerijus >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Mon Nov 7 01:27:49 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 12:12:02 +1100 Peter Russell wrote: > Thanks but even using that script gives an error. maybe this install is > borked? The wiki and maq arent available does anyone know the procedure > for reverting to my back up copy? > > I error i get when i use your startup script is; > [root@mail01 ~]# MailScanner start > Cannot open config file start, No such file or directory at You should use service MailScanner start or /etc/init.d/MailScanner start. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 02:36:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahh thanks, moved to the corect dir and used the correct commands and it worked - how about that :) Thanks for your help Pete Nerijus Baliunas wrote: > On Mon, 7 Nov 2005 12:12:02 +1100 Peter Russell wrote: > > >>Thanks but even using that script gives an error. maybe this install is >>borked? The wiki and maq arent available does anyone know the procedure >>for reverting to my back up copy? >> >>I error i get when i use your startup script is; >>[root@mail01 ~]# MailScanner start >>Cannot open config file start, No such file or directory at > > > You should use service MailScanner start or /etc/init.d/MailScanner start. > > Regards, > Nerijus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at YAHOO.COM Mon Nov 7 02:42:29 2005 From: micoots at YAHOO.COM (Michael Mansour) Date: Thu Jan 12 21:31:08 2006 Subject: Deleting spam based on domain Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, For some domains I'd like to auto-delete spam, and for others keep them on the default "deliver". In MailScanner.conf, there's the following entries which relate to this: Spam Actions = deliver High Scoring Spam Actions = deliver In trying to make these into a ruleset ie: Spam Actions = %rules-dir%/spam.actions.rules High Scoring Spam Actions = %rules-dir%/high.scoring.spam.actions What do these files need to contain? will the following work? FromOrTo: *@domain1.com delete FromOrTo: default deliver Thanks. Michael. Send instant messages to your online friends http://au.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 02:55:02 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:08 2006 Subject: Deleting spam based on domain Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Mansour > Sent: Sunday, November 06, 2005 9:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Deleting spam based on domain > > Hi, > > For some domains I'd like to auto-delete spam, and for > others keep them on the default "deliver". > > In MailScanner.conf, there's the following entries > which relate to this: > > Spam Actions = deliver > > High Scoring Spam Actions = deliver > > In trying to make these into a ruleset ie: > > Spam Actions = %rules-dir%/spam.actions.rules > > High Scoring Spam Actions = > %rules-dir%/high.scoring.spam.actions > > What do these files need to contain? will the > following work? > > FromOrTo: *@domain1.com delete > FromOrTo: default deliver Should be fine. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Mon Nov 7 09:42:09 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:08 2006 Subject: Mailscanner + sendmail SMTP code 552 Message-ID: Hi Jens, On Mon, 2005-11-07 at 09:17 +0100, Jens Ahlin wrote: > Hi, > > I have one installation with Tao4 (RHEL4) Mailscanner and sendmail. There > seems to be a maximum message size of 2Mb that i cannot get rid of. > > host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] said: 552 > Requested mail action aborted: exceeded storage allocation (in reply to > MAIL FROM command) > This looks like the recipient you are trying to send to has the limit - not your box. Unless the xxx.xxx... is your host and people are receiving the message above from your system when trying to send message in, in that case you've probably got quotas enabled. > Sendmail version 8.13.1-2. > > I have not configured any of SMPT, UUCP or MAX_MESSAGE_SIZE in sendmail > and Max message size in Mailscanner is set to -1. > As you are getting an SMTP rejection - this doesn't have anything to do with MailScanner as it isn't involved in SMTP at all. Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailing_lists+mailscanner at caleotech.com Mon Nov 7 08:17:41 2005 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jan 12 21:31:08 2006 Subject: Mailscanner + sendmail SMTP code 552 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have one installation with Tao4 (RHEL4) Mailscanner and sendmail. There seems to be a maximum message size of 2Mb that i cannot get rid of. host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] said: 552 Requested mail action aborted: exceeded storage allocation (in reply to MAIL FROM command) I have the following configuration: Linux 2.6.9-22.EL #1 Thu Oct 6 13:07:33 EDT 2005 i686 i686 i386 GNU/Linux This is Tao Linux release 4 (Sponge) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.46.2 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.53 Net::DNS 0.31 Net::LDAP missing Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.30 URI Sendmail version 8.13.1-2. I have not configured any of SMPT, UUCP or MAX_MESSAGE_SIZE in sendmail and Max message size in Mailscanner is set to -1. I have another mailserver with Tao1 Mailscanner and sendmail that doesn't behave like this. Any suggestions ? Jens ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 09:55:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can someone give me a summary of this problem please? Is it something I have broken? And if so, what doesn't work and what output does it produce? Peter Russell wrote: > Ahh thanks, moved to the corect dir and used the correct commands and > it worked - how about that :) > > Thanks for your help > Pete > > Nerijus Baliunas wrote: > >> On Mon, 7 Nov 2005 12:12:02 +1100 Peter Russell >> wrote: >> >> >>> Thanks but even using that script gives an error. maybe this install >>> is borked? The wiki and maq arent available does anyone know the >>> procedure for reverting to my back up copy? >>> >>> I error i get when i use your startup script is; >>> [root@mail01 ~]# MailScanner start >>> Cannot open config file start, No such file or directory at >> >> >> >> You should use service MailScanner start or /etc/init.d/MailScanner >> start. >> >> Regards, >> Nerijus >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailing_lists+mailscanner at caleotech.com Mon Nov 7 10:47:14 2005 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jan 12 21:31:08 2006 Subject: Mailscanner + sendmail SMTP code 552 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hi Jens, > > On Mon, 2005-11-07 at 09:17 +0100, Jens Ahlin wrote: >> Hi, >> >> I have one installation with Tao4 (RHEL4) Mailscanner and sendmail. >> There >> seems to be a maximum message size of 2Mb that i cannot get rid of. >> >> host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] said: 552 >> Requested mail action aborted: exceeded storage allocation (in reply >> to >> MAIL FROM command) >> > > This looks like the recipient you are trying to send to has the limit - > not your box. > > Unless the xxx.xxx... is your host and people are receiving the message > above from your system when trying to send message in, in that case > you've probably got quotas enabled. > >> Sendmail version 8.13.1-2. >> >> I have not configured any of SMPT, UUCP or MAX_MESSAGE_SIZE in sendmail >> and Max message size in Mailscanner is set to -1. >> > xxx.xxx above is my box. What kind of quota ? I have not configured any quota at all unless RHEL4 have quotas by default. I have cyrus imapd as backend and no quotas enabled there. If any quota is present it must be some sort of "/ message" quota since mail is continously being transferred in/out. The only thing I get in the maillog is: Nov 7 11:43:16 xxxx sendmail[568]: jA7AhFxj000568: name.comp.tld [xxx.xxx.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Jens ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 10:54:09 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, a Summary as requested. Julian Field wrote: > Can someone give me a summary of this problem please? RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link from your site, all steps appeard to work as expected. Go to run MS for the first time and get lots of nasty output at the console and no MTA and no MS. Nerijus is having the same issue on FC4. Out from service start command immedietly after upgrade is; [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Mon Nov 7 13:19:28 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: Famous last words... Probably your servers will not be so fine http://www.securityfocus.com/archive/1/415723 Saludos -- Leonardo Helman Pert Consultores Argentina On Fri, Nov 04, 2005 at 04:46:54PM -0500, Wess Bechard wrote: > > ClamAV isn't on the list, so at least my servers will be fine. > I'm going to guess that the file utility will not likely miss-guess > the header, so it may be a good idea to have the linux file utility do > its job. > On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: > > Has anyone read this? > > [1]http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > New%20Exploit/164278_1.aspx > > Thoughts? > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [2]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([3]http://wiki.mailscanner.info/) and > the archives ([4]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [5]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([6]http://wiki.mailscanner.info/) > and the archives > ([7]http://www.jiscmail.ac.uk/lists/mailscanner.html). > Support MailScanner development - buy the book off the website! > > References > > 1. http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > 2. mailto:jiscmail@jiscmail.ac.uk > 3. http://wiki.mailscanner.info/ > 4. http://www.jiscmail.ac.uk/lists/mailscanner.html > 5. file://localhost/tmp/jiscmail@jiscmail.ac.uk > 6. http://wiki.mailscanner.info/ > 7. http://www.jiscmail.ac.uk/lists/mailscanner.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Mon Nov 7 13:40:00 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 09:55:32 +0000 Julian Field wrote: > Can someone give me a summary of this problem please? > > Is it something I have broken? And if so, what doesn't work and what > output does it produce? See the first message in this thread. In short, RH/Fedora don't have rc.status, rc_reset, rc_exit commands which appeared in init.d script in 4.47. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidj at synaq.com Mon Nov 7 13:42:38 2005 From: davidj at synaq.com (David Jacobson) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: Hi, On Mon, 2005-11-07 at 15:40 +0200, Nerijus Baliunas wrote: > On Mon, 7 Nov 2005 09:55:32 +0000 Julian Field wrote: > > > Can someone give me a summary of this problem please? > > > > Is it something I have broken? And if so, what doesn't work and what > > output does it produce? > > See the first message in this thread. In short, RH/Fedora don't have > rc.status, rc_reset, rc_exit commands which appeared in init.d script > in 4.47. I can confirm this. This morning I was feeling brave after a rough weekend, so I decided to upgrade to the latest MailScanner version on our production box during peak hour traffic. I thought it would go through fine without problems, to my suprise there were all these init script errors as indicated above. I simply replaced the init script with my old init script and all was back to normal. It would seem the new init script breaks RH style init scripts. Regards, David Jacobson > > Regards, > Nerijus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 011 245 5888 Direct: 011 245 5889 Fax: 011 783 9275 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 13:47:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: Clamav 0.87.1 was released last week to fix various bugs etc.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Leonardo Helman > Sent: 07 November 2005 13:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] New Exploit? > > Famous last words... > > Probably your servers will not be so fine > > http://www.securityfocus.com/archive/1/415723 > > Saludos > > -- > Leonardo Helman > Pert Consultores > Argentina > > > On Fri, Nov 04, 2005 at 04:46:54PM -0500, Wess Bechard wrote: > > > > ClamAV isn't on the list, so at least my servers will be fine. > > I'm going to guess that the file utility will not likely miss- > guess > > the header, so it may be a good idea to have the linux file utility > do > > its job. > > On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: > > > > Has anyone read this? > > > > > [1]http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20 > by%20 > > New%20Exploit/164278_1.aspx > > > > Thoughts? > > > > Mike > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email [2]jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ([3]http://wiki.mailscanner.info/) and > > the archives ([4]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email [5]jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ([6]http://wiki.mailscanner.info/) > > and the archives > > ([7]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > References > > > > 1. > http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by% > 20 > > 2. mailto:jiscmail@jiscmail.ac.uk > > 3. http://wiki.mailscanner.info/ > > 4. http://www.jiscmail.ac.uk/lists/mailscanner.html > > 5. file://localhost/tmp/jiscmail@jiscmail.ac.uk > > 6. http://wiki.mailscanner.info/ > > 7. http://www.jiscmail.ac.uk/lists/mailscanner.html > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 13:46:10 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:08 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ... These darn Viagra emails.. They always come through as no spam... i get about 20 a day and so do my clients.... what do you guys do about this if the rules do not catch it.... Thanks.. Return-Path: X-Original-To: rob@thehostmasters.com Delivered-To: rob@thehostmasters.com Received: from danknapp.com (ip-85-160-10-61.eurotel.cz [85.160.10.61]) by stewy (Postfix) with SMTP id 6DF82BF4E for ; Sun, 6 Nov 2005 17:55:33 -0500 (EST) Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> From: "Tzviya Fife" To: "Enola Kimbrough" Subject: Re: Marcuss cool info Date: Sun, 6 Nov 2005 17:56:40 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: fif@danknapp.com This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C5E2FB.7060FC00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable V C A X P V A I m a r I L A b n o A I L i a z G U I e x a R M S n c A $85,45 $99,95 $69,95 http://lemenartedahluleta.tripod.com Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Nov 7 13:50:35 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:08 2006 Subject: Phishing - Watch out for this Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I encountered this one Sat, it wasn't flagged as phising or spam. The "Click here" link is: Click here to activate your account So there isn't anything really there to catch. It points to a sub dir on what appears to be a Chinese University's web site. Received header is Received: from clust06-www03.powweb.com ([66.152.98.63]) I put the following local SA rule in place to catch it. header __Rc_EBAY_PHISH1 Subject =~ /(tko notice: eBay Account suspended \( Unauthorized Access \)|tko notice:)/i header __Rc_EBAY_PHISH2 Received !~/ebay\.com/i rawbody __Rc_EBAY_PHISH3 /library\.ws\.ac\.th|mfcisapicommand=signinfpp/i meta Rc_EBAY_PHISH ( __Rc_EBAY_PHISH1 && __Rc_EBAY_PHISH2 && __Rc_EBAY_PHISH3 ) score Rc_EBAY_PHISH 200 describe Rc_EBAY_PHISH META:Chinese Ebay Phishing Scam Rule Rc_EBAY_PHISH The rule basically states if the subject contains the full subject, or just the "tko notice:" part, and the recieved headers to not contain a host from ebay.com and there is a reference to either the website in question or the mfcisapicommand= then it's not from ebay and score it very high. I have posted the entire body if someone wants to see the information used for the above rule(s) Rick ================================= begin paste ======================================================= Subject: TKO NOTICE: eBay Account SUSPENDED ( Unauthorized Access ) Dear eBay Member, eBay is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, eBay employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity. Recently, our Account Review Team identified some unusual activity in your account. In accordance with eBay's User Agreement and to ensure that your account has not been compromised, access to your account was flagged. Your account will remain flagged until this issue has been resolved. This is a fraud prevention measure meant to ensure that your account is not compromised. In order to secure your account and quickly restore full access, we may require some specific information from you for the following reason: Our system requires further account verification. Case ID Number: EB-056-245-481 We encourage you to log in and restore full access as soon as possible. Should your account remain flagged for an extended period of time, it may result in further limitations on the use of your account or may result in eventual account closure. ----------------------------------------------------------------------- Click here to activate your account ---------------------------------------------------------------------- Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience. Sincerely, eBay Account Review Department eBay Email ID PP562 ====================================== End Paste ================================================== Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Nov 7 13:53:33 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do not worry about me. :) My servers run Gentoo, so applying updates on a weekly basis is fairly trivial. This morning's update will likely upgrade ClamAV if I have the older version. Speaking of updates, I just installed Ubuntu Server at home this weekend on my webserver box. I imagine Ubuntu Server will grow into a very nice server OS, as Ubuntu's team rolls updates out quickly via apt. I do realize it is silly to assume you are always safe, but in my case I take precautions to limit the danger by dedicating Monday morning as patch up, and roll out time. [ebuild U ] app-antivirus/clamav-0.87.1 [0.87] Yep, Servers updating clamav package right now :) On Mon, 2005-11-07 at 10:19 -0300, Leonardo Helman wrote: Famous last words... Probably your servers will not be so fine http://www.securityfocus.com/archive/1/415723 Saludos -- Leonardo Helman Pert Consultores Argentina On Fri, Nov 04, 2005 at 04:46:54PM -0500, Wess Bechard wrote: > > ClamAV isn't on the list, so at least my servers will be fine. > I'm going to guess that the file utility will not likely miss-guess > the header, so it may be a good idea to have the linux file utility do > its job. > On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: > > Has anyone read this? > > [1]http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > New%20Exploit/164278_1.aspx > > Thoughts? > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [2]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([3]http://wiki.mailscanner.info/) and > the archives ([4]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [5]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([6]http://wiki.mailscanner.info/) > and the archives > ([7]http://www.jiscmail.ac.uk/lists/mailscanner.html). > Support MailScanner development - buy the book off the website! > > References > > 1. http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > 2. mailto:jiscmail@jiscmail.ac.uk > 3. http://wiki.mailscanner.info/ > 4. http://www.jiscmail.ac.uk/lists/mailscanner.html > 5. file://localhost/tmp/jiscmail@jiscmail.ac.uk > 6. http://wiki.mailscanner.info/ > 7. http://www.jiscmail.ac.uk/lists/mailscanner.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 13:53:38 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Posting headers of spam emails... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there a special way to post spam headers? as whenever i send spam headers to this list , it never comes through... so the lists anti spam is doing something mine is not in catching these darn Viagra and cialis emails. I get dozens a day.... i tried to post the email headers but they get rejected by the list..... Any help appreciated... Thanks... Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Mon Nov 7 14:01:30 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: I'm running Matt Kettler's anti-drug rule set which is available from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using Rules Du Jour. It seems to catch most of them for me. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Monday, November 07, 2005 8:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] I can not seem to stop these emails... ... These darn Viagra emails.. They always come through as no spam... i get about 20 a day and so do my clients.... what do you guys do about this if the rules do not catch it.... Thanks.. Return-Path: X-Original-To: rob@thehostmasters.com Delivered-To: rob@thehostmasters.com Received: from danknapp.com (ip-85-160-10-61.eurotel.cz [85.160.10.61]) by stewy (Postfix) with SMTP id 6DF82BF4E for ; Sun, 6 Nov 2005 17:55:33 -0500 (EST) Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> From: "Tzviya Fife" To: "Enola Kimbrough" Subject: Re: Marcuss cool info Date: Sun, 6 Nov 2005 17:56:40 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: fif@danknapp.com This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C5E2FB.7060FC00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable V C A X P V A I m a r I L A b n o A I L i a z G U I e x a R M S n c A $85,45 $99,95 $69,95 http://lemenartedahluleta.tripod.com Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 14:20:34 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: Posting headers of spam emails... Message-ID: Best way it to put them up on a web page somewhere..... Also check you own MS settings that you are whitelisting this list... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 07 November 2005 13:54 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Posting headers of spam emails... > > Is there a special way to post spam headers? as whenever i send spam > headers to this list , it never comes through... so the lists anti spam is > doing something mine is not in catching these darn Viagra and cialis > emails. I get dozens a day.... i tried to post the email headers but they > get rejected by the list..... > > Any help appreciated... > > Thanks... > > Rob... > http://www.stupidguytalk.org > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 14:29:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Posting headers of spam emails... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh never mind they came through this time.... :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: Rob To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 07, 2005 8:53 AM Subject: Posting headers of spam emails... Is there a special way to post spam headers? as whenever i send spam headers to this list , it never comes through... so the lists anti spam is doing something mine is not in catching these darn Viagra and cialis emails. I get dozens a day.... i tried to post the email headers but they get rejected by the list..... Any help appreciated... Thanks... Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 14:47:10 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Right i have that, although it seems to be over a year old.... . These emails are kind of new with respect to how they are made... the word Viagra is not in the email at all so i guess that rule will not work, although Viagra does show in the email when its viewed... you can see 2 examples of the emails here... http://www.dido.ca/spam/drug.txt Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: Aaron K. Moore To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 07, 2005 9:01 AM Subject: Re: I can not seem to stop these emails... I'm running Matt Kettler's anti-drug rule set which is available from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using Rules Du Jour. It seems to catch most of them for me. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Monday, November 07, 2005 8:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] I can not seem to stop these emails... ... These darn Viagra emails.. They always come through as no spam... i get about 20 a day and so do my clients.... what do you guys do about this if the rules do not catch it.... Thanks.. Return-Path: X-Original-To: rob@thehostmasters.com Delivered-To: rob@thehostmasters.com Received: from danknapp.com (ip-85-160-10-61.eurotel.cz [85.160.10.61]) by stewy (Postfix) with SMTP id 6DF82BF4E for ; Sun, 6 Nov 2005 17:55:33 -0500 (EST) Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> From: "Tzviya Fife" To: "Enola Kimbrough" Subject: Re: Marcuss cool info Date: Sun, 6 Nov 2005 17:56:40 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: fif@danknapp.com This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C5E2FB.7060FC00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable V C A X P V A I m a r I L A b n o A I L i a z G U I e x a R M S n c A $85,45 $99,95 $69,95 http://lemenartedahluleta.tripod.com Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 14:54:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It appears that the SuSE init.d script somehow crept into the RedHat distribution. I have rebuilt the distributions and this problem appears to be fixed now. Sorry about that folks, haven't a clue how it happened. It would only have affected some MTA's and not others. Worst affected was Postfix. Pete Russell wrote: > Hi Julian, a Summary as requested. > > Julian Field wrote: > >> Can someone give me a summary of this problem please? > > RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 > > Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link > from your site, all steps appeard to work as expected. > > Go to run MS for the first time and get lots of nasty output at the > console and no MTA and no MS. > > Nerijus is having the same issue on FC4. > > Out from service start command immedietly after upgrade is; > > [root@mail01 en]# service MailScanner start > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > directory > /etc/init.d/MailScanner: line 109: rc_reset: command not found > Initializing incoming postfix Initializing outgoing postfix > /etc/init.d/MailScanner: line 93: rc_status: command not found > /etc/init.d/MailScanner: line 105: rc_status: command not found > Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: > command not found > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > [root@mail01 en]# service MailScanner start > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > directory > /etc/init.d/MailScanner: line 109: rc_reset: command not found > Initializing incoming postfix Initializing outgoing postfix > /etc/init.d/MailScanner: line 93: rc_status: command not found > /etc/init.d/MailScanner: line 105: rc_status: command not found > Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: > command not found > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 15:00:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Rob Results for 1... Content analysis details: (6.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 HTML_MESSAGE BODY: HTML included in message 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 0.0 UPPERCASE_25_50 message body is 25-50% uppercase 0.9 FM_NO_STYLE FM_NO_STYLE And 2.. Content analysis details: (7.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 HTML_MESSAGE BODY: HTML included in message 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.0 UPPERCASE_25_50 message body is 25-50% uppercase 0.9 FM_NO_STYLE FM_NO_STYLE Would have triggered my spamrules, but not my high spam.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 07 November 2005 14:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] I can not seem to stop these emails... > > Right i have that, although it seems to be over a year old.... . These > emails are kind of new with respect to how they are made... the word > Viagra is not in the email at all so i guess that rule will not work, > although Viagra does show in the email when its viewed... > > you can see 2 examples of the emails here... > > http://www.dido.ca/spam/drug.txt > > Thanks... > > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > > ----- Original Message ----- > From: Aaron K. Moore > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Monday, November 07, 2005 9:01 AM > Subject: Re: I can not seem to stop these emails... > > I'm running Matt Kettler's anti-drug rule set which is available > from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using > Rules Du Jour. > It seems to catch most of them for me. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > E-mail: amoore@dekalbmemorial.com > > > > > ________________________________ > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob > Sent: Monday, November 07, 2005 8:46 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] I can not seem to stop these emails... > > > ... > > These darn Viagra emails.. > > They always come through as no spam... i get about 20 a day > and so do my clients.... what do you guys do about this if the rules do > not catch it.... > > Thanks.. > > > > Return-Path: > X-Original-To: rob@thehostmasters.com > Delivered-To: rob@thehostmasters.com > Received: from danknapp.com (ip-85-160-10-61.eurotel.cz > [85.160.10.61]) > by stewy (Postfix) with SMTP id 6DF82BF4E > for ; Sun, 6 Nov 2005 17:55:33 -0500 > (EST) > Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> > From: "Tzviya Fife" > To: "Enola Kimbrough" > Subject: Re: Marcuss cool info > Date: Sun, 6 Nov 2005 17:56:40 -0500 > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > X-Stewy-Dido-Internet-MailScanner: Found to be clean > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, > SpamAssassin (score=0.174, required 4, BAYES_50 0.00, > HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) > X-MailScanner-From: fif@danknapp.com > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0001_01C5E2FB.7060FC00 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > V C A X P V > A I m a r I > L A b n o A > I L i a z G > U I e x a R > M S n c A > $85,45 $99,95 $69,95 > http://lemenartedahluleta.tripod.com > > > > > Rob... > http://www.stupidguytalk.org > > > ------------------------ MailScanner list -------------------- > ---- > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the > website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 15:09:41 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wow ok , so what am i doing wrong?? here are my rule sets i use.... [ "${TRUSTED_RULESETS}" ] || \ TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF SARE_REDIRECT_POST300 \ BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; P.S. How do you test that email with MS or SA, you run a command line thingy or something? my results in my email headers were this... X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: harsccsxgqashleigh@infofin.com Thanks for your help.. Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, November 07, 2005 10:00 AM Subject: Re: I can not seem to stop these emails... > Rob > > Results for 1... > > Content analysis details: (6.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > 0.9 FM_NO_STYLE FM_NO_STYLE > > > And 2.. > > Content analysis details: (7.7 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > ] > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > 0.9 FM_NO_STYLE FM_NO_STYLE > > > Would have triggered my spamrules, but not my high spam.. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Rob >> Sent: 07 November 2005 14:47 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] I can not seem to stop these emails... >> >> Right i have that, although it seems to be over a year old.... . These >> emails are kind of new with respect to how they are made... the word >> Viagra is not in the email at all so i guess that rule will not work, >> although Viagra does show in the email when its viewed... >> >> you can see 2 examples of the emails here... >> >> http://www.dido.ca/spam/drug.txt >> >> Thanks... >> >> >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> >> ----- Original Message ----- >> From: Aaron K. Moore >> To: MAILSCANNER@JISCMAIL.AC.UK >> Sent: Monday, November 07, 2005 9:01 AM >> Subject: Re: I can not seem to stop these emails... >> >> I'm running Matt Kettler's anti-drug rule set which is available >> from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using >> Rules Du Jour. >> It seems to catch most of them for me. >> >> -- >> Aaron Kent Moore >> Information Technology Services >> DeKalb Memorial Hospital, Inc. >> Auburn, IN >> E-mail: amoore@dekalbmemorial.com >> >> >> >> >> ________________________________ >> >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob >> Sent: Monday, November 07, 2005 8:46 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: [MAILSCANNER] I can not seem to stop these > emails... >> >> >> ... >> >> These darn Viagra emails.. >> >> They always come through as no spam... i get about 20 a day >> and so do my clients.... what do you guys do about this if the rules do >> not catch it.... >> >> Thanks.. >> >> >> >> Return-Path: >> X-Original-To: rob@thehostmasters.com >> Delivered-To: rob@thehostmasters.com >> Received: from danknapp.com (ip-85-160-10-61.eurotel.cz >> [85.160.10.61]) >> by stewy (Postfix) with SMTP id 6DF82BF4E >> for ; Sun, 6 Nov 2005 17:55:33 > -0500 >> (EST) >> Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> >> From: "Tzviya Fife" >> To: "Enola Kimbrough" >> Subject: Re: Marcuss cool info >> Date: Sun, 6 Nov 2005 17:56:40 -0500 >> MIME-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" >> X-Priority: 3 >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook Express 6.00.2800.1106 >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 >> X-Stewy-Dido-Internet-MailScanner: Found to be clean >> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, >> SpamAssassin (score=0.174, required 4, BAYES_50 0.00, >> HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) >> X-MailScanner-From: fif@danknapp.com >> >> This is a multi-part message in MIME format. >> >> ------=_NextPart_000_0001_01C5E2FB.7060FC00 >> Content-Type: text/plain; >> charset="us-ascii" >> Content-Transfer-Encoding: quoted-printable >> >> V C A X P V >> A I m a r I >> L A b n o A >> I L i a z G >> U I e x a R >> M S n c A >> $85,45 $99,95 $69,95 >> http://lemenartedahluleta.tripod.com >> >> >> >> >> Rob... >> http://www.stupidguytalk.org >> >> >> ------------------------ MailScanner list > -------------------- >> ---- >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the > words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki > (http://wiki.mailscanner.info/) >> and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the >> website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Nov 7 15:23:00 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > It appears that the SuSE init.d script somehow crept into the RedHat > distribution. > I have rebuilt the distributions and this problem appears to be fixed > now. > > Sorry about that folks, haven't a clue how it happened. It would only > have affected some MTA's and not others. Worst affected was Postfix. That be me. Anyway I selected the link to download and I'm getting requested URL Not Found. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Nov 7 15:24:16 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Julian Field wrote: >> It appears that the SuSE init.d script somehow crept into the RedHat >> distribution. >> I have rebuilt the distributions and this problem appears to be fixed >> now. >> >> Sorry about that folks, haven't a clue how it happened. It would only >> have affected some MTA's and not others. Worst affected was Postfix. > That be me. Anyway I selected the link to download and I'm getting > requested URL Not Found. Ooops. Too much coffee, selected wrong link. Nevermind. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 15:32:43 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Rob My RDJ TRUSTED sets are.. TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_RANDOM RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_BML SARE_URI0 SARE_URI1 SARE_URI3 SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST SARE_WHITELIST_SPF SARE_WHITELIST_RCVD ZMI_GERMAN"; I've also got pyzor, a couple RBL's and all the URI-RBLs turned in (including the black and grey). I ran SA to get these with the -p set to my spam.assassin.prefs.conf.. spamaassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 07 November 2005 15:10 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] I can not seem to stop these emails... > > Wow ok , so what am i doing wrong?? here are my rule sets i use.... > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG > SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; > > > P.S. How do you test that email with MS or SA, you run a command line > thingy > or something? > > > my results in my email headers were this... > > X-Stewy-Dido-Internet-MailScanner: Found to be clean > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, > SpamAssassin (score=0.174, required 4, BAYES_50 0.00, > HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) > X-MailScanner-From: harsccsxgqashleigh@infofin.com > > Thanks for your help.. > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Monday, November 07, 2005 10:00 AM > Subject: Re: I can not seem to stop these emails... > > > > Rob > > > > Results for 1... > > > > Content analysis details: (6.1 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- > > -------------------------------------------------- > > 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel > letters > > 0.0 HTML_MESSAGE BODY: HTML included in message > > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > > 0.9 FM_NO_STYLE FM_NO_STYLE > > > > > > And 2.. > > > > Content analysis details: (7.7 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- > > -------------------------------------------------- > > 0.0 HTML_MESSAGE BODY: HTML included in message > > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > > 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > > [Blocked - see > > ] > > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > > 0.9 FM_NO_STYLE FM_NO_STYLE > > > > > > Would have triggered my spamrules, but not my high spam.. > > > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Rob > >> Sent: 07 November 2005 14:47 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: [MAILSCANNER] I can not seem to stop these emails... > >> > >> Right i have that, although it seems to be over a year old.... . These > >> emails are kind of new with respect to how they are made... the word > >> Viagra is not in the email at all so i guess that rule will not work, > >> although Viagra does show in the email when its viewed... > >> > >> you can see 2 examples of the emails here... > >> > >> http://www.dido.ca/spam/drug.txt > >> > >> Thanks... > >> > >> > >> > >> Rob Morin > >> Dido Internet Inc. > >> Montreal, Canada > >> 514-990-4444 > >> http://www.dido.ca > >> > >> > >> ----- Original Message ----- > >> From: Aaron K. Moore > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Sent: Monday, November 07, 2005 9:01 AM > >> Subject: Re: I can not seem to stop these emails... > >> > >> I'm running Matt Kettler's anti-drug rule set which is available > >> from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using > >> Rules Du Jour. > >> It seems to catch most of them for me. > >> > >> -- > >> Aaron Kent Moore > >> Information Technology Services > >> DeKalb Memorial Hospital, Inc. > >> Auburn, IN > >> E-mail: amoore@dekalbmemorial.com > >> > >> > >> > >> > >> ________________________________ > >> > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob > >> Sent: Monday, November 07, 2005 8:46 AM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: [MAILSCANNER] I can not seem to stop these > > emails... > >> > >> > >> ... > >> > >> These darn Viagra emails.. > >> > >> They always come through as no spam... i get about 20 a day > >> and so do my clients.... what do you guys do about this if the rules do > >> not catch it.... > >> > >> Thanks.. > >> > >> > >> > >> Return-Path: > >> X-Original-To: rob@thehostmasters.com > >> Delivered-To: rob@thehostmasters.com > >> Received: from danknapp.com (ip-85-160-10-61.eurotel.cz > >> [85.160.10.61]) > >> by stewy (Postfix) with SMTP id 6DF82BF4E > >> for ; Sun, 6 Nov 2005 17:55:33 > > -0500 > >> (EST) > >> Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> > >> From: "Tzviya Fife" > >> To: "Enola Kimbrough" > >> Subject: Re: Marcuss cool info > >> Date: Sun, 6 Nov 2005 17:56:40 -0500 > >> MIME-Version: 1.0 > >> Content-Type: multipart/alternative; > >> boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" > >> X-Priority: 3 > >> X-MSMail-Priority: Normal > >> X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > >> X-Stewy-Dido-Internet-MailScanner: Found to be clean > >> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, > >> SpamAssassin (score=0.174, required 4, BAYES_50 0.00, > >> HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) > >> X-MailScanner-From: fif@danknapp.com > >> > >> This is a multi-part message in MIME format. > >> > >> ------=_NextPart_000_0001_01C5E2FB.7060FC00 > >> Content-Type: text/plain; > >> charset="us-ascii" > >> Content-Transfer-Encoding: quoted-printable > >> > >> V C A X P V > >> A I m a r I > >> L A b n o A > >> I L i a z G > >> U I e x a R > >> M S n c A > >> $85,45 $99,95 $69,95 > >> http://lemenartedahluleta.tripod.com > >> > >> > >> > >> > >> Rob... > >> http://www.stupidguytalk.org > >> > >> > >> ------------------------ MailScanner list > > -------------------- > >> ---- > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the > > words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki > > (http://wiki.mailscanner.info/) > >> and the archives > >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the > >> website! > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Mon Nov 7 15:35:17 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: Hi Julian, Is this on the download site yet as I am still seeing the problem? The version I am downloading/using is:- 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz Thanks Hywel > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 07 November 2005 14:54 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Start up script problem 4.47 - summary > > It appears that the SuSE init.d script somehow crept into the > RedHat distribution. > I have rebuilt the distributions and this problem appears to > be fixed now. > > Sorry about that folks, haven't a clue how it happened. It > would only have affected some MTA's and not others. Worst > affected was Postfix. > > Pete Russell wrote: > > > Hi Julian, a Summary as requested. > > > > Julian Field wrote: > > > >> Can someone give me a summary of this problem please? > > > > RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 > > > > Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link > > from your site, all steps appeard to work as expected. > > > > Go to run MS for the first time and get lots of nasty output at the > > console and no MTA and no MS. > > > > Nerijus is having the same issue on FC4. > > > > Out from service start command immedietly after upgrade is; > > > > [root@mail01 en]# service MailScanner start > > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > > directory > > /etc/init.d/MailScanner: line 109: rc_reset: command not found > > Initializing incoming postfix Initializing outgoing postfix > > /etc/init.d/MailScanner: line 93: rc_status: command not found > > /etc/init.d/MailScanner: line 105: rc_status: command not found > > Initializing MailScanner/etc/init.d/MailScanner: line 128: > startproc: > > command not found > > > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > > [root@mail01 en]# service MailScanner start > > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > > directory > > /etc/init.d/MailScanner: line 109: rc_reset: command not found > > Initializing incoming postfix Initializing outgoing postfix > > /etc/init.d/MailScanner: line 93: rc_status: command not found > > /etc/init.d/MailScanner: line 105: rc_status: command not found > > Initializing MailScanner/etc/init.d/MailScanner: line 128: > startproc: > > command not found > > > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > > > ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Nov 7 15:44:01 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hywel Burris wrote: > Hi Julian, > > Is this on the download site yet as I am still seeing the problem? The > version I am downloading/using is:- > > 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz > > Thanks > > Hywel > Same here. I've downloaded twice and installed it twice more to be sure. But I'm still getting the same error. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Mon Nov 7 15:48:48 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 15:35:17 -0000 Hywel Burris wrote: > Is this on the download site yet as I am still seeing the problem? The > version I am downloading/using is:- > > 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz Until Julian fixes download page, just replace -1 with -2 and you'll get corrected file. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 15:59:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: All Looks the SOA record for mailscanner.info it weird and therefore causing fun. Julian's been notified and I guess will attend to it ASAP. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ed Bruce > Sent: 07 November 2005 15:44 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Start up script problem 4.47 - summary > > Hywel Burris wrote: > > Hi Julian, > > > > Is this on the download site yet as I am still seeing the problem? The > > version I am downloading/using is:- > > > > 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz > > > > Thanks > > > > Hywel > > > Same here. I've downloaded twice and installed it twice more to be sure. > But I'm still getting the same error. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 7 16:07:25 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... (antidrug.cf obsolete) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Right i have that, although it seems to be over a year old.... . That's correct, I've not updated antidrug.cf in a long time. Really, antidrug.cf is only for users of SA older than 3.0.0. If you've got 3.0.x or 3.1.x you don't need antidrug.cf, as it's now a built-in ruleset. In fact, if you have 3.0.0 or newer, you REALLY should NOT be using antidrug.cf, as if the SA devs make any improvements, you'll be covering them up with old rules. These > emails are kind of new with respect to how they are made... the word > Viagra is not in the email at all so i guess that rule will not work, > although Viagra does show in the email when its viewed... > > you can see 2 examples of the emails here... > > http://www.dido.ca/spam/drug.txt Yes, that's a newer variant that antidrug's techniques don't cover. It's yet another "table obfuscation" spam. SARE's "specific" ruleset covers these somewhat, but not this particular email. Razor, dcc, pyzor, etc are good measures against these, as is good bayes training. As for your example, here's the results I get out of SA 3.1.0 + razor +dcc -------------------------------------------------------- Content analysis details: (13.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [70.49.221.195 listed in dnsbl.sorbs.net] 0.8 DIGEST_MULTIPLE Message hits more than one network digest check 0.0 UPPERCASE_25_50 message body is 25-50% uppercase ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 16:13:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, you should be downloading 4.47.4-2 and not -1. Hywel Burris wrote: >Hi Julian, > >Is this on the download site yet as I am still seeing the problem? The >version I am downloading/using is:- > >4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz > >Thanks > >Hywel > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 07 November 2005 14:54 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Start up script problem 4.47 - summary >> >>It appears that the SuSE init.d script somehow crept into the >>RedHat distribution. >>I have rebuilt the distributions and this problem appears to >>be fixed now. >> >>Sorry about that folks, haven't a clue how it happened. It >>would only have affected some MTA's and not others. Worst >>affected was Postfix. >> >>Pete Russell wrote: >> >> >> >>>Hi Julian, a Summary as requested. >>> >>>Julian Field wrote: >>> >>> >>> >>>>Can someone give me a summary of this problem please? >>>> >>>> >>>RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 >>> >>>Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link >>>from your site, all steps appeard to work as expected. >>> >>>Go to run MS for the first time and get lots of nasty output at the >>>console and no MTA and no MS. >>> >>>Nerijus is having the same issue on FC4. >>> >>>Out from service start command immedietly after upgrade is; >>> >>>[root@mail01 en]# service MailScanner start >>>/etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or >>>directory >>>/etc/init.d/MailScanner: line 109: rc_reset: command not found >>>Initializing incoming postfix Initializing outgoing postfix >>>/etc/init.d/MailScanner: line 93: rc_status: command not found >>>/etc/init.d/MailScanner: line 105: rc_status: command not found >>>Initializing MailScanner/etc/init.d/MailScanner: line 128: >>> >>> >>startproc: >> >> >>>command not found >>> >>>/etc/init.d/MailScanner: line 209: rc_exit: command not found >>>[root@mail01 en]# service MailScanner start >>>/etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or >>>directory >>>/etc/init.d/MailScanner: line 109: rc_reset: command not found >>>Initializing incoming postfix Initializing outgoing postfix >>>/etc/init.d/MailScanner: line 93: rc_status: command not found >>>/etc/init.d/MailScanner: line 105: rc_status: command not found >>>Initializing MailScanner/etc/init.d/MailScanner: line 128: >>> >>> >>startproc: >> >> >>>command not found >>> >>>/etc/init.d/MailScanner: line 209: rc_exit: command not found >>> >>> >>> > >************************************************************************ >This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. > >Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 16:16:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Hywel Burris wrote: > >> Hi Julian, >> >> Is this on the download site yet as I am still seeing the problem? The >> version I am downloading/using is:- >> >> 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz >> >> Thanks >> >> Hywel >> > > Same here. I've downloaded twice and installed it twice more to be > sure. But I'm still getting the same error. Somehow the new web pages didn't get pushed out to the website. The site now lists 4.47.4-2 which is what you should download. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 16:32:26 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > These darn Viagra emails.. > > They always come through as no spam... i get about 20 a day and so do > my clients.... what do you guys do about this if the rules do not catch > it.... My rules pick them up it seems: PROLO_LEO1 0.10, PROLO_LEO2 0.10, PROLO_LEO3 0.10, PROLO_LEO4 0.10 PROLO_LEO_M1 8.00, Have a look at the SARE 'specific' ruleset will be updated soon and then you will be able to stop them also. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 16:35:53 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > Wow ok , so what am i doing wrong?? here are my rule sets i use.... > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG SARE_ADULT > SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; > > > P.S. How do you test that email with MS or SA, you run a command line thingy > or something? Hmmm .... to stop this thread: PROLO_LEO1 0.10, PROLO_LEO2 0.10, PROLO_LEO3 0.10, PROLO_LEO4 0.10, PROLO_LEO_M1 8.00, # TEST FOR LEO CRAP body PROLO_LEO1 /\85\,45/ body PROLO_LEO2 /\69\,95/ body PROLO_LEO3 /\99\,95/ uri PROLO_LEO4 /http:\/\/.*tripod.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far Have fun, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 16:52:36 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... (antidrug.cf obsolete) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] i am using 3.04 i will remove antidrug right away... thanks Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Monday, November 07, 2005 11:07 AM Subject: Re: I can not seem to stop these emails... (antidrug.cf obsolete) > Rob wrote: >> Right i have that, although it seems to be over a year old.... . > > That's correct, I've not updated antidrug.cf in a long time. Really, > antidrug.cf > is only for users of SA older than 3.0.0. If you've got 3.0.x or 3.1.x you > don't > need antidrug.cf, as it's now a built-in ruleset. > > In fact, if you have 3.0.0 or newer, you REALLY should NOT be using > antidrug.cf, > as if the SA devs make any improvements, you'll be covering them up with > old rules. > > > These >> emails are kind of new with respect to how they are made... the word >> Viagra is not in the email at all so i guess that rule will not work, >> although Viagra does show in the email when its viewed... > > >> >> you can see 2 examples of the emails here... >> >> http://www.dido.ca/spam/drug.txt > > > Yes, that's a newer variant that antidrug's techniques don't cover. It's > yet > another "table obfuscation" spam. SARE's "specific" ruleset covers these > somewhat, but not this particular email. > > Razor, dcc, pyzor, etc are good measures against these, as is good bayes > training. > > As for your example, here's the results I get out of SA 3.1.0 + razor +dcc > > -------------------------------------------------------- > Content analysis details: (13.5 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters > 0.0 HTML_MESSAGE BODY: HTML included in message > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 1.0000] > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level > above 50% > [cf: 100] > 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 100] > 2.2 DCC_CHECK Listed in DCC > (http://rhyolite.com/anti-spam/dcc/) > 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > [70.49.221.195 listed in dnsbl.sorbs.net] > 0.8 DIGEST_MULTIPLE Message hits more than one network digest check > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 17:20:46 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey Raymond sorry to be a pain, but those rules, where do i put them, i did a simple copy and paste into 70_sare_specific and did a spamassassin --lint stewy:/etc/spamassassin# spamassassin --lint Illegal octal digit '8' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '8' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO3, line 1. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO3, line 1. Illegal octal digit '8' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO1, line 1. Illegal octal digit '8' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO1, line 1. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO2, line 1. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO2, line 1. And got errors, allthough i am not sure i did it correctly... Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Monday, November 07, 2005 11:35 AM Subject: Re: I can not seem to stop these emails... > Hi! > >> Wow ok , so what am i doing wrong?? here are my rule sets i use.... >> >> [ "${TRUSTED_RULESETS}" ] || \ >> TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG >> SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ >> SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF >> SARE_REDIRECT_POST300 \ >> BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; >> >> >> P.S. How do you test that email with MS or SA, you run a command line >> thingy or something? > > Hmmm .... to stop this thread: > > PROLO_LEO1 0.10, PROLO_LEO2 0.10, PROLO_LEO3 0.10, PROLO_LEO4 0.10, > PROLO_LEO_M1 8.00, > > # TEST FOR LEO CRAP > > body PROLO_LEO1 /\85\,45/ > body PROLO_LEO2 /\69\,95/ > body PROLO_LEO3 /\99\,95/ > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && > PROLO_LEO3 && PROLO_LEO4) > > score PROLO_LEO1 0.1 > score PROLO_LEO2 0.1 > score PROLO_LEO3 0.1 > score PROLO_LEO4 0.1 > score PROLO_LEO_M1 8 > > describe PROLO_LEO1 Meta Catches all Leo drug > variations so far > describe PROLO_LEO2 Meta Catches all Leo drug > variations so far > describe PROLO_LEO3 Meta Catches all Leo drug > variations so far > describe PROLO_LEO4 Meta to catch Leo now using Tripod > describe PROLO_LEO_M1 Catches all Leo drug variations so > far > > Have fun, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 17:34:25 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > Hey Raymond sorry to be a pain, but those rules, where do i put them, i did a > simple copy and paste into 70_sare_specific and did a Oh wait, thats true. I cutted out some irrelevant parts but forgot to escape it afterwards. Either try them like this: # TEST FOR LEO CRAP body PROLO_LEO1 /\$85\,45/ body PROLO_LEO2 /\$69\,95/ body PROLO_LEO3 /\$99\,95/ uri PROLO_LEO4 /http:\/\/.*tripod.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far or # TEST FOR LEO CRAP body PROLO_LEO1 /85\,45/ body PROLO_LEO2 /69\,95/ body PROLO_LEO3 /99\,95/ uri PROLO_LEO4 /http:\/\/.*tripod.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Mon Nov 7 17:44:16 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hmmm, still not right: uri PROLO_LEO4 /http:\/\/.*tripod.com/ should be uri PROLO_LEO4 /http:\/\/*\.tripod\.com/ Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn > Sent: 07 November 2005 17:34 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I can not seem to stop these emails... > > Hi! > > > Hey Raymond sorry to be a pain, but those rules, where do i > put them, > > i did a simple copy and paste into 70_sare_specific and did a > > Oh wait, thats true. I cutted out some irrelevant parts but > forgot to escape it afterwards. > > Either try them like this: > > # TEST FOR LEO CRAP > > body PROLO_LEO1 /\$85\,45/ > body PROLO_LEO2 /\$69\,95/ > body PROLO_LEO3 /\$99\,95/ > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > meta PROLO_LEO_M1 (PROLO_LEO1 && > PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) > > score PROLO_LEO1 0.1 > score PROLO_LEO2 0.1 > score PROLO_LEO3 0.1 > score PROLO_LEO4 0.1 > score PROLO_LEO_M1 8 > > describe PROLO_LEO1 Meta Catches all Leo > drug variations so far > describe PROLO_LEO2 Meta Catches all Leo > drug variations so far > describe PROLO_LEO3 Meta Catches all Leo > drug variations so far > describe PROLO_LEO4 Meta to catch Leo now > using Tripod > describe PROLO_LEO_M1 Catches all Leo drug > variations so far > > or > > # TEST FOR LEO CRAP > > body PROLO_LEO1 /85\,45/ > body PROLO_LEO2 /69\,95/ > body PROLO_LEO3 /99\,95/ > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > meta PROLO_LEO_M1 (PROLO_LEO1 && > PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) > > score PROLO_LEO1 0.1 > score PROLO_LEO2 0.1 > score PROLO_LEO3 0.1 > score PROLO_LEO4 0.1 > score PROLO_LEO_M1 8 > > describe PROLO_LEO1 Meta Catches all Leo > drug variations so far > describe PROLO_LEO2 Meta Catches all Leo > drug variations so far > describe PROLO_LEO3 Meta Catches all Leo > drug variations so far > describe PROLO_LEO4 Meta to catch Leo now > using Tripod > describe PROLO_LEO_M1 Catches all Leo drug > variations so far > > Bye, > Raymond. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 17:49:24 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > > should be > > uri PROLO_LEO4 /http:\/\/*\.tripod\.com/ Feel free to alter whatever you like ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 20:45:20 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First off thanks to all for helping me out in the last few days on this list i really appreciate it... No i have another strange problem... MS seems to silently die, and mail keeps coming in but not being delivered.... Nothing in the logs other than the below... Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... When i run the /usr/sbin/check_mailscaner it says stewy:/var/log# /usr/sbin/check_mailscanner MailScanner running with pid 8146 8147 But when i watch the logs via tail -f i do not see any Mailscanner activity until i restart by /etc/init.d/mailscanner restart I am using MS 4.41.3-2 with postfix on debian 3.1 Any ideas? Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 20:53:22 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: Monday, November 07, 2005 3:45 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Its not ny day for mailscanner > > First off thanks to all for helping me out in the last few days on this > list i really appreciate it... > > No i have another strange problem... > > MS seems to silently die, and mail keeps coming in but not being > delivered.... > > Nothing in the logs other than the below... > > Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > > When i run the /usr/sbin/check_mailscaner it says > > stewy:/var/log# /usr/sbin/check_mailscanner > MailScanner running with pid 8146 8147 > > > But when i watch the logs via tail -f i do not see any Mailscanner > activity until i restart by /etc/init.d/mailscanner restart > > I am using MS 4.41.3-2 with postfix on debian 3.1 > > Any ideas? > > Rob... > http://www.stupidguytalk.org To make the error a little noisier, in MailScanner.conf please set: Debug = no Debug SpamAssassin = no Then stop and then start MailScanner from the command line. Watch the screen output. The reason for MailScanner dying should appear. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Nov 7 20:56:11 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob spake the following on 11/7/2005 6:47 AM: > Right i have that, although it seems to be over a year old.... . These > emails are kind of new with respect to how they are made... the word > Viagra is not in the email at all so i guess that rule will not work, > although Viagra does show in the email when its viewed... > > you can see 2 examples of the emails here... > > http://www.dido.ca/spam/drug.txt > > Thanks... The first one shows up in DCC, Pyzor and Razor, and scores ; 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 HTML_MESSAGE BODY: HTML included in message 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [70.49.221.195 listed in dnsbl.sorbs.net] 0.2 DIGEST_MULTIPLE Message hits more than one network digest check 0.0 UPPERCASE_25_50 message body is 25-50% uppercase -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Mon Nov 7 21:01:00 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:09 2006 Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? Message-ID: I have installed FreeBSD 5.4 and latest port of MailScanner that bundles SpamAssassin 3.1. I am using sendmail to intercept all incoming/outgoing mail. In order to determine if MailScanner and Spam Assassin are working, which log files should I monitor? I normally monitor all incoming/outgoing mail from /var/log/maillog. What other log files should I look at??? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Mon Nov 7 21:14:50 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:09 2006 Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? Message-ID: On 7 Nov 2005, at 21:01, Marc Dufresne wrote: > I have installed FreeBSD 5.4 and latest port of MailScanner that > bundles > SpamAssassin 3.1. I am using sendmail to intercept all incoming/ > outgoing > mail. > > In order to determine if MailScanner and Spam Assassin are working, > which log files should I monitor? I normally monitor all > incoming/outgoing mail from /var/log/maillog. What other log files > should I look at??? Assuming you have left MailScanner.conf's logging options as the default then /var/log/maillog is all you have t look at. Don't forget that under FreeBSD you need to start MailScanner some thing like '/ usr/local/etc/rc.d/mailscanner.sh start' it doesn't start with your MTA. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Nov 7 21:19:44 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, me again ;-) I have just setup my new MS box ( replacing the one I had under my desk at home with one in a hosted facility) I have set one of my test domains to point to the new IP and when I send mail I get the following error. reject=553 5.1.8 ... Domain of sender address Lance.Haig@domain.com does not exist. Where is MS checking this? I know he address exists that I am sending from as it is my work address and we do not get mail stopped by other scanners. have I enabled something that is killing mail like this? I would appreciate any help. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 21:16:45 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I forget on FreeBSD but either way tail -f the maillog or mail.log whatever you have and send yourself the eicar virus, a test virus that is for testing... you can get it hear, just copy and paste into an email http://www.eicar.org/anti_virus_test_file.htm you should see in the log file MailScanner detecting this virus and so on..... and we can go form there... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Marc Dufresne" To: Sent: Monday, November 07, 2005 4:01 PM Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? >I have installed FreeBSD 5.4 and latest port of MailScanner that bundles > SpamAssassin 3.1. I am using sendmail to intercept all incoming/outgoing > mail. > > In order to determine if MailScanner and Spam Assassin are working, > which log files should I monitor? I normally monitor all > incoming/outgoing mail from /var/log/maillog. What other log files > should I look at??? > > > > > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 7 21:30:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi, > > me again ;-) > > I have just setup my new MS box ( replacing the one I had under my desk > at home with one in a hosted facility) > > I have set one of my test domains to point to the new IP and when I send > mail I get the following error. > > reject=553 5.1.8 ... Domain of sender address > Lance.Haig@domain.com does not exist. > > Where is MS checking this? It's not that's Sendmail.. Mailscanner CANNOT reject mail during the SMTP session due it it's design, therefore anything related to SMTP 4xx and 5xx error codes can not involve MailScanner. look up the accept_unresolvable_domains feature in your sendmail.mc.. by default Sendmail will not accept mail with an unresolvable return path unless this is enabled. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 21:29:59 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Monday, November 07, 2005 4:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: email being rejjjcted fro unknown domains > > Hi, > > me again ;-) > > I have just setup my new MS box ( replacing the one I had under my desk > at home with one in a hosted facility) > > I have set one of my test domains to point to the new IP and when I send > mail I get the following error. > > reject=553 5.1.8 ... Domain of sender address > Lance.Haig@domain.com does not exist. > > Where is MS checking this? I know he address exists that I am sending > from as it is my work address and we do not get mail stopped by other > scanners. > > have I enabled something that is killing mail like this? > > I would appreciate any help. > > Thanks > > Lance This is normal. You should see some lines like the ones below in you sendmail ".mc" file: dnl # We strongly recommend not accepting unresolvable domains if you want dnl # to protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl But this is the typical configuration on most gateways and you probably do to want to accept email from un-resolvable domains. If you really want to turn this off change the line to: dnl FEATURE(`accept_unresolvable_domains')dnl And use m4 to rebuild your .cf from the .mc file. Then restart sendmail. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Nov 7 22:09:02 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just to put thoings staight, Thanks for the help you two but it was my own stupidity. I forgot to add the DNS servers to the server so it could not compare the addresses. After doing that the mail was recieved just fine. So sorry for waisting yours. Just noticed that my mail log has the following error in it. dccproc[number] : open/dcc/map: No Such File exists. Looked in the dcc directory and can't find my map file. is there an easy way to rebuild it? or should I go asking on the dcc support area? Thanks again Lance Lance Haig wrote: > Hi, > > me again ;-) > > I have just setup my new MS box ( replacing the one I had under my > desk at home with one in a hosted facility) > > I have set one of my test domains to point to the new IP and when I > send mail I get the following error. > > reject=553 5.1.8 ... Domain of sender address > Lance.Haig@domain.com does not exist. > > Where is MS checking this? I know he address exists that I am sending > from as it is my work address and we do not get mail stopped by other > scanners. > > have I enabled something that is killing mail like this? > > I would appreciate any help. > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Nov 7 21:59:45 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Rob >> Sent: Monday, November 07, 2005 3:45 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Its not ny day for mailscanner >> >> First off thanks to all for helping me out in the last few days on this >> list i really appreciate it... >> >> No i have another strange problem... >> >> MS seems to silently die, and mail keeps coming in but not being >> delivered.... >> >> Nothing in the logs other than the below... >> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> >> When i run the /usr/sbin/check_mailscaner it says >> >> stewy:/var/log# /usr/sbin/check_mailscanner >> MailScanner running with pid 8146 8147 >> >> >> But when i watch the logs via tail -f i do not see any Mailscanner >> activity until i restart by /etc/init.d/mailscanner restart >> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >> >> Any ideas? >> >> Rob... >> http://www.stupidguytalk.org > > To make the error a little noisier, in MailScanner.conf please set: > > Debug = no > Debug SpamAssassin = no > > Then stop and then start MailScanner from the command line. Watch the screen > output. The reason for MailScanner dying should appear. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > I'd say yes, Steve, not no :) Debug = yes Debug SpamAssassin = yes -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 22:49:56 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Monday, November 07, 2005 5:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: email being rejjjcted fro unknown domains > > Just to put thoings staight, > > Thanks for the help you two but it was my own stupidity. > > I forgot to add the DNS servers to the server so it could not compare > the addresses. > > After doing that the mail was recieved just fine. > > So sorry for waisting yours. > > Just noticed that my mail log has the following error in it. > dccproc[number] : open/dcc/map: No Such File exists. > > Looked in the dcc directory and can't find my map file. > > is there an easy way to rebuild it? or should I go asking on the dcc > support area? > > Thanks again > > Lance > This should be installed by default. It typically resides in: /var/dcc/map Check the permissions. They should be: -rw------- 1 root root 4480 Jul 17 21:13 /var/dcc/map Probably just reinstall DCC would bethe quickest way to fix. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 22:51:25 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Monday, November 07, 2005 5:00 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Its not ny day for mailscanner > > Stephen Swaney wrote: > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Rob > >> Sent: Monday, November 07, 2005 3:45 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Its not ny day for mailscanner > >> > >> First off thanks to all for helping me out in the last few days on this > >> list i really appreciate it... > >> > >> No i have another strange problem... > >> > >> MS seems to silently die, and mail keeps coming in but not being > >> delivered.... > >> > >> Nothing in the logs other than the below... > >> > >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> > >> When i run the /usr/sbin/check_mailscaner it says > >> > >> stewy:/var/log# /usr/sbin/check_mailscanner > >> MailScanner running with pid 8146 8147 > >> > >> > >> But when i watch the logs via tail -f i do not see any Mailscanner > >> activity until i restart by /etc/init.d/mailscanner restart > >> > >> I am using MS 4.41.3-2 with postfix on debian 3.1 > >> > >> Any ideas? > >> > >> Rob... > >> http://www.stupidguytalk.org > > > > To make the error a little noisier, in MailScanner.conf please set: > > > > Debug = no > > Debug SpamAssassin = no > > > > Then stop and then start MailScanner from the command line. Watch the > screen > > output. The reason for MailScanner dying should appear. > > > > Steve > > > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > I'd say yes, Steve, not no :) > > Debug = yes > Debug SpamAssassin = yes > > -- > Ugo Of course, Silly me. Thanks Ugo! Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Nov 8 10:09:41 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:31:09 2006 Subject: Spam learning Message-ID: Hi! I'm using spam learning but to my opinion the yield from bayes is too limited. I have several mail addresses published on websites to attract lotso spam :) and the mail to these adresses is re-routed to a local user on the box. Should I white list all e-mail to this address to prevent spam checking? Or doesn't it matter? I guess I should also not do any virusscanning on it to prevent harmful html code from being cleaned thereby rendering the spam filter less effective? Ideas anyone? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Nov 8 10:33:37 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, still back from holiday, deadline for sa 3.1 upgrade comes closer and the knowledge baby is down ? or moved ? http://wiki.mailscanner.info/ Name Error: The domain name does not exist. is see no new link on the ms base page. greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 8 11:23:37 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 8, 2005 10:33, Dörfler Andreas wrote: > hi there, > > still back from holiday, deadline for sa 3.1 upgrade comes closer > and the knowledge baby is down ? or moved ? Yes, down. One of the technology units at Southampton sadly suffered a fire ( http://news.bbc.co.uk/1/hi/england/hampshire/4390048.stm ) and knocked out connectivity to all the MailScanner sites. With a load of help from Blacknight www.mailscanner.info is back up and running but the wiki hasn't yet been recovered (Julian has just one or two more pressing things to do, like clearing up and restoring what they can). Post to the list and we will do what we can to help. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Tue Nov 8 13:24:04 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:09 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 05/11/05, Mike wrote: > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Julian Field > > > > Please can other people confirm that this new suggested location is > the > > best place to use. > > The original (download.nai.com) still works, there's no problem > whatsoever and has never been over the last few months/years. Search the list and you'll see that there has been a number (read: at least two:-) of occasions where McAfee has goofed and not updated update.nai.com, but *has* updated speedownload.nai.com (where one usually downloads from anyway (redirs). I do agree though, that moving back to the bad old ftp mirrors would be a step in the wrong direction. They've got an even worse track record with those... Sloppiness like different file sets depending on which mirror you hit, leftover crud etc etc. Sigh. Ages ago I implemented my own DL thing (for another system...) that use the CommonUpdater thing and which use the Replica.log files of that beast (counting files, checking sizes and calculating SHA1-hashes... Going towards that might be interesting, but not switching to an arbitrary ftp mirror. > > IMHO http is preferred over ftp, due to easier securing/firewalling > issues. If however ftp is used, the mentioned url is fine for sites in > Europe. The ftp sites in the US use ftp.nai.com. It may even be the case > thay DNS replies for ftp.nai.com are now automatically pointing to the > nearest ftp repositories (think I read this somewhere). Last I checked it behaves more like a RR thing. I don't check that aspect that often though:-). > > Regards, > Mike. > > > Dj Ajos1 wrote: > > > > >Urgent update... as lots of people's mcafee systems will be out of > date > > (I think it has been wrong for months)! > > > > > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > > > > > >The line/entry... > > > > > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > > > > > >Does not work any more... > > > > > >But this one does! > > > > > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > > > > > >Thanks in advance... > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Nov 8 14:26:07 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:31:09 2006 Subject: Odd error in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, Over the past two weeks or so, after an update to almost the latest ( have not installed the very last release yet ) I have started to see the following in my log reports: Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks like a filename. If this is a ruleset filename, it must end in .rule or .rules : 16 Time(s) This is odd because my rules file is named properly and in the right place. Can anyone shed some light on this? My box is a CentOS4 box, sendmail and the following: This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.46.2 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Tue Nov 8 14:41:47 2005 From: Dave (Dave) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, Nov 08, 2005 at 11:33:37AM +0100, Dörfler Andreas wrote: > hi there, > > still back from holiday, deadline for sa 3.1 upgrade comes closer > and the knowledge baby is down ? or moved ? > > > http://wiki.mailscanner.info/ > > Name Error: The domain name does not exist. > > > is see no new link on the ms base page. > There was a nasty fire in Southampton. > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Tue Nov 8 15:14:23 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:09 2006 Subject: Basic Sendmail question Message-ID: This is what I had to modify in my sendmail.cf file on FreeBSD 5.4: Search "sendmail.cf" for: #SMTP daemon options O DaemonPortOptions=Name=IPv4, Family=inet, addr= i.e. O DaemonPortOptions=Name=IPv4, Family=inet, addr=24.34.56.23 Restart sendmail. You should see it listen on the correct IP. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lhaig@HAIGMAIL.COM 11/5/2005 7:41 AM >>> Hi, My sendmail system will not accept mail from anything other than localhost. I have tried to telnet onto port 25 from a workstation and it does not connact but if I try from the server it does. What have I missed? Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From dh at UPTIME.AT Tue Nov 8 15:16:27 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:31:09 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > This is what I had to modify in my sendmail.cf file on FreeBSD 5.4: > > Search "sendmail.cf" for: > > #SMTP daemon options > O DaemonPortOptions=Name=IPv4, Family=inet, addr= to listen on> > > i.e. > > O DaemonPortOptions=Name=IPv4, Family=inet, addr=24.34.56.23 > > Restart sendmail. You should see it listen on the correct IP. > Please NEVER EVER modify your *.cf files. Modify the *.mc files and generate the *.cf files using your m4 interpreter. You will end up in chaos if you to know follow this path with sendmail :) -d ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 8 15:10:52 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:09 2006 Subject: Spam learning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Remco Barendse wrote: > Hi! > > I'm using spam learning but to my opinion the yield from bayes is too > limited. > > I have several mail addresses published on websites to attract lotso > spam :) and the mail to these adresses is re-routed to a local user on > the box. > > Should I white list all e-mail to this address to prevent spam checking? > Or doesn't it matter? Easier to keep it on, it will auto-learn this way. > > I guess I should also not do any virusscanning on it to prevent harmful > html code from being cleaned thereby rendering the spam filter less > effective? That is a good idea. Just make sure no one has access to this mailbox... > > Ideas anyone? > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 8 17:32:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dörfler Andreas spake the following on 11/8/2005 2:33 AM: > hi there, > > still back from holiday, deadline for sa 3.1 upgrade comes closer > and the knowledge baby is down ? or moved ? > > > http://wiki.mailscanner.info/ > > Name Error: The domain name does not exist. > > > is see no new link on the ms base page. > > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > Working as of 16:30 GMT At least from USA -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Tue Nov 8 19:10:44 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:31:09 2006 Subject: Odd error in logs Message-ID: On Tue, Nov 08, 2005 at 09:26:07AM -0500, Dave Filchak wrote: > Hello all, > > Over the past two weeks or so, after an update to almost the latest ( > have not installed the very last release yet ) I have started to see the > following in my log reports: > > Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks > like a filename. If this is a ruleset filename, it must end in .rule or > .rules : 16 Time(s) > > This is odd because my rules file is named properly and in the right > place. Can anyone shed some light on this? Not sure that I can, but I'll try ... The relevant code reads something like: $actions = MailScanner::Config::Value(CONFIG_OPTION, $this); (where CONFIG_OPTION is one of hamactions highscorespamactions spamactions) . . . @actions = split(" ", $actions); return unless @actions; # If they have just specified a filename, then something is wrong if ($#actions==0 && $actions[0] =~ /\//) { MailScanner::Log::WarnLog('Your spam actions "%s" looks like a filename.' . ' If this is a ruleset filename, it must end in .rule or .rules', $actions[0]); $actions[0] = 'deliver'; } So my wild guess is that Config::Value returns something like '/etc/mailscanner/rules/spamoptions.rules' (when what you wanted returned was inside there) At which point I'm wondering: grep -i ^[^#]*actions MailScanner.conf An example of ruleset configuration might look like: Virus Scanning = %rules-dir%/Virus.Scanning.rules I even wonder whether you have a '/etc/mailscanner/' instead of '/etc/Mailscanner/' ? If its failing to load you might see WarnLog("Cannot open filename-rules file %s, skipping" I get kind of dizzy when I grep "\$isrules =" Config.pm But that's all I got right now. Any help ? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Tue Nov 8 19:16:09 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:31:09 2006 Subject: Odd error in logs Message-ID: On Tue, Nov 08, 2005 at 07:10:44PM +0000, paddy wrote: > > I even wonder whether you have a '/etc/mailscanner/' instead of '/etc/Mailscanner/' ? See how easy it is to do :) of course, I mean MailScanner ^ ^ Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 20:28:54 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: Is it possible to skip the Max Attachments check at the user level? Either I can't get the syntax right for the rule file or it's not possible. This is what I put in the file: From: user@mydomain.com no FromOrTo: default yes Also, are there supposed to be spaces or tabs in between each field? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Tue Nov 8 20:35:27 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ok so after doing this it scanned one message and gave me what seemed to be a normal output.... but i can not site at the consol all day running it in debug mode and restarting each time?? any other things i should look at.... BTW when i say die, it looks like its dead, as i see mailscanner processes in a ps but in the log file i see no mailscanner stuff running... could it be because recently i added RBLs and razor? Thanks... Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the phishing whitelist Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin auto-whitelist functionality... Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = flock Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, 22625 bytes Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 messages Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 found in SBL+XBL Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is spam, SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam messages Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message 51791BF61.03596 actions are delete Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: Starting Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav Nov 8 15:27:37 stewy MailScanner[670]: tag found in message 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to A53A5BF4C Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: from=, size=20795, nrcpt=1 (queue active) Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old age Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Stephen Swaney" To: Sent: Monday, November 07, 2005 5:51 PM Subject: Re: Its not ny day for mailscanner >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Ugo Bellavance >> Sent: Monday, November 07, 2005 5:00 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Its not ny day for mailscanner >> >> Stephen Swaney wrote: >> >> -----Original Message----- >> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> Behalf Of Rob >> >> Sent: Monday, November 07, 2005 3:45 PM >> >> To: MAILSCANNER@JISCMAIL.AC.UK >> >> Subject: Its not ny day for mailscanner >> >> >> >> First off thanks to all for helping me out in the last few days on >> >> this >> >> list i really appreciate it... >> >> >> >> No i have another strange problem... >> >> >> >> MS seems to silently die, and mail keeps coming in but not being >> >> delivered.... >> >> >> >> Nothing in the logs other than the below... >> >> >> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> >> >> When i run the /usr/sbin/check_mailscaner it says >> >> >> >> stewy:/var/log# /usr/sbin/check_mailscanner >> >> MailScanner running with pid 8146 8147 >> >> >> >> >> >> But when i watch the logs via tail -f i do not see any Mailscanner >> >> activity until i restart by /etc/init.d/mailscanner restart >> >> >> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >> >> >> >> Any ideas? >> >> >> >> Rob... >> >> http://www.stupidguytalk.org >> > >> > To make the error a little noisier, in MailScanner.conf please set: >> > >> > Debug = no >> > Debug SpamAssassin = no >> > >> > Then stop and then start MailScanner from the command line. Watch the >> screen >> > output. The reason for MailScanner dying should appear. >> > >> > Steve >> > >> > Stephen Swaney >> > Fort Systems Ltd. >> > stephen.swaney@fsl.com >> > www.fsl.com >> > >> >> I'd say yes, Steve, not no :) >> >> Debug = yes >> Debug SpamAssassin = yes >> >> -- >> Ugo > > Of course, Silly me. Thanks Ugo! > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Stephen Swaney" To: Sent: Monday, November 07, 2005 5:51 PM Subject: Re: Its not ny day for mailscanner >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Ugo Bellavance >> Sent: Monday, November 07, 2005 5:00 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Its not ny day for mailscanner >> >> Stephen Swaney wrote: >> >> -----Original Message----- >> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> Behalf Of Rob >> >> Sent: Monday, November 07, 2005 3:45 PM >> >> To: MAILSCANNER@JISCMAIL.AC.UK >> >> Subject: Its not ny day for mailscanner >> >> >> >> First off thanks to all for helping me out in the last few days on >> >> this >> >> list i really appreciate it... >> >> >> >> No i have another strange problem... >> >> >> >> MS seems to silently die, and mail keeps coming in but not being >> >> delivered.... >> >> >> >> Nothing in the logs other than the below... >> >> >> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> >> >> When i run the /usr/sbin/check_mailscaner it says >> >> >> >> stewy:/var/log# /usr/sbin/check_mailscanner >> >> MailScanner running with pid 8146 8147 >> >> >> >> >> >> But when i watch the logs via tail -f i do not see any Mailscanner >> >> activity until i restart by /etc/init.d/mailscanner restart >> >> >> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >> >> >> >> Any ideas? >> >> >> >> Rob... >> >> http://www.stupidguytalk.org >> > >> > To make the error a little noisier, in MailScanner.conf please set: >> > >> > Debug = no >> > Debug SpamAssassin = no >> > >> > Then stop and then start MailScanner from the command line. Watch the >> screen >> > output. The reason for MailScanner dying should appear. >> > >> > Steve >> > >> > Stephen Swaney >> > Fort Systems Ltd. >> > stephen.swaney@fsl.com >> > www.fsl.com >> > >> >> I'd say yes, Steve, not no :) >> >> Debug = yes >> Debug SpamAssassin = yes >> >> -- >> Ugo > > Of course, Silly me. Thanks Ugo! > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dan.farmer at PHONEDIR.COM Tue Nov 8 20:44:49 2005 From: dan.farmer at PHONEDIR.COM (Dan Farmer) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: On Nov 8, 2005, at 1:28 PM, Chris W. Parker wrote: > Is it possible to skip the Max Attachments check at the user level? > Either I can't get the syntax right for the rule file or it's not > possible. > > This is what I put in the file: > > From: user@mydomain.com no > FromOrTo: default yes I don't think that is a yes/no parameter - I think you want to use numbers for that one, and iirc 0 disables the check. Check the comments in MailScanner.conf or the MailScanner book for more info. try: From: user@mydomain.com 0 FromOrTo: default 200 dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Nov 8 20:47:04 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris W. Parker wrote: >Is it possible to skip the Max Attachments check at the user level? >Either I can't get the syntax right for the rule file or it's not >possible. > >This is what I put in the file: > >From: user@mydomain.com no >FromOrTo: default yes > >Also, are there supposed to be spaces or tabs in between each field? > > > Chris, You can use spaces OR tabs. If you want to set the Maximum Attachments Per Message, you do it this way: From: user@mydomain.com 5000 FromOrTo: default 200 If you want to set the Maximum Attachment Size, you do it this way: From: user@mydomain.com -1 FromOrTo: default 1000000 Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 20:49:57 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank YOU Julian. Will test with new package on Thursday. Julian Field wrote: > It appears that the SuSE init.d script somehow crept into the RedHat > distribution. > I have rebuilt the distributions and this problem appears to be fixed now. > > Sorry about that folks, haven't a clue how it happened. It would only > have affected some MTA's and not others. Worst affected was Postfix. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 20:59:01 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: Dan Farmer on Tuesday, November 08, 2005 12:45 PM said: > Check the > comments in MailScanner.conf or the MailScanner book for more info. Argh. Comments don't mention that (at least not immediately above Max Attachments). Thanks Dan and Dennis. Hopefully this will straighten things out! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 21:04:14 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:09 2006 Subject: Revisit: Emails with negative spam score Message-ID: Hello, Again I'm having issues with emails being marked as spam even though they end up having a negative score (sometimes as much as -10). Last time it was because emails were being found on spam lists but that is under control. This time the emails are not being found on any lists and on top of that the email address is whitelisted. The only thing I see in the logs that MailScanner might be flagging the email for is the following is an " tag" violation: Nov 3 13:58:42 localhost MailScanner[20826]: Message jA3LwZp6025097 from 66.94.237.36 (sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo. com) is whitelisted Nov 3 13:58:52 localhost MailScanner[20826]: tag found in message jA3LwZp6025097 from sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo.c om I searched the archives and Google and looked through MailScanner.conf but didn't find anything that made it apparent how I can solve this. Thanks! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 21:10:53 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin can you confirm that your ruleset list is accurate? Because i tried to use this list and found heaps of them claim no to exist. Is more wrok required than just adding these names to trusted rulesets? I am using sa3.1 Pete Martin Hepworth wrote: > Rob > > My RDJ TRUSTED sets are.. > > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_RANDOM > RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_BML SARE_URI0 SARE_URI1 SARE_URI3 > SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM > SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300 > SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST > SARE_WHITELIST_SPF SARE_WHITELIST_RCVD ZMI_GERMAN"; > > I've also got pyzor, a couple RBL's and all the URI-RBLs turned in > (including the black and grey). > > I ran SA to get these with the -p set to my spam.assassin.prefs.conf.. > > spamaassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 21:20:28 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would love to see from ruldujour config examples. I am now using SA 3.1 and unsure which of the SARE rules i should or shouldnt be using, and unsure which ones i can just add a name into TRUSTED_RULESETS or which ones i need to use a munge script for etc. WOuld anyone be kind enough to post a current, fully tested and working example of the ruledujour config file? Kind regards and many thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Tue Nov 8 22:11:11 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:31:09 2006 Subject: OT: leaving helper-app run mode Message-ID: Hi All, When I run a Lint I am getting some long times on leaving helper-app run mode this seems to be associated with razor, as if I disable it in spam.assassin.prefs it disapears. Has anyone else seen this or is 2-4 seconds the norm for this? [11441] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 0.0047 [11441] dbg: rules: running full-text regexp tests; score so far=0.738 0.00483 [11441] dbg: plugin: registering glue method for check_razor2_range (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00031 [11441] dbg: info: entering helper-app run mode 0.00059 [11441] dbg: info: leaving helper-app run mode 2.69093 [11441] dbg: razor2: part=0 engine=4 contested=0 confidence=0 0.00078 [11441] dbg: razor2: results: spam? 0 0.00019 [11441] dbg: razor2: results: engine 8, highest cf score: 0 0.00012 [11441] dbg: razor2: results: engine 4, highest cf score: 0 0.00015 [11441] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00023 Thanks in advance Hywel ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 22:44:25 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry for replying my pown post. I figured out i need to upgrade my ruledujour it was a little old. I hadd the following rulesets and now, immedietly after doing so sa --lint test take 40sec+ I am using a dual 3ghz/2GB ram machine. TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI SARE_BML SARE_OEM SARE_HEADER SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 SARE_WHITELIST SARE_WHITELIST_RCVD SARE_WHITELIST_SPF ZMI_GERMAN" The worst offenders in the mailwatch lint test results are [22908] dbg: eval: all '*To' addrs: 5.02445 [22908] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x98a1f34) implements 'finish_parsing_end' 26.05115 Any ideas on getting better performance, or is this part of using all these rules? Which woiuld be the best ones to drop to improve perfromance? Peter Russell wrote: > I would love to see from ruldujour config examples. I am now using SA > 3.1 and unsure which of the SARE rules i should or shouldnt be using, > and unsure which ones i can just add a name into TRUSTED_RULESETS or > which ones i need to use a munge script for etc. > > WOuld anyone be kind enough to post a current, fully tested and working > example of the ruledujour config file? > > Kind regards and many thanks > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 8 23:05:42 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:09 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Sorry for replying my pown post. > > I figured out i need to upgrade my ruledujour it was a little old. I > hadd the following rulesets and now, immedietly after doing so sa --lint > test take 40sec+ I am using a dual 3ghz/2GB ram machine. > > TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI SARE_BML SARE_OEM SARE_HEADER > SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS > SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB > SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 SARE_WHITELIST > SARE_WHITELIST_RCVD SARE_WHITELIST_SPF ZMI_GERMAN" > > > The worst offenders in the mailwatch lint test results are > [22908] dbg: eval: all '*To' addrs: 5.02445 > [22908] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x98a1f34) implements > 'finish_parsing_end' 26.05115 > > Any ideas on getting better performance, or is this part of using all > these rules? Which woiuld be the best ones to drop to improve perfromance? > It could be an effect of using all those rules, or it could be an effect of really slow DNS. Some quick checks: compare time spamassassin --lint to time spamassassin -L --lint If these are substantially different on the first shot, your problem is likely network test related. If repeated calls of the -L version are consistently slower than repeated calls of the non -L version, you have slow access to a DNS server and should consider a local caching DNS on the same box. If the two are the same, or close, but consistently high your problem lies in static rules. Try removing a few rulesets (note: you have to physically move them out of /etc/mail/spamassassin to disable them). I'd suggest looking at the size of the rulefiles and picking the largest ones as targets. For what it's worth I use the following SARE style rulesets: -rw-r--r-- 1 root root 31854 Sep 16 14:40 70_sare_adult.cf -rw-r--r-- 1 root root 24246 Sep 16 14:40 70_sare_evilnum0.cf -rw-r--r-- 1 root root 1574 Sep 16 14:40 70_sare_evilnum1.cf -rw-r--r-- 1 root root 45972 Oct 25 18:20 70_sare_genlsubj0.cf -rw-r--r-- 1 root root 51886 Oct 12 21:30 70_sare_obfu0.cf -rw-r--r-- 1 root root 17821 Oct 25 18:16 70_sare_random.cf -rw-r--r-- 1 root root 70262 Oct 25 18:15 70_sare_specific.cf -rw-r--r-- 1 root root 17879 Oct 12 21:33 70_sare_uri0.cf -rw-r--r-- 1 root root 1466 Sep 16 14:40 71_sare_adult_rescore.cf -rw-r--r-- 1 root root 57580 Sep 16 14:40 99_FVGT_Tripwire.cf -rw-r--r-- 1 root root 10231 Sep 16 14:40 99_sare_fraud_post25x.cf along with about 15 local rule files, most of which are about 1k, but one is 10k. My --lint times are about 8.5 sec. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 23:18:14 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:10 2006 Subject: Log line being cut off. Bug? Message-ID: Hello, I believe Julian said this was supposed to be fixed in the latest release of MailScanner v4.47.4 (which I am currently using) but I am still seeing the offending line. Nov 8 07:27:36 localhost MailScanner[5078]: Message jA8FRKic007809 from n.n.n.n (zvtv-0g4uk-eibjtb-h@d.d.d.d) to swatgear.com is The line gets cut off after the word "is". Any confirmations for a fix or the cause? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 23:49:33 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:10 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Matt. Like you said, i moved all the cf files out one at a time until i found the culprit. I found it was the blacklist and blacklist_uri rules sets causing the issues. Lint test is back down to less than 8sec. DNS is a win2k server that is under powered, over loaded and about to be decommissioned. But have always had heaps of issues settibng up a cache in this network, another time maybe. Thanks very much Pete Matt Kettler wrote: > Peter Russell wrote: > >>Sorry for replying my pown post. >> >>I figured out i need to upgrade my ruledujour it was a little old. I >>hadd the following rulesets and now, immedietly after doing so sa --lint >>test take 40sec+ I am using a dual 3ghz/2GB ram machine. >> >>TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 >>SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI SARE_BML SARE_OEM SARE_HEADER >>SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS >>SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB >>SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 SARE_WHITELIST >>SARE_WHITELIST_RCVD SARE_WHITELIST_SPF ZMI_GERMAN" >> >> >>The worst offenders in the mailwatch lint test results are >>[22908] dbg: eval: all '*To' addrs: 5.02445 >>[22908] dbg: plugin: >>Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x98a1f34) implements >>'finish_parsing_end' 26.05115 >> >>Any ideas on getting better performance, or is this part of using all >>these rules? Which woiuld be the best ones to drop to improve perfromance? >> > > > It could be an effect of using all those rules, or it could be an effect of > really slow DNS. > > Some quick checks: > > compare time spamassassin --lint to time spamassassin -L --lint > > If these are substantially different on the first shot, your problem is likely > network test related. > > If repeated calls of the -L version are consistently slower than repeated calls > of the non -L version, you have slow access to a DNS server and should consider > a local caching DNS on the same box. > > > If the two are the same, or close, but consistently high your problem lies in > static rules. Try removing a few rulesets (note: you have to physically move > them out of /etc/mail/spamassassin to disable them). I'd suggest looking at the > size of the rulefiles and picking the largest ones as targets. > > For what it's worth I use the following SARE style rulesets: > -rw-r--r-- 1 root root 31854 Sep 16 14:40 70_sare_adult.cf > -rw-r--r-- 1 root root 24246 Sep 16 14:40 70_sare_evilnum0.cf > -rw-r--r-- 1 root root 1574 Sep 16 14:40 70_sare_evilnum1.cf > -rw-r--r-- 1 root root 45972 Oct 25 18:20 70_sare_genlsubj0.cf > -rw-r--r-- 1 root root 51886 Oct 12 21:30 70_sare_obfu0.cf > -rw-r--r-- 1 root root 17821 Oct 25 18:16 70_sare_random.cf > -rw-r--r-- 1 root root 70262 Oct 25 18:15 70_sare_specific.cf > -rw-r--r-- 1 root root 17879 Oct 12 21:33 70_sare_uri0.cf > -rw-r--r-- 1 root root 1466 Sep 16 14:40 71_sare_adult_rescore.cf > -rw-r--r-- 1 root root 57580 Sep 16 14:40 99_FVGT_Tripwire.cf > -rw-r--r-- 1 root root 10231 Sep 16 14:40 99_sare_fraud_post25x.cf > > > along with about 15 local rule files, most of which are about 1k, but one is 10k. > > My --lint times are about 8.5 sec. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 8 23:57:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Thanks Matt. Like you said, i moved all the cf files out one at a time > until i found the culprit. I found it was the blacklist and > blacklist_uri rules sets causing the issues. Lint test is back down to > less than 8sec. > > DNS is a win2k server that is under powered, over loaded and about to be > decommissioned. But have always had heaps of issues settibng up a cache > in this network, another time maybe. Really?? it shouldn't be very hard.. With named all you need to do is set two global options, forward only and forwarders. You'll probably want to add a hint zone for . and a pair of zonefiles for localhost/127.0.0.1, but that's simple too. Your whole named.conf would look something akin to this: options { forward only; forwarders { 192.168.x.x;192.168.x.x; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; Poof.. done.. local caching named. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Wed Nov 9 00:30:16 2005 From: ajos1 at onion.demon.co.uk (Dj Ajos1) Date: Thu Jan 12 21:31:10 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: - I have done more research into this download.nai.com problem... it seems that most of the problems seem to be that the address does not resolve all of the time... not sure why... Sometimes it resolves as a single address... another time... lots of aliases... other times not at all. People are right that they can still get the files on the system (if your know the names)... even though you cannot browse the link. I have not had a single failure after changing to: ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x Not sure what the solution is... but I definitely recommend a change from http://download.nai.com/products/datfiles/4.x/nai to one of the others that has been mentioned. > > Dj Ajos1 wrote: > > > > >Urgent update... as lots of people's mcafee systems will be out of > date > > (I think it has been wrong for months)! > > > > > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > > > > > >The line/entry... > > > > > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > > > > > >Does not work any more... > > > > > >But this one does! > > > > > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > > > > > >Thanks in advance... == ===================================================================== = = "I tend to look off to the right and left when I indulge in linear = analysis." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Wed Nov 9 00:55:03 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:31:10 2006 Subject: FW: US-CERT Technical Cyber Security Alert TA05-312A -- Microsoft Windows Image Processing Vulnerabilities Message-ID: This could be a bit of an issue, I couldn't see it in the filename rules. To I added this # Microsoft Windows vulnerable to buffer overflow via specially crafted "WMF" file added HB 09/11/05 deny \.wmf$ Possible Microsoft Media vunerability Dangerous attachment according to Microsoft KB896424 More info here also http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx Hywel -----Original Message----- From: US-CERT Technical Alerts [mailto:technical-alerts@us-cert.gov] Sent: 09 November 2005 00:01 To: technical-alerts@us-cert.gov Subject: US-CERT Technical Cyber Security Alert TA05-312A -- Microsoft Windows Image Processing Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-312A Microsoft Windows Image Processing Vulnerabilities Original release date: November 08, 2005 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows 2000 * Microsoft Windows XP * Microsoft Windows Server 2003 For more complete information, refer to Microsoft Security Bulletin MS05-053. Overview Microsoft has released updates that address critical vulnerabilities in Windows graphics rendering services. A remote, unauthenticated attacker exploiting these vulnerabilities could execute arbitrary code or cause a denial of service on an affected system. I. Description The Microsoft Security Bulletin for November 2005 addresses multiple buffer overflows in Windows image processing routines. Viewing a specially crafted image from an application that uses a vulnerable routine may trigger these vulnerabilities. If this application can access images from remote sources, such as web sites or email, then remote exploitation is possible. Further information is available in the following US-CERT Vulnerability Notes: VU#300549 - Microsoft Windows Graphics Rendering Engine buffer overflow vulnerability Microsoft Windows Graphics Rendering Engine contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2005-2123) VU#433341 - Microsoft Windows vulnerable to buffer overflow via specially crafted "WMF" file Microsoft Windows may be vulnerable to remote code execution via a buffer overflow in the Windows Metafile image format handling. (CVE-2005-2124) VU#134756 - Microsoft Windows buffer overflow in Enhanced Metafile rendering API Microsoft Windows Enhanced Metafile Format image rendering routines contain a buffer overflow flaw that may allow an attacker to cause a denial-of-service condition. (CVE-2005-0803) III. Solution Apply Updates Microsoft has provided the updates to correct these vulnerabilities in Microsoft Security Bulletin MS05-053. These updates are also available on the Microsoft Update site. II. Impact A remote, unauthenticated attacker exploiting these vulnerabilities could execute arbitrary code with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take control of an affected system. An attacker may also be able to cause a denial of service. Appendix A. References * Microsoft Security Bulletin MS05-053 - * Microsoft Security Bulletin Summary for November 2005 - * US-CERT Vulnerability Note VU#300549 - * US-CERT Vulnerability Note VU#433341 - * US-CERT Vulnerability Note VU#134756 - * Microsoft Update - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT. Please send email to: with "TA05-312A Feedback VU#300549" in the subject. _________________________________________________________________ Revision History Nov 08, 2005: Initial release _________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ3E5BH0pj593lg50AQISLAf+NMAgk3Up6wWphjOIQ89miwTHvpXHGmIH /mxHQ3PoN82NPkr8NmnLHhNAHqi8+ZI15lrympvr6xvm8C8FTxPU+dCa9CxS3c4l FLbTDbACHeD/OYwgvbE70Gx5ZUG95MMXgCRMHGiwIHaSHRspUQRMjRN5JubPjsyL S737+Yr19hMw6JQOWhM+Pn0MyAs6qm+4gfnIxO2Z1PsmpnushpqW505U6B6ZkF7W zCU0zecdwtZCMhWTu+3L/MqAjzt7VCsd2iC+0HS7WLvAcWoFcEvlL6Ai/E/eJLDm HQnO34E8231CcKRT4VACvs1QPFV1pvw1pihOAXveiBFoHpCIdPLc6g== =faQS -----END PGP SIGNATURE----- ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Wed Nov 9 02:36:33 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: I'm looking to upgrade MailScanner and Spamassassin on a Debian 3.1, it was installed by someone else and they no longer work here. So this has landed in my lap, so pardon my lack of the correct term. I've noticed that using apt-get does not upgrade to the latest version for SA or MS. Is this done primary through compiling tar files or Perl installation? mail:/etc/MailScanner# sa-learn --version SpamAssassin version 3.0.3 mail:/etc/MailScanner# MailScanner --version Running on Linux mail 2.4.25-bf2.4-lit #2 Tue Feb 24 16:40:45 WST 2004 i686 GNU/Linux This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.41.3 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.62 Mail::Header 3.04 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.808 DB_File 1.06 Digest missing Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced missing URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 9 02:46:14 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > I'm looking to upgrade MailScanner and Spamassassin on a Debian 3.1, it was installed by someone else and they no longer work here. So this has landed in my lap, so pardon my lack of the correct term. > I've noticed that using apt-get does not upgrade to the latest version for SA or MS. > Is this done primary through compiling tar files or Perl installation? I think the "debian way" is to use apt, but I could be completely wrong The perl modules list you provided looks like it is missing at least one important one: > This is MailScanner version 4.41.3 > > Optional module versions are: > 1.808 DB_File > 1.06 Digest > missing Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin <<< slightly out of date, but not ancient > missing Mail::SPF::Query > missing Net::CIDR::Lite > missing Net::DNS <<<< that's a rather important one to miss out on -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at GMAIL.COM Wed Nov 9 07:20:36 2005 From: dl6mpg at GMAIL.COM (Uwe) Date: Thu Jan 12 21:31:10 2006 Subject: FW: US-CERT Technical Cyber Security Alert TA05-312A -- Microsoft Windows Image Processing Vulnerabilities Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/11/9, Hywel Burris : > # Microsoft Windows vulnerable to buffer overflow via specially crafted > "WMF" file added HB 09/11/05 > deny \.wmf$ Possible Microsoft Media vunerability > Dangerous attachment according to Microsoft KB896424 Virusscanners can´t catch this virus inside the picture ? Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 9 08:41:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:10 2006 Subject: F-prot advisory.. Message-ID: FYI, if you are running f-prot http://www.securityfocus.com/bid/15293/discuss -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Wed Nov 9 09:10:52 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: I've been trying to install the file and all I'm getting is the following: cpan> install Mail::SpamAssassin CPAN: Storable loaded ok LWP not available CPAN: Net::FTP loaded ok Fetching with Net::FTP: ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz It just stays there, is there a way to check that the program is working properly? Is there a conf file that I can look at to see if the source(s) are correct? or is there a way to rerun the perl configuration to choose another source. Thanks Jon >>> michele@BLACKNIGHT.IE 10:46:14 am 9/11/2005 >>> Jon Miller wrote: > I'm looking to upgrade MailScanner and Spamassassin on a Debian 3.1, it was installed by someone else and they no longer work here. So this has landed in my lap, so pardon my lack of the correct term. > I've noticed that using apt-get does not upgrade to the latest version for SA or MS. > Is this done primary through compiling tar files or Perl installation? I think the "debian way" is to use apt, but I could be completely wrong The perl modules list you provided looks like it is missing at least one important one: > This is MailScanner version 4.41.3 > > Optional module versions are: > 1.808 DB_File > 1.06 Digest > missing Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin <<< slightly out of date, but not ancient > missing Mail::SPF::Query > missing Net::CIDR::Lite > missing Net::DNS <<<< that's a rather important one to miss out on -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 9 08:52:55 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: Odd error in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 08/11/05, paddy wrote: > On Tue, Nov 08, 2005 at 09:26:07AM -0500, Dave Filchak wrote: > > Hello all, > > > > Over the past two weeks or so, after an update to almost the latest ( > > have not installed the very last release yet ) I have started to see the > > following in my log reports: > > > > Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks > > like a filename. If this is a ruleset filename, it must end in .rule or > > .rules : 16 Time(s) > > > > This is odd because my rules file is named properly and in the right > > place. Can anyone shed some light on this? > > Not sure that I can, but I'll try ... > > The relevant code reads something like: > > $actions = MailScanner::Config::Value(CONFIG_OPTION, $this); > > (where CONFIG_OPTION is one of hamactions highscorespamactions spamactions) > > . > . > . > > @actions = split(" ", $actions); > > return unless @actions; > > # If they have just specified a filename, then something is wrong > if ($#actions==0 && $actions[0] =~ /\//) { > MailScanner::Log::WarnLog('Your spam actions "%s" looks like a filename.' . > ' If this is a ruleset filename, it must end in .rule or .rules', > $actions[0]); > $actions[0] = 'deliver'; > } > > So my wild guess is that Config::Value returns something like > '/etc/mailscanner/rules/spamoptions.rules' (when what you wanted returned was inside there) > > At which point I'm wondering: > > grep -i ^[^#]*actions MailScanner.conf > > An example of ruleset configuration might look like: > > Virus Scanning = %rules-dir%/Virus.Scanning.rules > > I even wonder whether you have a '/etc/mailscanner/' instead of '/etc/Mailscanner/' ? > > If its failing to load you might see WarnLog("Cannot open filename-rules file %s, skipping" > > I get kind of dizzy when I grep "\$isrules =" Config.pm > > But that's all I got right now. > > Any help ? > > Regards, > Paddy > -- > Perl 6 will give you the big knob. -- Larry Wall I haven't checked *anything*, just thinking along... Might the spamoptions.rules filename contain "embedded non-printable chars"? Or might it lack read perms for the user MS is running as? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 9 08:59:29 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > I've been trying to install the file and all I'm getting is the following: > cpan> install Mail::SpamAssassin > CPAN: Storable loaded ok > LWP not available > CPAN: Net::FTP loaded ok > Fetching with Net::FTP: > ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz > > It just stays there, is there a way to check that the program is working properly? Is there a conf file that I can look at to see if the source(s) are correct? or is there a way to rerun the perl configuration to choose another source. > > Thanks > > Jon In a new cpan session run the command: "o conf init" ( no quotes) this will walk you through the configuration. However, if you are on debian you should be using apt-get / apt-cache search to find and install the perl libraries For example: apt-get update;apt-cache search perl|grep dns gives me: -- libnet-dns-perl - Perform DNS queries from a Perl script Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Wed Nov 9 09:42:07 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: Yes, I got the same plus some extras. But what I want to do is upgrage SA and using apt-get does not yield anything regarding SA. I'm assuming the only way of doing this is either to download and compile the .tgz or a perl upgrade. I saw on the CPAN search there is SA version 3.1. Also I wanted to install the Net::DNS and this too only sits at the prompt. So either my perl isn't configured properly or something else has gone off. Jon >>> michele@BLACKNIGHT.IE 4:59:29 pm 9/11/2005 >>> Jon Miller wrote: > I've been trying to install the file and all I'm getting is the following: > cpan> install Mail::SpamAssassin > CPAN: Storable loaded ok > LWP not available > CPAN: Net::FTP loaded ok > Fetching with Net::FTP: > ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz > > It just stays there, is there a way to check that the program is working properly? Is there a conf file that I can look at to see if the source(s) are correct? or is there a way to rerun the perl configuration to choose another source. > > Thanks > > Jon In a new cpan session run the command: "o conf init" ( no quotes) this will walk you through the configuration. However, if you are on debian you should be using apt-get / apt-cache search to find and install the perl libraries For example: apt-get update;apt-cache search perl|grep dns gives me: -- libnet-dns-perl - Perform DNS queries from a Perl script Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Nov 9 09:31:34 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:10 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks i will look into this when i finish my loginscript project (grrr). In the past i ahve used the RH caching name server installation - never even looked at its config, it always just worked. We moved the server to this subnet and it stopped and i didnt put much more effort in - i am motivated now, will look at using your tips on Monday. Thanks Pete Matt Kettler wrote: > Peter Russell wrote: > >>Thanks Matt. Like you said, i moved all the cf files out one at a time >>until i found the culprit. I found it was the blacklist and >>blacklist_uri rules sets causing the issues. Lint test is back down to >>less than 8sec. >> >>DNS is a win2k server that is under powered, over loaded and about to be >>decommissioned. But have always had heaps of issues settibng up a cache >>in this network, another time maybe. > > > Really?? it shouldn't be very hard.. > > With named all you need to do is set two global options, forward only and > forwarders. > > > You'll probably want to add a hint zone for . and a pair of zonefiles for > localhost/127.0.0.1, but that's simple too. > > Your whole named.conf would look something akin to this: > > options { > > forward only; > forwarders { > 192.168.x.x;192.168.x.x; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > > zone "localhost" IN { > type master; > file "localhost.zone"; > allow-update { none; }; > }; > > zone "0.0.127.in-addr.arpa" IN { > type master; > file "named.local"; > allow-update { none; }; > }; > > Poof.. done.. local caching named. > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Nov 9 09:32:27 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:10 2006 Subject: OT: leaving helper-app run mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I get a this too, since i added a bunch of new SARE rules. Not sure why because i think that app helper mode refers to call razor or pyzor or dcc? Pete Hywel Burris wrote: > Hi All, > > When I run a Lint I am getting some long times on leaving helper-app run > mode this seems to be associated with razor, as if I disable it in > spam.assassin.prefs it disapears. Has anyone else seen this or is 2-4 > seconds the norm for this? > > > [11441] dbg: rules: running raw-body-text per-line regexp tests; score > so far=0.738 0.0047 > [11441] dbg: rules: running full-text regexp tests; score so far=0.738 > 0.00483 > [11441] dbg: plugin: registering glue method for check_razor2_range > (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00031 > [11441] dbg: info: entering helper-app run mode 0.00059 > [11441] dbg: info: leaving helper-app run mode 2.69093 > [11441] dbg: razor2: part=0 engine=4 contested=0 confidence=0 0.00078 > [11441] dbg: razor2: results: spam? 0 0.00019 > [11441] dbg: razor2: results: engine 8, highest cf score: 0 0.00012 > [11441] dbg: razor2: results: engine 4, highest cf score: 0 0.00015 > [11441] dbg: plugin: registering glue method for check_razor2 > (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00023 > > Thanks in advance > > Hywel > > > ************************************************************************ > This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. > > Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 9 11:38:50 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: sophos-wrapper IDE directory Message-ID: Hi, I am using MailScanner with Sophos on a Solaris 8, intel box. I am very pleased with how it works. Ever since I started using this configuration I have had to tweak default settings so that the sophos- wrapper script had the correct path to the Sophos IDE files. I used to tweak the sophos-wrapper script each time I upgraded, but I have now used a soft link to make it work. Does any one think the sophos- wrapper script should be modified. The situation is this: The Sophos install, out-of-the-box, no changes installs to the following directories: /usr/local/bin - Executables /usr/local/lib - Libraries /usr/local/sav - Virus library and identity files The MailScanner sophos-wrapper script is configured expecting the IDE files to be in PREFIX/ide, thus: SAV_IDE=$PackageDir/ide I notice that the sophos-autoupdate script also looks in this directory. I don't use this to update as I am using the EM Library to manage updates across the department. My question is, does other installs of Sophos put the IDE files in the ide directory? In which case should there be some form of check for OS? If this is the default for all installs, can the sophos- wrapper script be updated to reflect this? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is a sobering thought, for example, that when Mozart was my age, he had been dead for two years." - Tom Lehrer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Wed Nov 9 12:28:20 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:31:10 2006 Subject: sophos-wrapper IDE directory Message-ID: MailScanner mailing list wrote: > I notice that the sophos-autoupdate script also looks in this > directory. Yes it does... > I don't use this to update as I am using the EM Library > to manage updates across the department. That'll be the difference... Ignore the fact that I have /opt/local/sophos for my $PackageDir, which is a link to the installed version... $ ls -l /opt/local/sophos lrwxrwxrwx 1 root root 10 Nov 9 10:30 /opt/local/sophos -> sophos.397 $ ls -l /opt/local/sophos.397/ total 28 drwxr-xr-x 2 root root 12288 Nov 9 12:01 397.200511091201 drwxr-xr-x 2 root root 4096 Sep 14 10:19 bin lrwxrwxrwx 1 root root 34 Nov 9 12:01 ide -> /opt/local/sophos/397.200511091201 drwxr-xr-x 2 root root 4096 Sep 14 10:37 lib The "ide" link is created by the update script after it has downloaded the IDE files and put them in the . directory. > My question is, does other installs of Sophos put the IDE files in > the ide directory? In which case should there be some form of check > for OS? If this is the default for all installs, can the sophos- > wrapper script be updated to reflect this? I'd suggest that the existing wrapper script be left as-is but there is potential for an additional one for use with SophosEM. just my 2c, Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From warren at SOFTOV.CO.IL Wed Nov 9 12:22:59 2005 From: warren at SOFTOV.CO.IL (Warren Burstein) Date: Thu Jan 12 21:31:10 2006 Subject: message from mailscanner: ignoring text in character set Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm running MailScanner-4.47.4-2 on CentOS release 3.4 (which I understand is a derivative of Redhat Enterprise Edition). When I run MailScanner in Debug mode, if a message is in the queue with a subject containing text in windows-1255, I see the following message: ignoring text in character set `WINDOWS-1255' at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 359 I searched the archives and found in http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind02&L=MAILSCANNER&P=R309317&I=-3 that there was a similar message in 2002 regarding windows-1252, and it was fixed. I also read that this was not something to worry about, so I'm not worrying, but I like to get rid of error messages so that if there is a real problem it will stand out. So, if anyone remembers what was done to make this work for windows-1252, could you tell me, and I'll see if I can do likewise for 1255? thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 9 12:47:13 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: sophos-wrapper IDE directory Message-ID: Hi, That makes sense. In that case I would agree that a wrapper that worked with a standard install of Sophos as well as the one that works with the MailScanner update scripts would be useful. The EM stuff is a bit of a red herring, as I have only just updated the Solaris boxes to use it. I had the same issue when working with the standard install of Sophos. I realise that MailScanner is very much geared up to install and configure the whole system these days, inc SpamAssassin, ClamAV, MTA etc. But I had a lot of these installed (to their default places) _before_ I installed MailScanner, and I am not ready to adopt a completely new way of working. It seems to me that there are probably other people who also like to work with the separate packages. > MailScanner mailing list wrote: > > I notice that the sophos-autoupdate script also looks in this > > directory. > > Yes it does... > > > I don't use this to update as I am using the EM Library > > to manage updates across the department. > > That'll be the difference... > > Ignore the fact that I have /opt/local/sophos for my $PackageDir, > which is a link to the installed version... > > $ ls -l /opt/local/sophos > lrwxrwxrwx 1 root root 10 Nov 9 10:30 /opt/local/sophos -> > sophos.397 $ ls -l /opt/local/sophos.397/ total 28 drwxr-xr-x 2 root > root 12288 Nov 9 12:01 397.200511091201 drwxr-xr-x 2 root root 4096 > Sep 14 10:19 bin lrwxrwxrwx 1 root root 34 Nov 9 12:01 ide -> > /opt/local/sophos/397.200511091201 drwxr-xr-x 2 root root 4096 Sep > 14 10:37 lib > > The "ide" link is created by the update script after it has downloaded > the IDE files and put them in the . directory. > > > My question is, does other installs of Sophos put the IDE files in > > the ide directory? In which case should there be some form of check > > for OS? If this is the default for all installs, can the sophos- > > wrapper script be updated to reflect this? > > I'd suggest that the existing wrapper script be left as-is but there > is potential for an additional one for use with SophosEM. > > just my 2c, > > Gary > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Computer software consists of only two components: ones and zeros, in roughly equal proportions. All that is required is to sort them into the correct order. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Wed Nov 9 14:14:55 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command relevent for MailScanner bundle Message-ID: I've came across this command spamassassin -D --lint on the Rules Emporium website. They indicate you must run this command before implementing new Live rules. Should this command be used even if I am using MailsScanner port for FreeBSD? I installed MailScanner bundle using (install-ClamSA). What are the command line arguments -D --lint?? I can't seem to find docs explaining what each argument is and why? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Wed Nov 9 14:26:46 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, November 9, 2005 14:14, Marc Dufresne wrote: > I've came across this command spamassassin -D --lint on the Rules > Emporium website. They indicate you must run this command before > implementing new Live rules. > > Should this command be used even if I am using MailsScanner port for > FreeBSD? I installed MailScanner bundle using (install-ClamSA). Yes, although I would also add -p /usr/local/etc/MailScanner/spam.assasin.rules > > What are the command line arguments -D --lint?? I can't seem to find > docs explaining what each argument is and why? -D is debug, --lint is the rules test (There is probably a better explaination but you get the idea), -p path to prefs file HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 9 14:32:31 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command relevent for MailScanner bundle Message-ID: Hi, Running spamassassin from the command line runs the spamassassin program. -D runs the program in debug mode --lint runs the program and tests that the config files are contain no errors. This is a good test to ensure that you haven't introduced any syntax errors into the config files when you updated the rules. > I've came across this command spamassassin -D --lint on the Rules > Emporium website. They indicate you must run this command before > implementing new Live rules. > > Should this command be used even if I am using MailsScanner port for > FreeBSD? I installed MailScanner bundle using (install-ClamSA). > > What are the command line arguments -D --lint?? I can't seem to find > docs explaining what each argument is and why? > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 9 14:32:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command relevent for MailScanner bundle Message-ID: Marc Most people use RulesDuJour to update their rules from Rulesemporium etc. You'll need to ammend the lint check to something like.. spamassassin -p /usr/local/etc/MailScanner/spam.assassin.prefs.conf -D --lint (all one line, check the path is correct, I don't run the FreeBSD port version) This checks any new rules for syntax errors before you restart MailScanner, as you want the new rules to work before you restart MS and implement these new rules.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Marc Dufresne > Sent: 09 November 2005 14:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] run spamassassin -D --lint Is this command relevent > for MailScanner bundle > > I've came across this command spamassassin -D --lint on the Rules > Emporium website. They indicate you must run this command before > implementing new Live rules. > > Should this command be used even if I am using MailsScanner port for > FreeBSD? I installed MailScanner bundle using (install-ClamSA). > > What are the command line arguments -D --lint?? I can't seem to find > docs explaining what each argument is and why? > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Wed Nov 9 14:39:33 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:10 2006 Subject: Basic Sendmail question Message-ID: Your right, I missed that statement at the top of the Sendmail.cf. Sendmail seems to be working, and I don't want to risk misconfiguring it now. Since I modified the wrong file with that statement, what do you suggest I do? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> dh@UPTIME.AT 11/8/2005 10:16 AM >>> Marc Dufresne wrote: > This is what I had to modify in my sendmail.cf file on FreeBSD 5.4: > > Search "sendmail.cf" for: > > #SMTP daemon options > O DaemonPortOptions=Name=IPv4, Family=inet, addr= to listen on> > > i.e. > > O DaemonPortOptions=Name=IPv4, Family=inet, addr=24.34.56.23 > > Restart sendmail. You should see it listen on the correct IP. > Please NEVER EVER modify your *.cf files. Modify the *.mc files and generate the *.cf files using your m4 interpreter. You will end up in chaos if you to know follow this path with sendmail :) -d ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From chris at TAC.ESI.NET Wed Nov 9 14:39:54 2005 From: chris at TAC.ESI.NET (chris hammond) Date: Thu Jan 12 21:31:10 2006 Subject: MailScanner book reviews? Message-ID: I received my copy last Friday and have been reading through it. IMHO, yes the book is worth the cost. My $.02 American Chris >>>jeff@DYNAMICTELECARD.COM 11/01/05 4:11 pm >>> Has anyone on the list purchased the latest edition of the Mailscanner book? I'm curious about what you think of it. (If not the updated August 2005 version, a previous version is okay.) Do you think the book is worth the cost? Perhaps you don't think it's worth it but want to support the project. I can't find a list of what is covered in the book so I'm left with a public plea for information. Feel free to email me offlist if you prefer not to make a public statement. Thanks, -Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Wed Nov 9 15:13:29 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: Hi There has been a little desussion between me and other mail admins, working in same line of bussiness running a shared RBL-server. Since the heaalthcare business here have rules and regulations its sometimes hard to use external RBL's that we can't controll. There is a mix of systems but mainly Exchange/Notes and of course sendmail/mailscanner running in different locations. Has anyone got any experince in running RBL and could shed some light if its worth running it of just a wast of time. Our mail goals would be distributed servers and fairly easy updates of lists since the might be alot of manual workbeacause of laws/regulations /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Wed Nov 9 17:10:52 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The most work is keeping it curent. I use an automated system I wrote to collect addresses of Spam sources. There are also the remove requests that come along and they have to be handled. I store my entries in an SQL database and then run a cron job that dumps the database into a zone file. That allows me to use an un-modifed version of bind. I have, in the past, maintained the zone files by hand... lots of work if it's a busy RBL All the adds and removes. Depending on how you use it, there may not be so many removes. Once I figured out a couple of ways to attract the Zombie Army I was getting much fewer removes since no real email ever comes from those machines and the owners don't know their listed. Having a local RBL can be very benificial as you're in complete control. Add what you want and remove what you want based on you're own criteria. I have also hosted public RBLs and they really get problamatic becase if you're at all effective, you will be attacked. I finally had to shutdown the public lists because I couldn't afford being attacked all the time. Dennis Anders Andersson, IT wrote: >Hi >There has been a little desussion between me and other mail admins, >working in same line of bussiness running a shared RBL-server. Since the >heaalthcare business here have rules and regulations its sometimes hard >to use external RBL's that we can't controll. There is a mix of systems >but mainly Exchange/Notes and of course sendmail/mailscanner running in >different locations. >Has anyone got any experince in running RBL and could shed some light if >its worth running it of just a wast of time. >Our mail goals would be distributed servers and fairly easy updates of >lists since the might be alot of manual workbeacause of laws/regulations > >/Anders > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Wed Nov 9 17:39:33 2005 From: dyioulos at FIRSTBHPH.COM (Diggy) Date: Thu Jan 12 21:31:10 2006 Subject: MCP cf Message-ID: Hello to all. This morning I enabled mcp on the latest release of MS running on a CentOS 3.5 box along with sendmail-8.12.11-4.RHEL3.1. Documentation says I should install a sendmail patch for mcp to scan certain attachments. Is that the case with my version of sendmail? Also, Are there any examples of mcp cf, other than the sample included with MS, that I can have a look at? I'm really not a coder at all, but can learn easily if I see some examples. Thanks so much. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed Nov 9 18:00:11 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:10 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I still am having problems and cannot figure out why.... Nov 9 12:20:45 stewy MailScanner[946]: New Batch: Scanning 1 messages, 8128 bytes Nov 9 12:20:45 stewy MailScanner[946]: Spam Checks: Starting Nov 9 12:20:49 stewy MailScanner[946]: Virus and Content Scanning: Starting Nov 9 12:20:50 stewy MailScanner[946]: tag found in message 50B34BEDB.A57E4 from terry@helliker.net Nov 9 12:20:50 stewy MailScanner[946]: Requeue: 50B34BEDB.A57E4 to AA2D0BF4C Nov 9 12:20:50 stewy MailScanner[946]: Uninfected: Delivered 1 messages Nov 9 12:21:42 stewy MailScanner[10390]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 9 12:21:42 stewy MailScanner[10390]: Read 120 hostnames from the phishing whitelist Nov 9 12:21:43 stewy MailScanner[10390]: Enabling SpamAssassin auto-whitelist functionality... Nov 9 12:21:47 stewy MailScanner[10390]: Using locktype = flock Died at he time above but still had MailScanner processes running... I then restarted at the time below Nov 9 12:54:30 stewy MailScanner[14310]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 9 12:54:30 stewy MailScanner[14310]: Read 120 hostnames from the phishing whitelist Nov 9 12:54:31 stewy MailScanner[14310]: Enabling SpamAssassin auto-whitelist functionality... Nov 9 12:54:36 stewy MailScanner[14310]: Using locktype = flock Nov 9 12:54:36 stewy MailScanner[14310]: New Batch: Found 63 messages waiting It very unreliable now, i have to restart every 15 mins to make sure mail gets delivered.... Any suggestions on what to look for?? The debug did not seem to help much... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Rob" To: Sent: Tuesday, November 08, 2005 3:35 PM Subject: Re: Its not ny day for mailscanner > ok so after doing this it scanned one message and gave me what seemed to > be a normal output.... but i can not site at the consol all day running it > in debug mode and restarting each time?? > > any other things i should look at.... > BTW when i say die, it looks like its dead, as i see mailscanner processes > in a ps but in the log file i see no mailscanner stuff running... could > it be because recently i added RBLs and razor? > > Thanks... > > Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the > phishing whitelist > Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin > auto-whitelist functionality... > Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = > flock > Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 > Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock > Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, > 22625 bytes > Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 > messages > Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting > Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 > Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 > Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 found > in SBL+XBL > Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 > Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 > Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from > 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is spam, > SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, > DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, > DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP > 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, > RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) > Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam messages > Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message > 51791BF61.03596 actions are delete > Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: > Starting > Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... > Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav > Nov 8 15:27:37 stewy MailScanner[670]: tag found in message > 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca > Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to > A53A5BF4C > Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages > Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages > Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: > from=, size=20795, nrcpt=1 > (queue active) > Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old age > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Stephen Swaney" > To: > Sent: Monday, November 07, 2005 5:51 PM > Subject: Re: Its not ny day for mailscanner > > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Ugo Bellavance >>> Sent: Monday, November 07, 2005 5:00 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Its not ny day for mailscanner >>> >>> Stephen Swaney wrote: >>> >> -----Original Message----- >>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> >> Behalf Of Rob >>> >> Sent: Monday, November 07, 2005 3:45 PM >>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>> >> Subject: Its not ny day for mailscanner >>> >> >>> >> First off thanks to all for helping me out in the last few days on >>> >> this >>> >> list i really appreciate it... >>> >> >>> >> No i have another strange problem... >>> >> >>> >> MS seems to silently die, and mail keeps coming in but not being >>> >> delivered.... >>> >> >>> >> Nothing in the logs other than the below... >>> >> >>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> >>> >> When i run the /usr/sbin/check_mailscaner it says >>> >> >>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>> >> MailScanner running with pid 8146 8147 >>> >> >>> >> >>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>> >> activity until i restart by /etc/init.d/mailscanner restart >>> >> >>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>> >> >>> >> Any ideas? >>> >> >>> >> Rob... >>> >> http://www.stupidguytalk.org >>> > >>> > To make the error a little noisier, in MailScanner.conf please set: >>> > >>> > Debug = no >>> > Debug SpamAssassin = no >>> > >>> > Then stop and then start MailScanner from the command line. Watch the >>> screen >>> > output. The reason for MailScanner dying should appear. >>> > >>> > Steve >>> > >>> > Stephen Swaney >>> > Fort Systems Ltd. >>> > stephen.swaney@fsl.com >>> > www.fsl.com >>> > >>> >>> I'd say yes, Steve, not no :) >>> >>> Debug = yes >>> Debug SpamAssassin = yes >>> >>> -- >>> Ugo >> >> Of course, Silly me. Thanks Ugo! >> >> Steve >> >> Stephen Swaney >> Fort Systems Ltd. >> stephen.swaney@fsl.com >> www.fsl.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Stephen Swaney" > To: > Sent: Monday, November 07, 2005 5:51 PM > Subject: Re: Its not ny day for mailscanner > > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Ugo Bellavance >>> Sent: Monday, November 07, 2005 5:00 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Its not ny day for mailscanner >>> >>> Stephen Swaney wrote: >>> >> -----Original Message----- >>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> >> Behalf Of Rob >>> >> Sent: Monday, November 07, 2005 3:45 PM >>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>> >> Subject: Its not ny day for mailscanner >>> >> >>> >> First off thanks to all for helping me out in the last few days on >>> >> this >>> >> list i really appreciate it... >>> >> >>> >> No i have another strange problem... >>> >> >>> >> MS seems to silently die, and mail keeps coming in but not being >>> >> delivered.... >>> >> >>> >> Nothing in the logs other than the below... >>> >> >>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> >>> >> When i run the /usr/sbin/check_mailscaner it says >>> >> >>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>> >> MailScanner running with pid 8146 8147 >>> >> >>> >> >>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>> >> activity until i restart by /etc/init.d/mailscanner restart >>> >> >>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>> >> >>> >> Any ideas? >>> >> >>> >> Rob... >>> >> http://www.stupidguytalk.org >>> > >>> > To make the error a little noisier, in MailScanner.conf please set: >>> > >>> > Debug = no >>> > Debug SpamAssassin = no >>> > >>> > Then stop and then start MailScanner from the command line. Watch the >>> screen >>> > output. The reason for MailScanner dying should appear. >>> > >>> > Steve >>> > >>> > Stephen Swaney >>> > Fort Systems Ltd. >>> > stephen.swaney@fsl.com >>> > www.fsl.com >>> > >>> >>> I'd say yes, Steve, not no :) >>> >>> Debug = yes >>> Debug SpamAssassin = yes >>> >>> -- >>> Ugo >> >> Of course, Silly me. Thanks Ugo! >> >> Steve >> >> Stephen Swaney >> Fort Systems Ltd. >> stephen.swaney@fsl.com >> www.fsl.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed Nov 9 18:04:02 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:10 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If it helps i also added an init.pre file from SA source as debian did not have it in /etc/spamassassin the contents of the file are below.... # RelayCountry - add metadata for Bayes learning, marking the countries # a message was relayed through # # loadplugin Mail::SpamAssassin::Plugin::RelayCountry # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF Could this be causing anything? Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Rob" To: Sent: Wednesday, November 09, 2005 1:00 PM Subject: Re: Its not ny day for mailscanner >I still am having problems and cannot figure out why.... > > Nov 9 12:20:45 stewy MailScanner[946]: New Batch: Scanning 1 messages, > 8128 bytes > Nov 9 12:20:45 stewy MailScanner[946]: Spam Checks: Starting > Nov 9 12:20:49 stewy MailScanner[946]: Virus and Content Scanning: > Starting > Nov 9 12:20:50 stewy MailScanner[946]: tag found in message > 50B34BEDB.A57E4 from terry@helliker.net > Nov 9 12:20:50 stewy MailScanner[946]: Requeue: 50B34BEDB.A57E4 to > AA2D0BF4C > Nov 9 12:20:50 stewy MailScanner[946]: Uninfected: Delivered 1 messages > Nov 9 12:21:42 stewy MailScanner[10390]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 9 12:21:42 stewy MailScanner[10390]: Read 120 hostnames from the > phishing whitelist > Nov 9 12:21:43 stewy MailScanner[10390]: Enabling SpamAssassin > auto-whitelist functionality... > Nov 9 12:21:47 stewy MailScanner[10390]: Using locktype = flock > > Died at he time above but still had MailScanner processes running... > I then restarted at the time below > > Nov 9 12:54:30 stewy MailScanner[14310]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 9 12:54:30 stewy MailScanner[14310]: Read 120 hostnames from the > phishing whitelist > Nov 9 12:54:31 stewy MailScanner[14310]: Enabling SpamAssassin > auto-whitelist functionality... > Nov 9 12:54:36 stewy MailScanner[14310]: Using locktype = flock > Nov 9 12:54:36 stewy MailScanner[14310]: New Batch: Found 63 messages > waiting > > It very unreliable now, i have to restart every 15 mins to make sure mail > gets delivered.... > > Any suggestions on what to look for?? > The debug did not seem to help much... > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Rob" > To: > Sent: Tuesday, November 08, 2005 3:35 PM > Subject: Re: Its not ny day for mailscanner > > >> ok so after doing this it scanned one message and gave me what seemed to >> be a normal output.... but i can not site at the consol all day running >> it in debug mode and restarting each time?? >> >> any other things i should look at.... >> BTW when i say die, it looks like its dead, as i see mailscanner >> processes in a ps but in the log file i see no mailscanner stuff >> running... could it be because recently i added RBLs and razor? >> >> Thanks... >> >> Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the >> phishing whitelist >> Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin >> auto-whitelist functionality... >> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = >> flock >> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 >> Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock >> Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, >> 22625 bytes >> Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 >> messages >> Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting >> Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 >> Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 >> Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 found >> in SBL+XBL >> Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 >> Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 >> Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from >> 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is >> spam, SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, >> DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, >> DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP >> 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, >> RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) >> Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam >> messages >> Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message >> 51791BF61.03596 actions are delete >> Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: >> Starting >> Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... >> Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav >> Nov 8 15:27:37 stewy MailScanner[670]: tag found in message >> 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca >> Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to >> A53A5BF4C >> Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages >> Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages >> Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: >> from=, size=20795, nrcpt=1 >> (queue active) >> Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old >> age >> >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> ----- Original Message ----- >> From: "Stephen Swaney" >> To: >> Sent: Monday, November 07, 2005 5:51 PM >> Subject: Re: Its not ny day for mailscanner >> >> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Ugo Bellavance >>>> Sent: Monday, November 07, 2005 5:00 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Its not ny day for mailscanner >>>> >>>> Stephen Swaney wrote: >>>> >> -----Original Message----- >>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> >> On >>>> >> Behalf Of Rob >>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>> >> Subject: Its not ny day for mailscanner >>>> >> >>>> >> First off thanks to all for helping me out in the last few days on >>>> >> this >>>> >> list i really appreciate it... >>>> >> >>>> >> No i have another strange problem... >>>> >> >>>> >> MS seems to silently die, and mail keeps coming in but not being >>>> >> delivered.... >>>> >> >>>> >> Nothing in the logs other than the below... >>>> >> >>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> >>>> >> When i run the /usr/sbin/check_mailscaner it says >>>> >> >>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>> >> MailScanner running with pid 8146 8147 >>>> >> >>>> >> >>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>> >> >>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>> >> >>>> >> Any ideas? >>>> >> >>>> >> Rob... >>>> >> http://www.stupidguytalk.org >>>> > >>>> > To make the error a little noisier, in MailScanner.conf please set: >>>> > >>>> > Debug = no >>>> > Debug SpamAssassin = no >>>> > >>>> > Then stop and then start MailScanner from the command line. Watch the >>>> screen >>>> > output. The reason for MailScanner dying should appear. >>>> > >>>> > Steve >>>> > >>>> > Stephen Swaney >>>> > Fort Systems Ltd. >>>> > stephen.swaney@fsl.com >>>> > www.fsl.com >>>> > >>>> >>>> I'd say yes, Steve, not no :) >>>> >>>> Debug = yes >>>> Debug SpamAssassin = yes >>>> >>>> -- >>>> Ugo >>> >>> Of course, Silly me. Thanks Ugo! >>> >>> Steve >>> >>> Stephen Swaney >>> Fort Systems Ltd. >>> stephen.swaney@fsl.com >>> www.fsl.com >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> ----- Original Message ----- >> From: "Stephen Swaney" >> To: >> Sent: Monday, November 07, 2005 5:51 PM >> Subject: Re: Its not ny day for mailscanner >> >> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Ugo Bellavance >>>> Sent: Monday, November 07, 2005 5:00 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Its not ny day for mailscanner >>>> >>>> Stephen Swaney wrote: >>>> >> -----Original Message----- >>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> >> On >>>> >> Behalf Of Rob >>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>> >> Subject: Its not ny day for mailscanner >>>> >> >>>> >> First off thanks to all for helping me out in the last few days on >>>> >> this >>>> >> list i really appreciate it... >>>> >> >>>> >> No i have another strange problem... >>>> >> >>>> >> MS seems to silently die, and mail keeps coming in but not being >>>> >> delivered.... >>>> >> >>>> >> Nothing in the logs other than the below... >>>> >> >>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> >>>> >> When i run the /usr/sbin/check_mailscaner it says >>>> >> >>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>> >> MailScanner running with pid 8146 8147 >>>> >> >>>> >> >>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>> >> >>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>> >> >>>> >> Any ideas? >>>> >> >>>> >> Rob... >>>> >> http://www.stupidguytalk.org >>>> > >>>> > To make the error a little noisier, in MailScanner.conf please set: >>>> > >>>> > Debug = no >>>> > Debug SpamAssassin = no >>>> > >>>> > Then stop and then start MailScanner from the command line. Watch the >>>> screen >>>> > output. The reason for MailScanner dying should appear. >>>> > >>>> > Steve >>>> > >>>> > Stephen Swaney >>>> > Fort Systems Ltd. >>>> > stephen.swaney@fsl.com >>>> > www.fsl.com >>>> > >>>> >>>> I'd say yes, Steve, not no :) >>>> >>>> Debug = yes >>>> Debug SpamAssassin = yes >>>> >>>> -- >>>> Ugo >>> >>> Of course, Silly me. Thanks Ugo! >>> >>> Steve >>> >>> Stephen Swaney >>> Fort Systems Ltd. >>> stephen.swaney@fsl.com >>> www.fsl.com >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 9 18:04:09 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Andersson, IT wrote: >Hi >There has been a little desussion between me and other mail admins, >working in same line of bussiness running a shared RBL-server. Since the >heaalthcare business here have rules and regulations its sometimes hard >to use external RBL's that we can't controll. There is a mix of systems >but mainly Exchange/Notes and of course sendmail/mailscanner running in >different locations. >Has anyone got any experince in running RBL and could shed some light if >its worth running it of just a wast of time. >Our mail goals would be distributed servers and fairly easy updates of >lists since the might be alot of manual workbeacause of laws/regulations > >/Anders > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > I'd love to help. I can host/mirror if you like, on CentOS/RedHat. I've been thinking of setting up a latin american (or panamanian) RBL for local spammers/infected machines/etc. - and I could also set up honeypots or honeypot domains if needed. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 9 18:06:27 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dennis Willson wrote: > > Having a local RBL can be very benificial as you're in complete > control. Add what you want and remove what you want based on you're > own criteria. I have also hosted public RBLs and they really get > problamatic becase if you're at all effective, you will be attacked. > I finally had to shutdown the public lists because I couldn't afford > being attacked all the time. If anyone reading this list wants to help setting up/hosting/mirroring a DNSBL I'd be happy to contribute with my server(s), and any expertise you might need testing/maintaining. I want to set one up for my country, but I don't mind helping out the rest of my MailScanner peeps :) I've got MySQL/Bind running on CentOS/Fedora, if it helps. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 9 18:22:28 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 09/11/05, Anders Andersson, IT wrote: > Hi > There has been a little desussion between me and other mail admins, > working in same line of bussiness running a shared RBL-server. Since the > heaalthcare business here have rules and regulations its sometimes hard > to use external RBL's that we can't controll. Really? Assuming you don't have any other rules than the ones governing any Swedish government works/institutions, you should be fine... at least using them for scoring and probably even for flat-out rejections. STAKO has a nice publication on the legal aspects of this for public institutions ... http://www.statskontoret.se/upload/Publikationer/2005/200505.pdf ... Perhaps worth reading for you too? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 9 18:24:46 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:10 2006 Subject: MCP cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diggy spake the following on 11/9/2005 9:39 AM: > Hello to all. > > This morning I enabled mcp on the latest release of MS running on a CentOS > 3.5 box along with sendmail-8.12.11-4.RHEL3.1. Documentation says I should > install a sendmail patch for mcp to scan certain attachments. Is that the > case with my version of sendmail? > > Also, Are there any examples of mcp cf, other than the sample included with > MS, that I can have a look at? I'm really not a coder at all, but can learn > easily if I see some examples. > > Thanks so much. > I believe you patch spamassassin, not sendmail. That is only to look inside non-text attachments, like word documents. See http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/ -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vaughn at BLUEMTNET.COM Wed Nov 9 18:59:17 2005 From: vaughn at BLUEMTNET.COM (Vaughn Skinner) Date: Thu Jan 12 21:31:10 2006 Subject: Distributed spammer attacks? Message-ID: Using milter-sender we are getting many of the following syslog entries. (addresses changed to protect the innocent) Nov 9 04:25:03 server sendmail[26187]: jA9CP0Eb026187: Milter: helo=1.2.3.4 reject=550 5.7.1 HELO 1.2.3.4 claims to be us 'server.domain' [1.2.3.4], but the connection [220.184.102.95] is not us Yesterday we received 2901 of these. 2586 are unique machines and the most any one hit was 6 times. Here is a test session where I duplicated the abuse showing what others are doing. I expect we are looking at a distributed spam network. Has anyone else experienced this, and if so any thoughts about a solution? The only thing I can think of to counter this would be a common dnsbl. Vaughn 220 1.2.3.4 ESMTP Sendmail 1.0/1.0; Wed, 9 Nov 2005 10:30:39 -0800 HELO 1.2.3.4 250 1.2.3.4 Hello test [2.3.4.5], pleased to meet you mail from: 550 5.7.1 HELO 1.2.3.4 claims to be us '1.2.3.4' [1.2.3.4], but the connection [2.3.4.5] is not us ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed Nov 9 19:13:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:10 2006 Subject: Distributed spammer attacks? Message-ID: MailScanner mailing list <> scribbled on Wednesday, November 09, 2005 12:59 PM: > Using milter-sender we are getting many of the following > syslog entries. > (addresses changed to protect the innocent) > > Nov 9 04:25:03 server sendmail[26187]: jA9CP0Eb026187: > Milter: helo=1.2.3.4 reject=550 5.7.1 HELO 1.2.3.4 claims to > be us 'server.domain' [1.2.3.4], but the connection > [220.184.102.95] is not us > > Yesterday we received 2901 of these. 2586 are unique > machines and the most any one hit was 6 times. > > Here is a test session where I duplicated the abuse showing > what others are doing. > > I expect we are looking at a distributed spam network. Has > anyone else experienced this, and if so any thoughts about a > solution? The only thing I can think of to counter this > would be a common dnsbl. > > Vaughn > > 220 1.2.3.4 ESMTP Sendmail 1.0/1.0; Wed, 9 Nov 2005 10:30:39 > -0800 HELO 1.2.3.4 250 1.2.3.4 Hello test [2.3.4.5], pleased > to meet you mail from: 550 5.7.1 HELO 1.2.3.4 > claims to be us '1.2.3.4' [1.2.3.4], but the connection > [2.3.4.5] is not us > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! I use milter-sender too and I also see this in my logs all the time. I suspect the spammers are trying to exploit an MX that is configured to allow it's own IP address to relay (instead of 127.0.0.1). I may be wrong. I don't worry about these entries since milter-sender is preventing the junk from coming in. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Wed Nov 9 19:27:41 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:31:10 2006 Subject: MCP cf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday November 09 2005 1:24 pm, Scott Silva wrote: > Diggy spake the following on 11/9/2005 9:39 AM: > > Hello to all. > > > > This morning I enabled mcp on the latest release of MS running on a > > CentOS 3.5 box along with sendmail-8.12.11-4.RHEL3.1. Documentation says > > I should install a sendmail patch for mcp to scan certain attachments. > > Is that the case with my version of sendmail? > > > > Also, Are there any examples of mcp cf, other than the sample included > > with MS, that I can have a look at? I'm really not a coder at all, but > > can learn easily if I see some examples. > > > > Thanks so much. > > I believe you patch spamassassin, not sendmail. That is only to look > inside non-text attachments, like word documents. > > See http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/ > > Scott, I really, really need to be careful about reading the how-to's. Thanks for pointing out that it's spamassassin I need to patch. Would the patch work on an rpm-based spamassassin installation? I have looked at http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/, but as to the mcp cf, it says to look at the sample. The sample isn't that helpful to me (it's just me) - I was hoping to see a real-world example. If someone would be kind enough to share an mcp cf or two that they actually have in place, I'd be most appreciative. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 9 21:46:14 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:10 2006 Subject: lint test Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig spake the following on 11/9/2005 1:29 PM: > HI Matt, > > Thanks for the response. > > This is the report from RDJ that I just recieved. > > RulesDuJour Run Summary on mailhost: > > SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0) has changed on mailhost. > Version line: # Version: 2.9.2 # > > EvilNumber has changed on mailhost. > Version line: # Version: 02.00.01 # The evilnumber set has been renamed to match SARE's updated standards, the new name is 70_sare_evilnum0.cf. Please remove evilnumber local language files > > SARE 70_sare_bayes_poison_nxm.cf Ruleset has changed on mailhost. > Version line: # Version: 1.00 > > SARE html Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.03.08 > > SARE html Ruleset (set 1 -- hits occasional ham) has changed on mailhost. > Version line: # Version: 01.03.08 > > SARE HEADER Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.03.16 > > SARE HEADER Ruleset (hits occasional ham) has changed on mailhost. > Version line: # Version: 01.03.16 > > SARE Specific Ruleset has changed on mailhost. > Version line: # Version: 01.03.08 > > SARE Adult Content Ruleset has changed on mailhost. > Version line: # Version: 01.02.03 # The Adult set has been renamed to match SARE's updated standards, the new name is 70_sare_adult.cf > > SARE BIZ/Marketing/Learning Ruleset (for SA ver. 2.5x and greater) has changed on mailhost. > Version line: # Version: 01.02.02 # The BML set has been renamed to match SARE's updated standards, the new name is 72_sare_bml_post25x.cf > > SARE Fraud Detection Ruleset (for SA ver. 2.5x and greater) has changed on mailhost. > Version line: # Version: 01.03.02 # NOTE: Please update your scripts to pull this file from it's new location http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf > > SARE Spoof Ruleset has changed on mailhost. > Version line: # Version: 1.09.01 > > SARE Random Ruleset for SpamAssassin 2.5x and higher has changed on mailhost. > Version line: # Version: 1.30.19 > > SARE OEM Ruleset has changed on mailhost. > Version line: # Version: 1.05.11 > > SARE General Subject Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.03.11 > > SARE General Subject Ruleset (set 1 -- hits occasional ham) has changed on mailhost. > Version line: # Version: 01.03.11 > > SARE Unsubscribe phrases Ruleset has changed on mailhost. > Version line: # Version: .80 > > SARE URI Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.01.03 > > TripWire has changed on mailhost. > Version line: # Version 1.18 More Typo's fixed. > > EvilNumbers1 has changed on mailhost. > Version line: # Version: 01.00.00 # > > EvilNumbers2 has changed on mailhost. > Version line: # Version: 01.00.00 # > > William Stearn's RANDOM WORD Ruleset has changed on mailhost. > Version line: #release: 2004052501 > > Tim Jackson's (et al) bogus virus warnings has changed on mailhost. > Version line: # bogus-virus-warnings.cf version 1.160 (2005-06-22) - NB new Rules Emporium address > > Ruleset for header abuse (sets 0-3) has changed on mailhost. > Version line: # Version: 01.03.16 > > SARE html Ruleset (combined sets 0-3) has changed on mailhost. > Version line: # Version: 01.03.08 > > ***WARNING***: /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.2; rm -f /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum0.cf; mv -f /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf /etc/mail/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf.2; rm -f /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf; mv -f /etc/mail/spamassassin/70_sare_html0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_html0.cf.2; rm -f /etc/mail/spamassassin/70_sare_html0.cf; mv -f /etc/mail/spamassassin/70_sare_html1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_html1.cf.2; rm -f /etc/mail/spamassassin/70_sare_html1.cf; mv -f /etc/mail/spamassassin/70_sare_header0.cf /etc/mail > /spamassassin/RulesDuJour/70_sare_header0.cf.2; rm -f /etc/mail/spamassassin/70_sare_head > er0.cf; mv -f /etc/mail/spamassassin/70_sare_header1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_header1.cf.2; rm -f /etc/mail/spamassassin/70_sare_header1.cf; mv -f /etc/mail/spamassassin/70_sare_specific.cf /etc/mail/spamassassin/RulesDuJour/70_sare_specific.cf.2; rm -f /etc/mail/spamassassin/70_sare_specific.cf; mv -f /etc/mail/spamassassin/70_sare_adult.cf /etc/mail/spamassassin/RulesDuJour/70_sare_adult.cf.2; rm -f /etc/mail/spamassassin/70_sare_adult.cf; mv -f /etc/mail/spamassassin/72_sare_bml_post25x.cf /etc/mail/spamassassin/RulesDuJour/72_sare_bml_post25x.cf.2; rm -f /etc/mail/spamassassin/72_sare_bml_post25x.cf; mv -f /etc/mail/spamassassin/99_sare_fraud_post25x.cf /etc/mail/spamassassin/RulesDuJour/99_sare_fraud_post25x.cf.2; rm -f /etc/mail/spamassassin/99_sare_fraud_post25x.cf; mv -f /etc/mail/spamassassin/70_sare_spoof.cf /etc/mail/spamassassin/RulesDuJour/70_sare_spoof. > cf.2; rm -f /etc/mail/spamassassin/70_sare_spoof.cf; mv -f /etc/mail/spamassassin/70_sare_ > random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f /etc/mail/spamassassin/70_sare_random.cf; mv -f /etc/mail/spamassassin/70_sare_oem.cf /etc/mail/spamassassin/RulesDuJour/70_sare_oem.cf.2; rm -f /etc/mail/spamassassin/70_sare_oem.cf; mv -f /etc/mail/spamassassin/70_sare_genlsubj0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_genlsubj0.cf.2; rm -f /etc/mail/spamassassin/70_sare_genlsubj0.cf; mv -f /etc/mail/spamassassin/70_sare_genlsubj1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_genlsubj1.cf.2; rm -f /etc/mail/spamassassin/70_sare_genlsubj1.cf; mv -f /etc/mail/spamassassin/70_sare_unsub.cf /etc/mail/spamassassin/RulesDuJour/70_sare_unsub.cf.2; rm -f /etc/mail/spamassassin/70_sare_unsub.cf; mv -f /etc/mail/spamassassin/70_sare_uri0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_uri0.cf.2; rm -f /etc/mail/spamassassin/70_sare_uri0.cf; mv -f /etc/mail/spamassassin/tr > ipwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamas > sassin/tripwire.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum1.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum1.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum2.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum2.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum2.cf; mv -f /etc/mail/spamassassin/random.cf /etc/mail/spamassassin/RulesDuJour/random.current.cf.2; rm -f /etc/mail/spamassassin/random.cf; mv -f /etc/mail/spamassassin/bogus-virus-warnings.cf /etc/mail/spamassassin/RulesDuJour/bogus-virus-warnings.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/bogus-virus-warnings.cf.20051109-2052 /etc/mail/spamassassin/bogus-virus-warnings.cf; mv -f /etc/mail/spamassassin/70_sare_header.cf /etc/mail/spamassassin/RulesDuJour/70_sare_header.cf.2; rm -f /etc/mail/spamassassin/70_sare_header.cf; mv -f /etc/mail/spamassassin/70_sare_h > tml.cf /etc/mail/spamassassin/RulesDuJour/70_sare_html.cf.2; rm -f /etc/mail/spamassassin/ > 70_sare_html.cf; > > Lint output: [21191] warn: config: warning: score set for non-existent rule RCVD_IN_RSL > > [21191] warn: lint: 1 issues detected, please rerun with debug enabled for more information > > > Matt Kettler wrote: > Look in your /etc/mailscanner/spam.assassin.prefs file for something like; score RCVD_IN_RSL and comment out that line. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From victor at PIXELMAGICFX.COM Wed Nov 9 23:10:16 2005 From: victor at PIXELMAGICFX.COM (Victor DiMichina) Date: Thu Jan 12 21:31:10 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Searching through the archives, I have found a lot of questions but no answers on how to actually get the Panda Wrapper to work. Below is the output of two tests on an EICAR virus. The first command was done with the wrapper. Here you see the command and the output of "Virus: 0" even though there is clearly an eicar virus in that directory.: [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex -nso -aut -cmp . Virus: 0 and the very next command was run with pavcl in the same directoy, finding the virus: [root@hoshi 715]# pavcl -nsb -eng -aex -nso -aut -cmp . Panda Antivirus Linux, Copyright 1989-2003 (c) Panda Software Time employed for scan .............: 00:00:00 Number of files scanned ............: 5 Number of files infected ...........: 4 Number of files disinfected ........: 0 Number of files renamed ............: 0 Number of files deleted ............: 0 Has anyone gotten the Panda Wrapper to actually work? Vic RH 8 Mail Scanner 4.47.4-2 CGPro ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Nov 9 22:45:40 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:10 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! >> uri PROLO_LEO4 /http:\/\/.*tripod.com/ >> >> should be >> >> uri PROLO_LEO4 /http:\/\/*\.tripod\.com/ > Feel free to alter whatever you like ;) Oh btw, next time please test before posting a 'better' one. The one i originally posted wasnt strict, true, but it was working. The second one wasnt working at all. A working one would be: uri PROLO_LEO4 /http:\/\/.*\.tripod\.com/ Currently we have running: body PROLO_LEO1 /85\,45|1\,21/ body PROLO_LEO2 /69\,95|3\,33/ body PROLO_LEO3 /99\,95|3\,75/ uri PROLO_LEO4 /http:\/\/.*\.tripod\.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far Since they altered it again, like we are used with Leo's. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ken at ACOTEC.COM Thu Nov 10 01:15:37 2005 From: ken at ACOTEC.COM (Ken Hilliard) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: I have installed MailScanner. It has been working well for months. Now users are getting a warnings like: "Warning: This message has had one or more attachments removed (updated-password.zip, updated-passwo.pif). Please Read the "domainname-Attachment-Warning.txt" attachment(s) for more information" The email that they are receiving is a form message. For example: "Dear user xxx, You have successfully updated the password of your domain-name account. If you did not authorize this change or if you need assistance with your account please contain domain-name customer service at: admininstrator@domain-name.com Thank you for using domain-name! The domain-name Support Team" I assumed that the PCs were infected with a virus that was generating the content but all the machines have anti-virus and we did online scans. Does anybody have any ideas. Thx, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Nov 10 01:35:46 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Ken Hilliard > Sent: Wednesday, November 09, 2005 8:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: {Spam?}{Filename?} warning > > > I have installed MailScanner. It has been working well for months. Now > users are getting a warnings like: > > "Warning: This message has had one or more attachments removed > (updated-password.zip, updated-passwo.pif). Please Read the > "domainname-Attachment-Warning.txt" attachment(s) for more information" > > The email that they are receiving is a form message. For example: > > "Dear user xxx, > > You have successfully updated the password of your domain-name account. > > If you did not authorize this change or if you need assistance with your > account please contain domain-name customer service at: > admininstrator@domain-name.com > > Thank you for using domain-name! > The domain-name Support Team" > > I assumed that the PCs were infected with a virus that was generating > the content but all the machines have anti-virus and we did online > scans. Does anybody have any ideas. > > Thx, Ken This looks like MyTob. MailScanner is stripping the payload but one would think it wouldn't get that far. What AV scanners are you running? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ken at ACOTEC.COM Thu Nov 10 02:07:49 2005 From: ken at ACOTEC.COM (Ken Hilliard) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: I am using MailScanner-Clamav on the Linux machine. The LAN PCs are using Macafee antivirus. It appears that messages is happening in outbound generated messages but I have to do more checking to verify this. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper Sent: Thursday, November 10, 2005 8:36 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: {Spam?}{Filename?} warning > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Ken Hilliard > Sent: Wednesday, November 09, 2005 8:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: {Spam?}{Filename?} warning > > > I have installed MailScanner. It has been working well for months. Now > users are getting a warnings like: > > "Warning: This message has had one or more attachments removed > (updated-password.zip, updated-passwo.pif). Please Read the > "domainname-Attachment-Warning.txt" attachment(s) for more information" > > The email that they are receiving is a form message. For example: > > "Dear user xxx, > > You have successfully updated the password of your domain-name account. > > If you did not authorize this change or if you need assistance with your > account please contain domain-name customer service at: > admininstrator@domain-name.com > > Thank you for using domain-name! > The domain-name Support Team" > > I assumed that the PCs were infected with a virus that was generating > the content but all the machines have anti-virus and we did online > scans. Does anybody have any ideas. > > Thx, Ken This looks like MyTob. MailScanner is stripping the payload but one would think it wouldn't get that far. What AV scanners are you running? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Nov 10 02:18:10 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Ken Hilliard > Sent: Wednesday, November 09, 2005 9:08 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: {Spam?}{Filename?} warning > > > I am using MailScanner-Clamav on the Linux machine. The LAN PCs are > using Macafee antivirus. It appears that messages is happening in > outbound generated messages but I have to do more checking to verify > this. > [...] I would look at the headers, are you scanning outbound for filename rules and spam? I would think the Received headers are going to show it came from outside (I hope) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 10 07:25:46 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: > On 09/11/05, Anders Andersson, IT > wrote: > > Hi > > There has been a little desussion between me and other mail admins, > > working in same line of bussiness running a shared > RBL-server. Since > > the heaalthcare business here have rules and regulations > its sometimes > > hard to use external RBL's that we can't controll. > > Really? Assuming you don't have any other rules than the ones > governing any Swedish government works/institutions, you > should be fine... at least using them for scoring and > probably even for flat-out rejections. STAKO has a nice > publication on the legal aspects of this for public institutions ... > http://www.statskontoret.se/upload/Publikationer/2005/200505.pdf ... > Perhaps worth reading for you too? > > -- > -- Glenn Ive read it and its more or less on those grounds we been discussing. Nothing been desided but since we all get hammered from time to time and since we would all do our part it might be plausable solution :) There is still the problem finding out good workflows and how to handle it from different systems. Maybe a honeypot on each of our different domains harvesting emails. /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Nov 10 09:55:47 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: Sophos Wrapper a suggestion Message-ID: Hi, Following on from the discussion yesterday about the SAV_IDE directory setting for the sophos-wrapper script, I have been giving this some more thought, and have a proposed modification. Summary of the problem The sophos-wrapper script is designed to work hand in hand with the sophos-autoupdate script supplied with MailScanner. Which makes a lot of sense seeing as up until recently Sophos did not come with a default way of keeping it up to date automatically. This mechanism uses a non-Sophos directory for storing the virus identity files. This setup means that on systems that have Sophos installed into its standard locations the sophos-wrapper script does not work without either modifying the script, moving Sophos, or creating a link in the file system. In my case I had Sophos installed in its default location and had already created a script to update its identities. I had to do some furkling around under the bonnet to work out why the wrapper wasn't working and then put in place a workaround. Now that Sophos is able to auto-update itself (even the Unix versions) it is likely that more people may already have it installed in the default locations. Yesterday there was a suggestion of creating a new wrapper for standard Sophos installs. But this is only a case of setting one directory or another. I have attached a modified version of sophos- wrapper that sets the SAV_IDE environment variable depending on the existence or otherwise of the ide/sav directories. Hopefully this will work for both cases without anyone else having to check under the bonnet. The change is basically: SAV_IDE=$PackageDir/ide # Check to see if Sophos is using the Sophos install directory, # rather than the MailScanner Sophos # update directory if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then SAV_IDE=$PackageDir/sav fi So the wrapper defaults to the current situation, and if the ide directory does now exist and the sav directory does, it uses that one instead. Any comments? Can this be included in the MailScanner distribution? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ I'm in shape. - ROUND is a shape. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Text from file 'sophos-wrapper'" ] #!/bin/sh # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2001 Julian Field # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # Jules@JulianField.net # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # United Kingdom # # JKF Wrapper Sophos programs with the correct LD_LIBRARY_PATH # Modified for solaris by CJG # Then tweaked for heron by JKF again # Modified to check for the existence of the Sophos standard install directory, if the MailScanner ide dir # does not exist. AJP 10 Nov 2005 PackageDir=$1 shift prog=sweep # `basename $0` SAV_IDE=$PackageDir/ide # Check to see if Sophos is using the Sophos install directory, rather than the MailScanner Sophos # update directory if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then SAV_IDE=$PackageDir/sav fi LD_LIBRARY_PATH=$PackageDir/lib LANG=C export SAV_IDE export LD_LIBRARY_PATH export LANG if [ "x$1" = "x-IsItInstalled" ]; then [ -x ${PackageDir}/bin/$prog ] && exit 0 exit 1 fi exec ${PackageDir}/bin/$prog "$@" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 10 11:10:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:10 2006 Subject: Sophos Wrapper a suggestion Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 10 Nov 2005, at 09:55, Anthony Peacock wrote: > Hi, > > Following on from the discussion yesterday about the SAV_IDE > directory setting for the sophos-wrapper script, I have been giving > this some more thought, and have a proposed modification. > > Summary of the problem > > The sophos-wrapper script is designed to work hand in hand with the > sophos-autoupdate script supplied with MailScanner. Which makes a > lot of sense seeing as up until recently Sophos did not come with a > default way of keeping it up to date automatically. This mechanism > uses a non-Sophos directory for storing the virus identity files. > This setup means that on systems that have Sophos installed into its > standard locations the sophos-wrapper script does not work without > either modifying the script, moving Sophos, or creating a link in the > file system. In my case I had Sophos installed in its default > location and had already created a script to update its identities. > I had to do some furkling around under the bonnet to work out why the > wrapper wasn't working and then put in place a workaround. Now that > Sophos is able to auto-update itself (even the Unix versions) it is > likely that more people may already have it installed in the default > locations. > > Yesterday there was a suggestion of creating a new wrapper for > standard Sophos installs. But this is only a case of setting one > directory or another. I have attached a modified version of sophos- > wrapper that sets the SAV_IDE environment variable depending on the > existence or otherwise of the ide/sav directories. Hopefully this > will work for both cases without anyone else having to check under > the bonnet. > > The change is basically: > > SAV_IDE=$PackageDir/ide > > # Check to see if Sophos is using the Sophos install directory, > # rather than the MailScanner Sophos > # update directory > if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then > SAV_IDE=$PackageDir/sav > fi > > So the wrapper defaults to the current situation, and if the ide > directory does now exist and the sav directory does, it uses that one > instead. > > Any comments? > > Can this be included in the MailScanner distribution? Once a few people have tried it and all agree that it works, then I will include it. People, can you test this please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3Mqwvw32o+k+q+hAQFHIQgAraTMnTr6sRg142ovfm5cY0Ramn8T4tC6 w0f+yeqgHYaAst7gtxCGbU0itEtx4CUziE0ZAZU7NqY9glLa64MT6OOevlpu1fK/ rCHckKRzTK+vIfD5T7SjpLVcsamWU7G7E2yKip3bYNYvzRhpno2ak6fHJwNZoyHW 3bIQkuRV3fXWZ4IHkRHDr7+amA8VjnK8/r6pbCswJmqY0SWjFzX8amYXfZh2G+Cf Qeqiaj7sANG/kpuWYJpSnuGu71TEhwCUAU5SnumyNATX7yDIHbRHsK/vqF1h0wpx c9oDMHCd8Vw9ypHw/PT2PYrmaAag4XEm0ZuxpiV9/v7ALjtcjVMneA== =YrIg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Nov 10 11:22:55 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: Sophos Wrapper a suggestion Message-ID: Hi, > > So the wrapper defaults to the current situation, and if the ide > > directory does now exist and the sav directory does, it uses that That should have read as "...does NOT exist..." > > one instead. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Thu Nov 10 12:50:09 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: Hi, I want to sign all outgoing mails with a company logo. Can I have an embedded image in the the signature. I dont want to put an url because the logo must be visible offline too. Thanks Ram ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 10 12:43:50 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 10/11/05, Anders Andersson, IT wrote: > > On 09/11/05, Anders Andersson, IT > > wrote: > > > Hi > > > There has been a little desussion between me and other mail admins, > > > working in same line of bussiness running a shared > > RBL-server. Since > > > the heaalthcare business here have rules and regulations > > its sometimes > > > hard to use external RBL's that we can't controll. > > > > Really? Assuming you don't have any other rules than the ones > > governing any Swedish government works/institutions, you > > should be fine... at least using them for scoring and > > probably even for flat-out rejections. STAKO has a nice > > publication on the legal aspects of this for public institutions ... > > http://www.statskontoret.se/upload/Publikationer/2005/200505.pdf ... > > Perhaps worth reading for you too? > > > > -- > > -- Glenn > Ive read it and its more or less on those grounds we been discussing. > Nothing been desided but since we all get hammered from time to time and > since we would all do our part it might be plausable solution :) Yes, of course! As they stress time and time again, the policy (as derived from applicable laws) is largely up to each institution... So defining ones own measure (RBL in this case) might be correct for one institution, but not another. Since the laws aren't specifically written with spam in mind (well, perhaps with the snail-mail variant, but not with email carried dittos:-), there is some room for interpretation... As I (and thankfully my organization) sees it, it is quite OK to use RBLs as long as we don't delete, but rather store, so that a designated handler (person) can review them... Means that someone has to glance through the quarantine (but not necessarily the actual mails... compare with throwing away a ... promotional ... catalog without checking inside it for a margin note/messages from a citizen to the government) in MW once/week (I keep my quarantine for 93 days, to be on the safe side;), but no one else need even look. And one could even use the law governing public archives as such that one could delete as a "preemptive culling"... although this is more ... murky waters. > > There is still the problem finding out good workflows and how to handle > it from different systems. Maybe a honeypot on each of our different > domains harvesting emails. > > > /Anders > Oh yes, by all means... Or perhaps just "harvest each others quarantines"... Would be rather funky to have some official "public sector owned" Swedish RBLs. Not sure the PHB would see it like that though:-). And there is the problem of each "participating" government agency having to ... sync .. their spam handling policies. Perhaps not doable. This RBL _should_ be handled/operated/funded by Sitic (Swedish IT-incident center: http://www.sitic.se/), but I rather doubt they'd agree:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From djlucas at ORCSD.ORG Thu Nov 10 13:37:38 2005 From: djlucas at ORCSD.ORG (David Lucas) Date: Thu Jan 12 21:31:10 2006 Subject: Trouble with SpamAssassin getting killed Message-ID: Hello, I've been noticing that MailScanner is reporting that Spamassassin has timed out and it killing the process. MailScanner[24804]: SpamAssassin timed out and was killed, failure 3 of 10 I've also been getting in the message header of messages: MailScanner-SpamCheck: not spam, SpamAssassin (timed out) Does anyone know why Spamassassin would time out?? Is there something wrong?!?! Thanks!! Dave ************************** David J. Lucas, CCNA Oyster River Cooperative School District Phone: (603) 868-5100 ext. 41 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Nov 10 14:08:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:10 2006 Subject: Trouble with SpamAssassin getting killed Message-ID: Depends what SA timeout you have (mines 90), how loaded etc your machine is we to why SA is taking so long. (too many RBL's perhaps?) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David Lucas > Sent: 10 November 2005 13:38 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Trouble with SpamAssassin getting killed > > Hello, > > I've been noticing that MailScanner is reporting that Spamassassin has > timed > out and it killing the process. > > MailScanner[24804]: SpamAssassin timed out and was killed, failure 3 of 10 > > I've also been getting in the message header of messages: > > MailScanner-SpamCheck: not spam, SpamAssassin (timed out) > > Does anyone know why Spamassassin would time out?? Is there something > wrong?!?! > > Thanks!! > > Dave > > ************************** > David J. Lucas, CCNA > Oyster River Cooperative School District > Phone: (603) 868-5100 ext. 41 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Thu Nov 10 14:15:03 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: Don't do it! It will attract only derision from the recipients. And it won't work in plain text emails, which is all that good net citizens should be sending, anyhow. You could try ASCII art, I guess ;-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ramprasad > Sent: 10 November 2005 12:50 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Embedded image in inline signature > > Hi, > I want to sign all outgoing mails with a company logo. > Can I have an embedded image in the the signature. I dont > want to put an url because the logo must be visible offline too. > > Thanks > Ram > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tobias.axelsson at VXU.SE Thu Nov 10 14:06:39 2005 From: tobias.axelsson at VXU.SE (Tobias Axelsson) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No hard feelings, but I really hope there is no solution. lol, You would force all messages to be formatted html and get an attachment on all mail... ...and it would feel... ...would feel... ...just wrong :) /Tobias Ramprasad wrote: >Hi, >I want to sign all outgoing mails with a company logo. >Can I have an embedded image in the the signature. I dont want to put an >url because the logo must be visible offline too. > >Thanks >Ram > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 10 14:22:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This is possible, but it involves me writing custom code for you, which I don't do for free. So if you want me to do it, expect to have to pay me :-) On 10 Nov 2005, at 12:50, Ramprasad wrote: > Hi, > I want to sign all outgoing mails with a company logo. > Can I have an embedded image in the the signature. I dont want to > put an > url because the logo must be visible offline too. > > Thanks > Ram > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3NXuPw32o+k+q+hAQHaoAf/YeaW1rREzIll1qxk+Q12fxLbtzldwtIe 0CPeXVzXMA50PRhxPTTPrsl132JL0c5OsAB4ng06NHe5rqdYQA1hpYJP2vOw+VuT ofczkXdCHMC7tl+nPPAusMrb5lvhHGgOhPCLD5AlP7pC+jt7ilNvcbYM+wtH51ac JpvCRX7hdac3pAmdLMCE1afjcuR/eCHvPzjy2v4PAt9lHL6I3SLZru8vfldE7rUf 7tqil/zfB0cR8/6eTJOv00Paw5bVoqwQN3pbUZHg10v/BdOBkBdjm6yeDz+tBafF 8kJ/YoMT0yV0DB9jQT0DJbk3DstErZJsYpUq5RlnM7luHQWq3NPyjQ== =221l -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 10 14:52:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: Trouble with SpamAssassin getting killed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Lucas wrote: > Hello, > > I've been noticing that MailScanner is reporting that Spamassassin has timed > out and it killing the process. > > MailScanner[24804]: SpamAssassin timed out and was killed, failure 3 of 10 > > I've also been getting in the message header of messages: > > MailScanner-SpamCheck: not spam, SpamAssassin (timed out) > > Does anyone know why Spamassassin would time out?? Is there something > wrong?!?! > Most likely it's only something wrong with MailScanner. check your bayes directory.. are there a bunch of bayes "expire" files laying around? If so, MailScanner is killing SA as it tries to expire tokens. Quite frankly, I've never had MailScanner "time out" spamassassin for any valid reason since SA 2.43. As a result have my spamassassin timeout set for 10 minutes now. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 10 14:55:31 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 10/11/05, Victor DiMichina wrote: > Searching through the archives, I have found a lot of questions but no > answers on how to actually get the Panda Wrapper to work. Below is > the output of two tests on an EICAR virus. > > The first command was done with the wrapper. Here you see the command > and the output of "Virus: 0" even though there is clearly an eicar virus > in that directory.: > > [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex > -nso -aut -cmp . > Virus: 0 > This is a matetr of how you are calling the wrapper, or rather how it differs from the directory layout when you call it compared to when it is called in MS. (As implied in my not http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:panda:install#notes_on_panda_support_in_mailscanner) It assumes that the files to scan is in subdirectories to the current working directory (the "." is ignored), and runs pavcl once/directory. so if you "cd .." and rerun the wrapper, it'll probably work OK.... And If you pass the EICAR through "the normal way" (http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion) it'd probably work too. Rick Cooper (who wrote the current wrapper) can perhaps elaborate a bit on why it looks like it does (as well as if I'm right;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu Nov 10 16:24:45 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:31:10 2006 Subject: SAV for Linux was RE: [MAILSCANNER] Sophos Wrapper a suggestion Message-ID: I'm not sure how many people on the list are aware that Sophos is currently Beta testing a new version of SAV for Linux (5.0) which includes on-access scanning. More information on it can be found here http://www.sophos.com/products/es/beta/sav-linux/ . From G.Pentland at SOTON.AC.UK Thu Nov 10 16:51:55 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:31:10 2006 Subject: SAV for Linux Message-ID: Just a quick note... Sophos version 5 has caused us quite a few issues on Windows so I'd suggest caution and careful testing... Of course we always do that anyway, don't we? :-) Gary MailScanner mailing list wrote: > I'm not sure how many people on the list are aware that Sophos is > currently Beta testing a new version of SAV for Linux (5.0) which > includes on-access scanning. More information on it can be found > here http://www.sophos.com/products/es/beta/sav-linux/ . > > From the Beta FAQ ( > http://www.sophos.com/products/es/beta/sav-linux/faqs.html#i2 ): > > How long will Sophos Anti-Virus for Linux, version 3.xx, be available > after the launch of Sophos Anti-Virus for Linux, version 5.0? > > Because administrators have to uninstall Sophos Anti-Virus for Linux, > version 3.xx, in order to upgrade to version 5.0, we will support > version 3.xx for one year after version 5.0 becomes available. > > It also appears that there will also be better updating capabilities > with the new version. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at KONSULTEX.COM.BR Thu Nov 10 18:21:18 2005 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:31:10 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've been using Mail Scanner for 4 years on 4 servers. I've gone through many version updates and not once did I have any problem at all. Except for this morning and I was not doing any updating. This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. I noticed a problem because due to other maintenance I had to restart Mail Scanner. I normally stop it and the start again: /etc/rc.d/init.d/MailScanner stop /etc/rc.d/init.d/MailScanner start I also usually have to stop some sendmail processes that are left running: /etc/rc.d/init.d/sendmail stop It refused to start with a perl segmentation fault in this program and line: /usr/sbin/check_MailScanner line: 118 (which in my file is the last line) There was no magic I could conjure to make it work. (I checked running processes, Mailscanner.conf, restarted named). I tried to update to the latest version which was supposed to happen anyway but after running install.sh I got these types of errors for the first few perl modules: segmentation fault /var/tmp/rpm-tmp.94497 (not quite sure now of the exact message which indicated that the return from the make was bad) . I had to do something because complaints were starting to roll in. I also tried to reinstall the version I had running but the sale perl problems appeared. I then did something that I really, reall, reallyy hate to do: I restarted the server (shutdown -r now). Mail Scanner started up just fine. When the server restarted this is the normal message in /var/log/messages: Nov 10 11:43:21 rivendell MailScanner: Starting MailScanner daemons: Nov 10 11:43:21 rivendell MailScanner: incoming sendmail: Nov 10 11:43:22 rivendell MailScanner: succeeded Nov 10 11:43:22 rivendell MailScanner: ^[[60G Nov 10 11:43:22 rivendell MailScanner: Nov 10 11:43:22 rivendell MailScanner: outgoing sendmail: Nov 10 11:43:22 rivendell MailScanner: succeeded Nov 10 11:43:22 rivendell MailScanner: Nov 10 11:43:22 rivendell MailScanner: MailScanner: Nov 10 11:43:27 rivendell MailScanner: succeeded Nov 10 11:43:27 rivendell MailScanner: ^[[60G Nov 10 11:43:27 rivendell MailScanner: Nov 10 11:43:27 rivendell rc: Starting MailScanner: succeeded Prior to that and before rebooting, this is in the log: Nov 10 10:51:37 rivendell MailScanner: MailScanner -15 succeeded a few times. Since this particular text is not in the log (this month at least), maybe it points to some problem. I noticed in the /var/log/maillog that around the time the emails stopped being processed, there are many error lines like this: ERROR: MD5 verification error Nov 10 08:09:31 rivendell MailScanner[4005]: New Batch: Scanning 1 messages, 1641 bytes Nov 10 08:09:31 rivendell MailScanner[4005]: Virus and Content Scanning: Starting Nov 10 08:09:31 rivendell MailScanner[4005]: ERROR: MD5 verification error Nov 10 08:09:31 rivendell MailScanner[4005]: Uninfected: Delivered 1 messages Needless to say, right now I'm just happy to have this all working again (perhaps only for a short time until MailScanner needs to restart due to old age) and I did not try to restart manually. Has nybody had this problem? Any idea if that error message is relevant? Miguel -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 10 18:26:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren O'Brien de Lacy wrote: > I've been using Mail Scanner for 4 years on 4 servers. I've gone through > many version updates and not once did I have any problem at all. Except > for this morning and I was not doing any updating. > > This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. I > noticed a problem because due to other maintenance I had to restart Mail > Scanner. I normally stop it and the start again: > > ERROR: MD5 verification error That message is generated by clamav, and means that one of your cvd files is corrupted. You can fix it by removing the file and re-downloading with freshclam http://www.gossamer-threads.com/lists/clamav/users/22611 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 10 18:32:29 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren O'Brien de Lacy wrote: > I've been using Mail Scanner for 4 years on 4 servers. I've gone through > many version updates and not once did I have any problem at all. Except > for this morning and I was not doing any updating. > > This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. Oh, one more thing.. Clamav 0.87 has security holes . Update to 0.87.1 ASAP. Vulnerabilities in 0.87 include: FSG file buffer overflow: http://www.securityfocus.com/bid/15318 CAB file DoS: http://www.securityfocus.com/bid/15317 TNEF file DoS: http://www.securityfocus.com/bid/15316 OLE2 DoS: http://www.securityfocus.com/bid/15101 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 10 18:59:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: Sophos Wrapper a suggestion Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have made a bit of a change to simplify it: SAV_IDE=$PackageDir/ide # Check to see if Sophos is using the Sophos install directory, # rather than the MailScanner Sophos update directory. if [ \! -x ${PackageDir}/ide -a -x ${PackageDir}/sav ]; then SAV_IDE=$PackageDir/sav fi You need to escape the ! to make sure you don't hit problems with accessing the command history. And even /bin/sh on Solaris supports -a so everything else should too. Julian Field wrote: > * PGP Signed by an unmatched address: 11/10/05 at 11:10:58 > > > On 10 Nov 2005, at 09:55, Anthony Peacock wrote: > >> Hi, >> >> Following on from the discussion yesterday about the SAV_IDE >> directory setting for the sophos-wrapper script, I have been giving >> this some more thought, and have a proposed modification. >> >> Summary of the problem >> >> The sophos-wrapper script is designed to work hand in hand with the >> sophos-autoupdate script supplied with MailScanner. Which makes a >> lot of sense seeing as up until recently Sophos did not come with a >> default way of keeping it up to date automatically. This mechanism >> uses a non-Sophos directory for storing the virus identity files. >> This setup means that on systems that have Sophos installed into its >> standard locations the sophos-wrapper script does not work without >> either modifying the script, moving Sophos, or creating a link in the >> file system. In my case I had Sophos installed in its default >> location and had already created a script to update its identities. >> I had to do some furkling around under the bonnet to work out why the >> wrapper wasn't working and then put in place a workaround. Now that >> Sophos is able to auto-update itself (even the Unix versions) it is >> likely that more people may already have it installed in the default >> locations. >> >> Yesterday there was a suggestion of creating a new wrapper for >> standard Sophos installs. But this is only a case of setting one >> directory or another. I have attached a modified version of sophos- >> wrapper that sets the SAV_IDE environment variable depending on the >> existence or otherwise of the ide/sav directories. Hopefully this >> will work for both cases without anyone else having to check under >> the bonnet. >> >> The change is basically: >> >> SAV_IDE=$PackageDir/ide >> >> # Check to see if Sophos is using the Sophos install directory, >> # rather than the MailScanner Sophos >> # update directory >> if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then >> SAV_IDE=$PackageDir/sav >> fi >> >> So the wrapper defaults to the current situation, and if the ide >> directory does now exist and the sav directory does, it uses that one >> instead. >> >> Any comments? >> >> Can this be included in the MailScanner distribution? > > > Once a few people have tried it and all agree that it works, then I > will include it. > People, can you test this please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3OYhRH2WUcUFbZUEQIVEwCdGHlGWUo2ZpwHLhjgfhCJS3MnmO4AoKk3 5dIqMY7iztVJB9g1YIAd+kud =bE2g -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at KONSULTEX.COM.BR Thu Nov 10 19:09:53 2005 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:31:11 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt; Right. Thanks a lot. I ran freshclam and noticed the message. Mail Scanner survived the automatic restart of children dying of old age a short while ago. I feel better now Something strange happened today: Nov 10 03:05:03 rivendell MailScanner[21228]: MailScanner child dying of old age Nov 10 03:05:33 rivendell MailScanner[21273]: MailScanner child dying of old age Nov 10 03:12:34 rivendell MailScanner[21585]: MailScanner child dying of old age Nov 10 03:20:05 rivendell MailScanner[21783]: MailScanner child dying of old age Nov 10 03:26:05 rivendell MailScanner[21809]: MailScanner child dying of old age Nov 10 07:05:43 rivendell MailScanner[28811]: MailScanner child dying of old age Nov 10 07:07:44 rivendell MailScanner[28762]: MailScanner child dying of old age Nov 10 07:14:10 rivendell MailScanner[29009]: MailScanner child dying of old age Nov 10 07:20:11 rivendell MailScanner[29199]: MailScanner child dying of old age Nov 10 07:27:45 rivendell MailScanner[29309]: MailScanner child dying of old age -> missed a restart cycle Nov 10 15:44:14 rivendell MailScanner[3672]: MailScanner child dying of old age Nov 10 15:45:45 rivendell MailScanner[3444]: MailScanner child dying of old age Nov 10 15:46:15 rivendell MailScanner[3513]: MailScanner child dying of old age Nov 10 15:46:45 rivendell MailScanner[3817]: MailScanner child dying of old age Nov 10 16:01:49 rivendell MailScanner[3765]: MailScanner child dying of old age Miguel Matt Kettler wrote: Miguel Koren O'Brien de Lacy wrote: I've been using Mail Scanner for 4 years on 4 servers. I've gone through many version updates and not once did I have any problem at all. Except for this morning and I was not doing any updating. This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. Oh, one more thing.. Clamav 0.87 has security holes . Update to 0.87.1 ASAP. Vulnerabilities in 0.87 include: FSG file buffer overflow: http://www.securityfocus.com/bid/15318 CAB file DoS: http://www.securityfocus.com/bid/15317 TNEF file DoS: http://www.securityfocus.com/bid/15316 OLE2 DoS: http://www.securityfocus.com/bid/15101 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 10 23:39:55 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:11 2006 Subject: {Spam?}{Filename?} warning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Hilliard spake the following on 11/9/2005 6:07 PM: > I am using MailScanner-Clamav on the Linux machine. The LAN PCs are > using Macafee antivirus. It appears that messages is happening in > outbound generated messages but I have to do more checking to verify > this. > If you have a site license for McAfee, you could add that to your linux mailserver, along with the free BitDefender. 3 virus scanners seem to give me more assurance of catching things. The message headers will tell you where the mails came from. This is a header from a spam message I got, so I don't care if it is sanitized; Received: from wrksta.com (adsl-70-251-50-174.dsl.okcyok.swbell.net [70.251.50.174]) The resolved ip address is in the square brackets. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 10 23:47:03 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:11 2006 Subject: Embedded image in inline signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I hope this would be "extremely expensive". Or maybe you could also add something for the rest of us to automatically strip the logo. Makes everybody happy!!!! I would rather insert a footer in every mail in the world with my ex-wifes phone number and a "call me for a good time" ;) Julian Field spake the following on 11/10/2005 6:22 AM: > This is possible, but it involves me writing custom code for you, > which I don't do for free. > So if you want me to do it, expect to have to pay me :-) > > On 10 Nov 2005, at 12:50, Ramprasad wrote: > > >>>Hi, >>>I want to sign all outgoing mails with a company logo. >>>Can I have an embedded image in the the signature. I dont want to >>>put an >>>url because the logo must be visible offline too. >>> >>>Thanks >>>Ram >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> > > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From warren at SOFTOV.CO.IL Fri Nov 11 00:46:28 2005 From: warren at SOFTOV.CO.IL (Warren Burstein) Date: Thu Jan 12 21:31:11 2006 Subject: message from mailscanner: ignoring text in character set Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm making some progress with the error I mentioned earlier this week. I've noticed that a handler for all character sets gets installed at some point (this happens three different places in Message.pm), but isn't in place when the first batch of emails is processed, and I'm trying to figure out why. I'm also puzzled by the subroutine FixMaliciousSubjects in SweepContent.pm. What sort of harm can the Subject line do? And in particular, what harm can be caused by trailing whitespace, removed on line 252? $newsubject =~ s/\s*$//g; I think that this can cause a problem if an encoded subject line had a trailing space. I don't see any problem with removing the trailing space, except that the subject line won't get re-encoded, and so you may wind up with 8-bit characters in the Subject line (instead of turning them into quoted-printable or base64), and if the character set isn't your default one, the MUA could display it in the wrong charset. The way this happens is that FixMaliciousSubjects removes the trailing whitespace, and since $newsubject is no longer equal to $subject, it sets $message->{subjectwasunsafe}. That makes one of the Deliver... functions in Message.pm replace the Subject: to what FixMaliciousSubjects changed it. I noticed this by chance - I was shortening a word-encoded subject just to save space, and happened to cut it off at a space - hard to see when it's encoded - and when it got to my mailbox it was no longer encoded, and missing the character set. What was sent said Subject: =?windows-1255?B?5fjp5fog?= but what got delivered to the mailbox was Subject: \345\370\351\345\372 Warren Burstein wrote: > I'm running MailScanner-4.47.4-2 on CentOS release 3.4 (which I > understand is a derivative of Redhat Enterprise Edition). > > When I run MailScanner in Debug mode, if a message is in the queue > with a subject containing text in windows-1255, I see the following > message: > > ignoring text in character set `WINDOWS-1255' > at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 359 > > I searched the archives and found in > http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind02&L=MAILSCANNER&P=R309317&I=-3 > that there was a similar message in 2002 regarding windows-1252, and > it was fixed. I also read that this was not something to worry about, > so I'm not worrying, but I like to get rid of error messages so that > if there is a real problem it will stand out. > > So, if anyone remembers what was done to make this work for > windows-1252, could you tell me, and I'll see if I can do likewise for > 1255? > > thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Nov 11 01:34:43 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:11 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Victor DiMichina > Sent: Wednesday, November 09, 2005 6:10 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: more Panda Wrapper drama > > > Searching through the archives, I have found a lot of questions but no > answers on how to actually get the Panda Wrapper to work. Below is > the output of two tests on an EICAR virus. > > The first command was done with the wrapper. Here you see the command > and the output of "Virus: 0" even though there is clearly an eicar virus > in that directory.: > > [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex > -nso -aut -cmp . > Virus: 0 > > > and the very next command was run with pavcl in the same directoy, > finding the virus: > > [root@hoshi 715]# pavcl -nsb -eng -aex -nso -aut -cmp . > > Panda Antivirus Linux, > Copyright 1989-2003 (c) Panda Software > > Time employed for scan .............: 00:00:00 > Number of files scanned ............: 5 > Number of files infected ...........: 4 > Number of files disinfected ........: 0 > Number of files renamed ............: 0 > Number of files deleted ............: 0 > > Has anyone gotten the Panda Wrapper to actually work? > Yes, my question would be if the directory structure was as is described in the comments at the top of the wrapper? # Make sure your testing dir is one directory deep (don't for get the . BTW) # example # test+ # .+ testfiles # .+ moretestfiles # execute from directory test and it will scan the testfiles and moretestfiles # directories. There should be no sub-dirs below those two, this simulates # MailScanner's process-dir->message-dir structure For a variety of reasons this is the structure that *must* be implemented for the scan to work. For instance if the virus was in a file in the directory 'test' (see above) it would not be caught. It must simulate the same structure as MailScanner creates when it unpacks the mail. If you had the virus in the same directory as the test command was issued, create a subdirectory and move the virus there and re-run the test and it should pick it up, no problem. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Nov 11 01:51:31 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:11 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Glenn Steen > Sent: Thursday, November 10, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: more Panda Wrapper drama > > > On 10/11/05, Victor DiMichina wrote: > > Searching through the archives, I have found a lot of questions but no > > answers on how to actually get the Panda Wrapper to work. Below is > > the output of two tests on an EICAR virus. > > > > The first command was done with the wrapper. Here you see the command > > and the output of "Virus: 0" even though there is clearly an eicar virus > > in that directory.: > > > > [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex > > -nso -aut -cmp . > > Virus: 0 > > > > This is a matetr of how you are calling the wrapper, or rather how it > differs from the directory layout when you call it compared to when it > is called in MS. > > (As implied in my not > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus: > panda:install#notes_on_panda_support_in_mailscanner) > It assumes that the files to scan is in subdirectories to the current > working directory (the "." is ignored), and runs pavcl once/directory. > so if you "cd .." and rerun the wrapper, it'll probably work OK.... > And If you pass the EICAR through "the normal way" > (http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mt a:connexion) > it'd probably work too. > > Rick Cooper (who wrote the current wrapper) can perhaps elaborate a > bit on why it looks like it does (as well as if I'm right;). I think you are right, I think he ran the test from the directory that the file was located in. The current dir is excluded because no unpacked files are ever placed there for one thing, and the per directory scan was because (IIRC) depending on the length of the directory path there is no way to tell where the infection came from (dirname = message-id) because pavcl will truncate the paths, hence if you are scanning a batch and find a virus you may well end up flagging the wrong message as containing the infection, which would be bad. As an aside Panda called me last week and asked if I would be interested in using them for the corporate desktop A/V solution and I recapped my experiences with their Linux command line product and the related tech support. I assured them BitDefender would be our desktop solution. I did tell their people that the way they handled the pavcl output problems would certainly weigh in on how comfortable I would be in signing on with the windows product for 300+ desktops and the support people made it clear the could not care less... the sales person certainly did not seem to agree with them. It's too bad given every person I spoke with at panda that was related to the pavcl project, except the programmers, agreed that the pavcl out put was handled badly and the programming staff had been asked to change it for more than a year... Last I checked it had not been updated. They should take a lesson from the BD *nix project and they might find a more receptive I.T. community when it comes to the windows product. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Nov 11 02:18:50 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:11 2006 Subject: DOS attck vulnerabilty in SpamAssassin Message-ID: I just caught this notice: SpamAssassin Long Message Header Denial of Service. Secunia - UK Description: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of an inefficient regular expression in "/SpamAssassin/Message.pm" to parse email headers. This can cause perl to crash when it runs out of stack space and can be exploited via a malicious email that contains a large number of recipients. The vulnerability has been reported in version 3.0.4. Prior versions may also be affected. Solution: Update to version 3.1.0. http://spamassassin.apache.org/downloads.cgi?update=200509141634 From: http://secunia.com/advisories/17386/ It looks like if you've updated to SpamAssassin 3.1 you should be OK. If not :( Steve Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 11 09:14:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: message from mailscanner: ignoring text in character set Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 11 Nov 2005, at 00:46, Warren Burstein wrote: > I'm making some progress with the error I mentioned earlier this > week. I've noticed that a handler for all character sets gets > installed at some point (this happens three different places in > Message.pm), but isn't in place when the first batch of emails is > processed, and I'm trying to figure out why. > > I'm also puzzled by the subroutine FixMaliciousSubjects in > SweepContent.pm. What sort of harm can the Subject line do? And > in particular, what harm can be caused by trailing whitespace, > removed on line 252? > $newsubject =~ s/\s*$//g; You are going to love this one. You can put MIME headers with embedded ^M characters into the Subject: which means you can actually put an attachment into the Subject: line. Outlook Express will actually extract this as a valid attachment. The other reason is that if Outlook Express sees an attachment with no filename, it uses the contents of the Subject: as the filename. Therefore all the filename attacks (blah.jpg.exe and all the others) should be checked for in the Subject: line as well. > > I think that this can cause a problem if an encoded subject line > had a trailing space. I don't see any problem with removing the > trailing space, except that the subject line won't get re-encoded, > and so you may wind up with 8-bit characters in the Subject line > (instead of turning them into quoted-printable or base64), and if > the character set isn't your default one, the MUA could display it > in the wrong charset. The way this happens is that > FixMaliciousSubjects removes the trailing whitespace, and since > $newsubject is no longer equal to $subject, it sets $message-> > {subjectwasunsafe}. That makes one of the Deliver... functions in > Message.pm replace the Subject: to what FixMaliciousSubjects > changed it. > > I noticed this by chance - I was shortening a word-encoded subject > just to save space, and happened to cut it off at a space - hard to > see when it's encoded - and when it got to my mailbox it was no > longer encoded, and missing the character set. What was sent said > Subject: =?windows-1255?B?5fjp5fog?= > but what got delivered to the mailbox was > Subject: \345\370\351\345\372 > > Warren Burstein wrote: > > >> I'm running MailScanner-4.47.4-2 on CentOS release 3.4 (which I >> understand is a derivative of Redhat Enterprise Edition). >> >> When I run MailScanner in Debug mode, if a message is in the queue >> with a subject containing text in windows-1255, I see the >> following message: >> >> ignoring text in character set `WINDOWS-1255' >> at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 359 >> >> I searched the archives and found in http://www.jiscmail.ac.uk/cgi- >> bin/wa.exe?A2=ind02&L=MAILSCANNER&P=R309317&I=-3 that there was a >> similar message in 2002 regarding windows-1252, and it was fixed. >> I also read that this was not something to worry about, so I'm not >> worrying, but I like to get rid of error messages so that if there >> is a real problem it will stand out. >> >> So, if anyone remembers what was done to make this work for >> windows-1252, could you tell me, and I'll see if I can do likewise >> for 1255? >> >> thanks >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3RhEPw32o+k+q+hAQEP6wgAg/seJhps6uq2xc8Nvq6dXlcDwDaoXqTy oKx50nszGBpRA3OpSCQG66ra6fREnSIn+w07M7w2ZLUBb64uzmN95T7irBRXHYio mHmnOWtXcI2hEzHYtv7/8AzsBFTDpmUYSiY/8mbFVo8xKRqETtIddqhHHzf578wa 9HHKcOzvMC3n9vvpTF5Wn/ZMeneKIkqSqzxxJucys6/hMNql+1UtGnxgM7gOB58h fWh0F2vgY+qPXb5hJPlJy6fmfKZQMmjanic7vcchUC+QHXHepicqCkMdJVkv0tMB KFDtKU+ByMOZQwuYQNOFjrbiGJfqPXL2zmwn36qLzJkbX56yFPf7kg== =6xGa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Nov 11 10:02:01 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:11 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/11/05, Rick Cooper wrote: (snip... discussion on how to use pandawrapper, and why it is as it is) > As an aside Panda called me last week and asked if I would be interested in > using them for the corporate desktop A/V solution and I recapped my > experiences with their Linux command line product and the related tech > support. I assured them BitDefender would be our desktop solution. I did > tell their people that the way they handled the pavcl output problems would > certainly weigh in on how comfortable I would be in signing on with the > windows product for 300+ desktops and the support people made it clear the > could not care less... the sales person certainly did not seem to agree with > them. It's too bad given every person I spoke with at panda that was related > to the pavcl project, except the programmers, agreed that the pavcl out put > was handled badly and the programming staff had been asked to change it for > more than a year... Last I checked it had not been updated. They should take > a lesson from the BD *nix project and they might find a more receptive I.T. > community when it comes to the windows product. > > Rick > WTG! So now, with "the writing on the wall" so to speak, perhaps they will not just "tell their programmers it's bad", but actually take action. Not that I, or you, really care:-). It's just that one wants any AV that MS claim support for to be as optimal as possible. The good effort you've done is truly commendable, but... As you say, how can we really ever trust them (as a provider of AV services)? Oh well, there it is. I just snuck a peak at their download site... Still the same package (7.0.1). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Nov 11 10:16:29 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:11 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 10/11/05, Miguel Koren O'Brien de Lacy wrote: > Matt; > > Right. Thanks a lot. I ran freshclam and noticed the message. Mail Scanner > survived the automatic restart of children dying of old age a short while > ago. I feel better now > > Something strange happened today: > > Nov 10 03:05:03 rivendell MailScanner[21228]: MailScanner child dying of > old age > Nov 10 03:05:33 rivendell MailScanner[21273]: MailScanner child dying of > old age > Nov 10 03:12:34 rivendell MailScanner[21585]: MailScanner child dying of > old age > Nov 10 03:20:05 rivendell MailScanner[21783]: MailScanner child dying of > old age > Nov 10 03:26:05 rivendell MailScanner[21809]: MailScanner child dying of > old age > Nov 10 07:05:43 rivendell MailScanner[28811]: MailScanner child dying of > old age > Nov 10 07:07:44 rivendell MailScanner[28762]: MailScanner child dying of > old age > Nov 10 07:14:10 rivendell MailScanner[29009]: MailScanner child dying of > old age > Nov 10 07:20:11 rivendell MailScanner[29199]: MailScanner child dying of > old age > Nov 10 07:27:45 rivendell MailScanner[29309]: MailScanner child dying of > old age > > -> missed a restart cycle > > Nov 10 15:44:14 rivendell MailScanner[3672]: MailScanner child dying of old > age > Nov 10 15:45:45 rivendell MailScanner[3444]: MailScanner child dying of old > age > Nov 10 15:46:15 rivendell MailScanner[3513]: MailScanner child dying of old > age > Nov 10 15:46:45 rivendell MailScanner[3817]: MailScanner child dying of old > age > Nov 10 16:01:49 rivendell MailScanner[3765]: MailScanner child dying of old > age > > Miguel > Hm, the corrupted cvd and the "bombing perl" and now this... Kind of implies that something sinister might be up with that particular box. RH9 "smells of old age", is the box perhaps getting on a bit too? If so you might be looking at diverse age-related maladies like failing HDDs, RAM going bad ... which in turn can lead to this type of behaviour. If the HDD(s) are "S.M.A.R.T enabled" you might want to look at using tools like the smartmontools to check the health of it/them... And it is never wrong to use a memory tester like Memtest86 (or similar) to assure RAM isn't "it". -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Fri Nov 11 10:26:21 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:11 2006 Subject: Sophos Wrapper a suggestion Message-ID: Hi, Thanks. Shell scripting is not my strong point :-) > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have made a bit of a change to simplify it: > > SAV_IDE=$PackageDir/ide > > # Check to see if Sophos is using the Sophos install directory, > # rather than the MailScanner Sophos update directory. > if [ \! -x ${PackageDir}/ide -a -x ${PackageDir}/sav ]; then > SAV_IDE=$PackageDir/sav > fi > > You need to escape the ! to make sure you don't hit problems with > accessing the command history. And even /bin/sh on Solaris supports -a > so everything else should too. > > Julian Field wrote: > > > * PGP Signed by an unmatched address: 11/10/05 at 11:10:58 > > > > > > On 10 Nov 2005, at 09:55, Anthony Peacock wrote: > > > >> Hi, > >> > >> Following on from the discussion yesterday about the SAV_IDE > >> directory setting for the sophos-wrapper script, I have been giving > >> this some more thought, and have a proposed modification. > >> > >> Summary of the problem > >> > >> The sophos-wrapper script is designed to work hand in hand with the > >> sophos-autoupdate script supplied with MailScanner. Which makes a > >> lot of sense seeing as up until recently Sophos did not come with a > >> default way of keeping it up to date automatically. This mechanism > >> uses a non-Sophos directory for storing the virus identity files. > >> This setup means that on systems that have Sophos installed into > >> its standard locations the sophos-wrapper script does not work > >> without either modifying the script, moving Sophos, or creating a > >> link in the file system. In my case I had Sophos installed in its > >> default location and had already created a script to update its > >> identities. I had to do some furkling around under the bonnet to > >> work out why the wrapper wasn't working and then put in place a > >> workaround. Now that Sophos is able to auto-update itself (even > >> the Unix versions) it is likely that more people may already have > >> it installed in the default locations. > >> > >> Yesterday there was a suggestion of creating a new wrapper for > >> standard Sophos installs. But this is only a case of setting one > >> directory or another. I have attached a modified version of > >> sophos- wrapper that sets the SAV_IDE environment variable > >> depending on the existence or otherwise of the ide/sav directories. > >> Hopefully this will work for both cases without anyone else having > >> to check under the bonnet. > >> > >> The change is basically: > >> > >> SAV_IDE=$PackageDir/ide > >> > >> # Check to see if Sophos is using the Sophos install directory, > >> # rather than the MailScanner Sophos update directory > >> if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then > >> SAV_IDE=$PackageDir/sav > >> fi > >> > >> So the wrapper defaults to the current situation, and if the ide > >> directory does now exist and the sav directory does, it uses that > >> one instead. > >> > >> Any comments? > >> > >> Can this be included in the MailScanner distribution? > > > > > > Once a few people have tried it and all agree that it works, then I > > will include it. People, can you test this please? > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3OYhRH2WUcUFbZUEQIVEwCdGHlGWUo2ZpwHLhjgfhCJS3MnmO4AoKk3 > 5dIqMY7iztVJB9g1YIAd+kud > =bE2g > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ I'm in shape. - ROUND is a shape. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Fri Nov 11 13:43:31 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:11 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Anders Andersson, IT > > Sent: Thursday, November 03, 2005 7:04 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: OT: installing libmilter > > > > Hi all pro's :) > > > > Could somone shed some light how to do the libmilter > installation on > > CentOS. > > I managed to figure out I need the source to build the libmilter > > included in the package > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > > before I can do the rest but Im not sure how to actually do the > > libmilter/sendmail rebuild thingy. > > > > If this is something someone like me should not do pls > informa and Ill > > drop it until I actually know what Im doing > > > > Never even tried to rebuild sendmail since I only use out > of the box > > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > > > /Anders > > You shouldn't need to build libmilter. Just install the > sendmail-devel rpm. > Then read /usr/share/doc/sendmail/README.libmilter for the > gory details. > > Most milters are fairly easy to install. Some general instructions: > > 1. Download and unpack the milter source code 2. Configure > build and install the milter 3. Install the init script so > the milter can start on reboot (some milters do this automatically). > 4. Start and test the milter (look at the mail logs for > error) 5. Configure the init script to run at boot 6. Modify > your sendmail.mc file to configure sendmail to user the milter. > Typically it's just adding a line similar to: > > INPUT_MAIL_FILTER(`milter-greylist', > `S=local:/var/milter-greylist/milter-greylist.sock') > 7. Use m4 to rebuild your sendmail.cf file from your modified > sendmail.mc file 8. Restart sendmail (don't forget to check > the mail log for errors) > > Hope this helps, > > Steve > Turn out to just as simple as you said, damn I hate when I cant figure things out my self :) All is running fine and guess I will have to give at week to see what the result will be regarding decreased mailflow. The only thing I didnt like is the response sent back to the sender, it contains a little to much info Ex. Remote MTA ns2.ltkalmar.se: SMTP diagnostic: 550 5.7.1 ... server [172.29.32.81] for rejected address saying "User unknown" I rather just having it saying "550 5.7.1 User unknown" but I can live with this for the moment :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Fri Nov 11 13:56:10 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:11 2006 Subject: warn: config: warning: score set for non-existent rule FUZZY_PRESCRIPT Message-ID: When I run spamassassin -D -p /usr/local/etc/MailScanner/spam.assassin.prefs.conf --lint This is the output. How do I resolve these errors? [11912] warn: config: failed to parse line, skipping: use_auto_whitelist 0 [11912] warn: config: failed to parse line, skipping: pyzor_path /usr/bin/pyzor [11912] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [11912] warn: config: failed to parse line, skipping: razor_timeout 10 [11912] warn: config: failed to parse line, skipping: pyzor_timeout 10 [11912] warn: config: warning: score set for non-existent rule FUZZY_GUARANTEE [11912] warn: config: warning: score set for non-existent rule FUZZY_BILLION [11912] warn: config: warning: score set for non-existent rule RCVD_IN_RSL [11912] warn: config: warning: score set for non-existent rule FUZZY_XPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_PRESCRIPT [11912] warn: config: warning: score set for non-existent rule FUZZY_SOFTWARE [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_TION [11912] warn: config: warning: score set for non-existent rule FUZZY_PHARMACY [11912] warn: config: warning: score set for non-existent rule FUZZY_TRAMADOL [11912] warn: config: warning: score set for non-existent rule FUZZY_OFFERS [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_MEDICATION [11912] warn: config: warning: score set for non-existent rule FUZZY_CREDIT [11912] warn: config: warning: score set for non-existent rule FUZZY_THOUSANDS [11912] warn: config: warning: score set for non-existent rule FUZZY_CPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_OBLIGATION [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS [11912] warn: config: warning: score set for non-existent rule FUZZY_MONEY [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS [11912] warn: config: warning: score set for non-existent rule FUZZY_CELEBREX [11912] warn: config: warning: score set for non-existent rule FUZZY_FOLLOW [11912] warn: config: warning: score set for non-existent rule FUZZY_PLEASE [11912] warn: config: warning: score set for non-existent rule FUZZY_VICODIN [11912] warn: config: warning: score set for non-existent rule FUZZY_ERECT [11912] warn: config: warning: score set for non-existent rule FUZZY_VLIUM [11912] warn: config: warning: score set for non-existent rule FUZZY_MILLION [11912] warn: config: warning: score set for non-existent rule FUZZY_AFFORDABLE [11912] warn: config: warning: score set for non-existent rule FUZZY_REMOVE [11912] warn: config: warning: score set for non-existent rule FUZZY_ROLEX [11912] warn: config: warning: score set for non-existent rule FUZZY_AMBIEN [11912] warn: config: warning: score set for non-existent rule FUZZY_MORTGAGE [11912] warn: config: warning: score set for non-existent rule FUZZY_PRICES [11912] warn: config: warning: score set for non-existent rule FUZZY_REFINANCE [11912] warn: config: warning: score set for non-existent rule FUZZY_VIOXX [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP [11912] warn: config: warning: score set for non-existent rule FUZZY_VPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_PHENT [11912] warn: config: warning: score set for non-existent rule FUZZY_MILF [11912] dbg: config: using "/root/.spamassassin" for user state dir [11912] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [11912] dbg: config: score set 1 chosen. [11912] dbg: message: ---- MIME PARSER START ---- [11912] dbg: message: main message type: text/plain [11912] dbg: message: parsing normal part [11912] dbg: message: added part, type: text/plain [11912] dbg: message: ---- MIME PARSER END ---- [11912] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [11912] dbg: dns: dns_available set to yes in config file, skipping test [11912] dbg: metadata: X-Spam-Relays-Trusted: [11912] dbg: metadata: X-Spam-Relays-Untrusted: [11912] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x895bc40) implements 'extract_metadata' [11912] dbg: metadata: X-Relay-Countries: [11912] dbg: message: no encoding detected [11912] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c) implements 'parsed_metadata' [11912] dbg: uridnsbl: domains to query: [11912] dbg: check: running tests for priority: 0 [11912] dbg: rules: running header regexp tests; score so far=0 [11912] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [11912] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1131716647" [11912] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1131716647@lint_rules> [11912] dbg: rules: " [11912] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [11912] dbg: rules: " [11912] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [11912] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d971e8)) [11912] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: message was delivered entirely via trusted relays, not required [11912] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [11912] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d971e8)) [11912] dbg: eval: all '*To' addrs: [11912] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: message was delivered entirely via trusted relays, not required [11912] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: rules: ran eval rule NO_RELAYS ======> got hit [11912] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: cannot get Envelope-From, cannot use SPF [11912] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [11912] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [11912] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit [11912] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: spf_whitelist_from: could not find useable envelope sender [11912] dbg: rules: running body-text per-line regexp tests; score so far=0.738 [11912] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [11912] dbg: uri: running uri tests; score so far=0.738 [11912] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [11912] dbg: bayes: not scoring message, returning undef [11912] dbg: bayes: opportunistic call attempt failed, DB not readable [11912] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c)) [11912] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 [11912] dbg: rules: running full-text regexp tests; score so far=0.738 [11912] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c) implements 'check_tick' [11912] dbg: check: running tests for priority: 500 [11912] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c) implements 'check_post_dnsbl' [11912] dbg: rules: running meta tests; score so far=0.738 [11912] dbg: rules: running header regexp tests; score so far=2.216 [11912] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [11912] dbg: uri: running uri tests; score so far=2.216 [11912] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 [11912] dbg: rules: running full-text regexp tests; score so far=2.216 [11912] dbg: check: is spam? score=2.216 required=5 [11912] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [11912] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [11912] warn: lint: 43 issues detected, please rerun with debug enabled for more information Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From rob at THEHOSTMASTERS.COM Fri Nov 11 14:24:20 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:11 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] FYI to everyone.... i think i found my problem... just incase this might help anyone else.... i noticed by fluke that my webserver was also hanging a few times a day... after further investigation, as i though it weird both MS & Apache were hanging several times a day... i check through my dmesg logs carefully only to find an entry like this a few times... APIC error on CPU0: 02(02) After googling it, i saw a few post about this happening and some apps hanging or crashing until "nopic" was added to the kernel boot, so i added the "nopic" option to my kernel at boot time in my /boot/grub/menu.lst, as i use Debian, rebooted and all has been fine since then... i will wait and see if anything happens over the next week, but both MS and Apache are doing fine... :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Rob" To: Sent: Wednesday, November 09, 2005 1:04 PM Subject: Re: Its not ny day for mailscanner > If it helps i also added an init.pre file from SA source as debian did not > have it in /etc/spamassassin the contents of the file are below.... > > # RelayCountry - add metadata for Bayes learning, marking the countries > # a message was relayed through > # > # loadplugin Mail::SpamAssassin::Plugin::RelayCountry > > # URIDNSBL - look up URLs found in the message against several DNS > # blocklists. > # > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > # Hashcash - perform hashcash verification. > # > loadplugin Mail::SpamAssassin::Plugin::Hashcash > > # SPF - perform SPF verification. > # > loadplugin Mail::SpamAssassin::Plugin::SPF > > Could this be causing anything? > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Rob" > To: > Sent: Wednesday, November 09, 2005 1:00 PM > Subject: Re: Its not ny day for mailscanner > > >>I still am having problems and cannot figure out why.... >> >> Nov 9 12:20:45 stewy MailScanner[946]: New Batch: Scanning 1 messages, >> 8128 bytes >> Nov 9 12:20:45 stewy MailScanner[946]: Spam Checks: Starting >> Nov 9 12:20:49 stewy MailScanner[946]: Virus and Content Scanning: >> Starting >> Nov 9 12:20:50 stewy MailScanner[946]: tag found in message >> 50B34BEDB.A57E4 from terry@helliker.net >> Nov 9 12:20:50 stewy MailScanner[946]: Requeue: 50B34BEDB.A57E4 to >> AA2D0BF4C >> Nov 9 12:20:50 stewy MailScanner[946]: Uninfected: Delivered 1 messages >> Nov 9 12:21:42 stewy MailScanner[10390]: MailScanner E-Mail Virus >> Scanner version 4.41.3 starting... >> Nov 9 12:21:42 stewy MailScanner[10390]: Read 120 hostnames from the >> phishing whitelist >> Nov 9 12:21:43 stewy MailScanner[10390]: Enabling SpamAssassin >> auto-whitelist functionality... >> Nov 9 12:21:47 stewy MailScanner[10390]: Using locktype = flock >> >> Died at he time above but still had MailScanner processes running... >> I then restarted at the time below >> >> Nov 9 12:54:30 stewy MailScanner[14310]: MailScanner E-Mail Virus >> Scanner version 4.41.3 starting... >> Nov 9 12:54:30 stewy MailScanner[14310]: Read 120 hostnames from the >> phishing whitelist >> Nov 9 12:54:31 stewy MailScanner[14310]: Enabling SpamAssassin >> auto-whitelist functionality... >> Nov 9 12:54:36 stewy MailScanner[14310]: Using locktype = flock >> Nov 9 12:54:36 stewy MailScanner[14310]: New Batch: Found 63 messages >> waiting >> >> It very unreliable now, i have to restart every 15 mins to make sure mail >> gets delivered.... >> >> Any suggestions on what to look for?? >> The debug did not seem to help much... >> >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> ----- Original Message ----- >> From: "Rob" >> To: >> Sent: Tuesday, November 08, 2005 3:35 PM >> Subject: Re: Its not ny day for mailscanner >> >> >>> ok so after doing this it scanned one message and gave me what seemed to >>> be a normal output.... but i can not site at the consol all day running >>> it in debug mode and restarting each time?? >>> >>> any other things i should look at.... >>> BTW when i say die, it looks like its dead, as i see mailscanner >>> processes in a ps but in the log file i see no mailscanner stuff >>> running... could it be because recently i added RBLs and razor? >>> >>> Thanks... >>> >>> Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner >>> version 4.41.3 starting... >>> Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the >>> phishing whitelist >>> Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin >>> auto-whitelist functionality... >>> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = >>> flock >>> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 >>> Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock >>> Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, >>> 22625 bytes >>> Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 >>> messages >>> Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting >>> Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 >>> Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 >>> Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 >>> found in SBL+XBL >>> Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 >>> Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 >>> Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from >>> 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is >>> spam, SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, >>> DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, >>> DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP >>> 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, >>> RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) >>> Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam >>> messages >>> Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message >>> 51791BF61.03596 actions are delete >>> Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: >>> Starting >>> Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... >>> Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav >>> Nov 8 15:27:37 stewy MailScanner[670]: tag found in message >>> 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca >>> Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to >>> A53A5BF4C >>> Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages >>> Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages >>> Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: >>> from=, size=20795, nrcpt=1 >>> (queue active) >>> Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old >>> age >>> >>> >>> Rob Morin >>> Dido Internet Inc. >>> Montreal, Canada >>> 514-990-4444 >>> http://www.dido.ca >>> >>> ----- Original Message ----- >>> From: "Stephen Swaney" >>> To: >>> Sent: Monday, November 07, 2005 5:51 PM >>> Subject: Re: Its not ny day for mailscanner >>> >>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>> Behalf Of Ugo Bellavance >>>>> Sent: Monday, November 07, 2005 5:00 PM >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: Its not ny day for mailscanner >>>>> >>>>> Stephen Swaney wrote: >>>>> >> -----Original Message----- >>>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>>> >> On >>>>> >> Behalf Of Rob >>>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> >> Subject: Its not ny day for mailscanner >>>>> >> >>>>> >> First off thanks to all for helping me out in the last few days on >>>>> >> this >>>>> >> list i really appreciate it... >>>>> >> >>>>> >> No i have another strange problem... >>>>> >> >>>>> >> MS seems to silently die, and mail keeps coming in but not being >>>>> >> delivered.... >>>>> >> >>>>> >> Nothing in the logs other than the below... >>>>> >> >>>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> >>>>> >> When i run the /usr/sbin/check_mailscaner it says >>>>> >> >>>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>>> >> MailScanner running with pid 8146 8147 >>>>> >> >>>>> >> >>>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>>> >> >>>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>>> >> >>>>> >> Any ideas? >>>>> >> >>>>> >> Rob... >>>>> >> http://www.stupidguytalk.org >>>>> > >>>>> > To make the error a little noisier, in MailScanner.conf please set: >>>>> > >>>>> > Debug = no >>>>> > Debug SpamAssassin = no >>>>> > >>>>> > Then stop and then start MailScanner from the command line. Watch >>>>> > the >>>>> screen >>>>> > output. The reason for MailScanner dying should appear. >>>>> > >>>>> > Steve >>>>> > >>>>> > Stephen Swaney >>>>> > Fort Systems Ltd. >>>>> > stephen.swaney@fsl.com >>>>> > www.fsl.com >>>>> > >>>>> >>>>> I'd say yes, Steve, not no :) >>>>> >>>>> Debug = yes >>>>> Debug SpamAssassin = yes >>>>> >>>>> -- >>>>> Ugo >>>> >>>> Of course, Silly me. Thanks Ugo! >>>> >>>> Steve >>>> >>>> Stephen Swaney >>>> Fort Systems Ltd. >>>> stephen.swaney@fsl.com >>>> www.fsl.com >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> Rob Morin >>> Dido Internet Inc. >>> Montreal, Canada >>> 514-990-4444 >>> http://www.dido.ca >>> >>> ----- Original Message ----- >>> From: "Stephen Swaney" >>> To: >>> Sent: Monday, November 07, 2005 5:51 PM >>> Subject: Re: Its not ny day for mailscanner >>> >>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>> Behalf Of Ugo Bellavance >>>>> Sent: Monday, November 07, 2005 5:00 PM >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: Its not ny day for mailscanner >>>>> >>>>> Stephen Swaney wrote: >>>>> >> -----Original Message----- >>>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>>> >> On >>>>> >> Behalf Of Rob >>>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> >> Subject: Its not ny day for mailscanner >>>>> >> >>>>> >> First off thanks to all for helping me out in the last few days on >>>>> >> this >>>>> >> list i really appreciate it... >>>>> >> >>>>> >> No i have another strange problem... >>>>> >> >>>>> >> MS seems to silently die, and mail keeps coming in but not being >>>>> >> delivered.... >>>>> >> >>>>> >> Nothing in the logs other than the below... >>>>> >> >>>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> >>>>> >> When i run the /usr/sbin/check_mailscaner it says >>>>> >> >>>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>>> >> MailScanner running with pid 8146 8147 >>>>> >> >>>>> >> >>>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>>> >> >>>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>>> >> >>>>> >> Any ideas? >>>>> >> >>>>> >> Rob... >>>>> >> http://www.stupidguytalk.org >>>>> > >>>>> > To make the error a little noisier, in MailScanner.conf please set: >>>>> > >>>>> > Debug = no >>>>> > Debug SpamAssassin = no >>>>> > >>>>> > Then stop and then start MailScanner from the command line. Watch >>>>> > the >>>>> screen >>>>> > output. The reason for MailScanner dying should appear. >>>>> > >>>>> > Steve >>>>> > >>>>> > Stephen Swaney >>>>> > Fort Systems Ltd. >>>>> > stephen.swaney@fsl.com >>>>> > www.fsl.com >>>>> > >>>>> >>>>> I'd say yes, Steve, not no :) >>>>> >>>>> Debug = yes >>>>> Debug SpamAssassin = yes >>>>> >>>>> -- >>>>> Ugo >>>> >>>> Of course, Silly me. Thanks Ugo! >>>> >>>> Steve >>>> >>>> Stephen Swaney >>>> Fort Systems Ltd. >>>> stephen.swaney@fsl.com >>>> www.fsl.com >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Nov 11 14:42:07 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:11 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Anders Andersson, IT > Sent: Friday, November 11, 2005 8:44 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: installing libmilter > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > > > -----Original Message----- > > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Anders Andersson, IT > > > Sent: Thursday, November 03, 2005 7:04 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: OT: installing libmilter > > > > > > Hi all pro's :) > > > > > > Could somone shed some light how to do the libmilter > > installation on > > > CentOS. > > > I managed to figure out I need the source to build the libmilter > > > included in the package > > > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > > > before I can do the rest but Im not sure how to actually do the > > > libmilter/sendmail rebuild thingy. > > > > > > If this is something someone like me should not do pls > > informa and Ill > > > drop it until I actually know what Im doing > > > > > > Never even tried to rebuild sendmail since I only use out > > of the box > > > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > > > > > /Anders > > > > You shouldn't need to build libmilter. Just install the > > sendmail-devel rpm. > > Then read /usr/share/doc/sendmail/README.libmilter for the > > gory details. > > > > Most milters are fairly easy to install. Some general instructions: > > > > 1. Download and unpack the milter source code 2. Configure > > build and install the milter 3. Install the init script so > > the milter can start on reboot (some milters do this automatically). > > 4. Start and test the milter (look at the mail logs for > > error) 5. Configure the init script to run at boot 6. Modify > > your sendmail.mc file to configure sendmail to user the milter. > > Typically it's just adding a line similar to: > > > > INPUT_MAIL_FILTER(`milter-greylist', > > `S=local:/var/milter-greylist/milter-greylist.sock') > > 7. Use m4 to rebuild your sendmail.cf file from your modified > > sendmail.mc file 8. Restart sendmail (don't forget to check > > the mail log for errors) > > > > Hope this helps, > > > > Steve > > > Turn out to just as simple as you said, damn I hate when I cant figure > things out my self :) > All is running fine and guess I will have to give at week to see what > the result will be regarding decreased mailflow. The only thing I didnt > like is the response sent back to the sender, it contains a little to > much info > Ex. > Remote MTA ns2.ltkalmar.se: SMTP diagnostic: 550 5.7.1 > ... server [172.29.32.81] for > rejected address saying "User > unknown" > > I rather just having it saying "550 5.7.1 User unknown" but I can live > with this for the moment :) > That's an interesting point and I'll pass your comment along to Anthony Howe. A quiet or less verbose switch might be useful. In reviewing the milter-ahead documentation I found two useful switches that I had missed before :) I'll pass them along as you might find them useful: -R Reject a RCPT if it uses a routed address (the %-hack). -B For a backup-MX, reject mail when the primary MX is available. This does not conform with RFC 974 "MAIL ROUTING AND THE DOMAIN SYSTEM" section "Interpreting the List of MX RRs", paragraph 7, sentence 2 and 3, which only requires mail clients to attempt delivery to the primary first, before trying other MXes. Spammers often attempt to by-pass spam filters by sending email directly to secondary MX machines, which often have weaker requirements. This option essentially demands that a client only deliver to the primary MX when it is available. The full documentation and other useful milters can be found at: http://www.snertsoft.com/ Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Fri Nov 11 15:09:37 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: Hi, I finally got passed my previous issues... Now trying to execute MAilscanner, which yields the following result: [root sbin]# ./Mailscanner Not enough arguments for mkdir at /usr/lib/MailScanner/MailScanner/TNEF.pm line 126 near ""/ tmp/tnef.$$";" BEGIN failed - compilation aborted at ./MailScanner line 84. TNEF.pm: ----------- # Make the temporary tnef files be created under /tmp for easy removal. mkdir "/tmp/tnef.$$"; <<<---- line 126 chmod 0700, "/tmp/tnef.$$"; %parms = ( ignore_checksum => "true", output_dir => "/tmp/tnef.$$", output_to_core => "NONE" ); my $tnef = Convert::TNEF->read_in("$dir/$tnefname", \%parms); Any clues on how to resolve this? /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 11 15:25:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Sorry, stupid mistake by me. Change the line to read mkdir "/tmp/tnef.$$", 0777; This will be corrected in the next release. On 11 Nov 2005, at 15:09, Anders wrote: > Hi, > I finally got passed my previous issues... > Now trying to execute MAilscanner, which yields the following result: > > [root sbin]# ./Mailscanner > Not enough arguments for mkdir at /usr/lib/MailScanner/MailScanner/ > TNEF.pm line 126 near ""/ > tmp/tnef.$$";" > BEGIN failed - compilation aborted at ./MailScanner line 84. > > TNEF.pm: > ----------- > # Make the temporary tnef files be created under /tmp for easy > removal. > mkdir "/tmp/tnef.$$"; <<<---- > line 126 > chmod 0700, "/tmp/tnef.$$"; > %parms = ( ignore_checksum => "true", > output_dir => "/tmp/tnef.$$", > output_to_core => "NONE" ); > my $tnef = Convert::TNEF->read_in("$dir/$tnefname", \%parms); > > Any clues on how to resolve this? > > /Anders > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3S36vw32o+k+q+hAQHoQgf/SITyJLqX8XxuXo68r5nssi1KmNao7W/D Og9HB3CjegWRWrT4QrtFfhCfUIMoSloK6NwqcwYR9YFuKPQPoCXZC5t1AafJYGw4 P5QSfZa3Oy7aolmHyUyemDLs3jSHRLI5K67X1kTFRM+BT/AuGUB8KkYjvqWnCsuy A8WW8h8R1g5tqz+lgBmfvToRXaOUfy9ap+m2abrMSdBnbUXn/boz4gnnUh/2WnLC PgZNCuKYXv+/rakqOGEgCIEUHiXSVXo9A9X+SVObx9CUBMuih+CH0swFVxe1c7gm JtTcDK+9DGLDkupn3c8S/1UB5BCMLcM7asgqCqCjsZmpEluQ+HrKNA== =RJyE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 11 15:27:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: How odd You're not running in a chroot jail are you?, or running as a non-root user for MailScanner? Has the user in question rights to create that file? What happens if you put MS in debug mode and run it? (edit MailScanner.conf, make both debug values yes then run check_MailScanner ) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Anders > Sent: 11 November 2005 15:10 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] problems with TNEF.pm > > Hi, > I finally got passed my previous issues... > Now trying to execute MAilscanner, which yields the following result: > > [root sbin]# ./Mailscanner > Not enough arguments for mkdir at /usr/lib/MailScanner/MailScanner/TNEF.pm > line 126 near ""/ > tmp/tnef.$$";" > BEGIN failed - compilation aborted at ./MailScanner line 84. > > TNEF.pm: > ----------- > # Make the temporary tnef files be created under /tmp for easy removal. > mkdir "/tmp/tnef.$$"; <<<---- line 126 > chmod 0700, "/tmp/tnef.$$"; > %parms = ( ignore_checksum => "true", > output_dir => "/tmp/tnef.$$", > output_to_core => "NONE" ); > my $tnef = Convert::TNEF->read_in("$dir/$tnefname", \%parms); > > Any clues on how to resolve this? > > /Anders > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Fri Nov 11 15:51:03 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:11 2006 Subject: installing libmilter Message-ID: > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > Sent: Friday, November 11, 2005 3:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: installing libmilter > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Anders Andersson, IT > > Sent: Friday, November 11, 2005 8:44 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: installing libmilter > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > > > > -----Original Message----- > > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > > Behalf Of Anders Andersson, IT > > > > Sent: Thursday, November 03, 2005 7:04 AM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: OT: installing libmilter > > > > > > > > Hi all pro's :) > > > > > > > > Could somone shed some light how to do the libmilter > > > installation on > > > > CentOS. > > > > I managed to figure out I need the source to build the > libmilter > > > > included in the package > > > > > > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.r > > > pm > > > > before I can do the rest but Im not sure how to actually do the > > > > libmilter/sendmail rebuild thingy. > > > > > > > > If this is something someone like me should not do pls > > > informa and Ill > > > > drop it until I actually know what Im doing > > > > > > > > Never even tried to rebuild sendmail since I only use out > > > of the box > > > > with some changes in sendmail.mc so go easy on a > hardcore newbie > > > > :) > > > > > > > > /Anders > > > > > > You shouldn't need to build libmilter. Just install the > > > sendmail-devel rpm. > > > Then read /usr/share/doc/sendmail/README.libmilter for the gory > > > details. > > > > > > Most milters are fairly easy to install. Some general > instructions: > > > > > > 1. Download and unpack the milter source code 2. > Configure build and > > > install the milter 3. Install the init script so the milter can > > > start on reboot (some milters do this automatically). > > > 4. Start and test the milter (look at the mail logs for > > > error) 5. Configure the init script to run at boot 6. Modify your > > > sendmail.mc file to configure sendmail to user the milter. > > > Typically it's just adding a line similar to: > > > > > > INPUT_MAIL_FILTER(`milter-greylist', > > > `S=local:/var/milter-greylist/milter-greylist.sock') > > > 7. Use m4 to rebuild your sendmail.cf file from your modified > > > sendmail.mc file 8. Restart sendmail (don't forget to > check the mail > > > log for errors) > > > > > > Hope this helps, > > > > > > Steve > > > > > Turn out to just as simple as you said, damn I hate when I > cant figure > > things out my self :) All is running fine and guess I will have to > > give at week to see what the result will be regarding decreased > > mailflow. The only thing I didnt like is the response sent > back to the > > sender, it contains a little to much info Ex. > > Remote MTA ns2.ltkalmar.se: SMTP diagnostic: 550 5.7.1 > > ... server [172.29.32.81] for > > rejected address saying "User > > unknown" > > > > I rather just having it saying "550 5.7.1 User unknown" but > I can live > > with this for the moment :) > > > > That's an interesting point and I'll pass your comment along > to Anthony Howe. A quiet or less verbose switch might be useful. > > In reviewing the milter-ahead documentation I found two > useful switches that I had missed before :) I'll pass them > along as you might find them useful: > > -R > Reject a RCPT if it uses a routed address (the %-hack). I saw that but couldnt google it to figure out what it was for so I, styying on the safe side :) > > -B > For a backup-MX, reject mail when the primary MX is > available. This does not conform with RFC 974 "MAIL ROUTING > AND THE DOMAIN SYSTEM" section "Interpreting the List of MX > RRs", paragraph 7, sentence 2 and 3, which only requires mail > clients to attempt delivery to the primary first, before > trying other MXes. Spammers often attempt to by-pass spam > filters by sending email directly to secondary MX machines, > which often have weaker requirements. This option essentially > demands that a client only deliver to the primary MX when it > is available. > > The full documentation and other useful milters can be found at: > > http://www.snertsoft.com/ > > Steve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Fri Nov 11 15:46:08 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: That did it! Thanks a lot for the ultra-quick response!!!! /AW [root sbin]# ./MailScanner -v Running on Linux www.domain.secret 2.2.16C37_III #1 Sat Apr 12 14:54:32 PDT 2003 i586 unknown This is Perl version 5.005030 (%vd) This is MailScanner version 4.47.4 Module versions are: 1.14 Archive::Zip 1.119 Convert::BinHex 1.03 Fcntl 2.6 File::Basename 2.02 File::Copy 2.00 FileHandle 1.0401 File::Path 0.16 File::Temp 1.13 HTML::Entities 2.23 HTML::Parser 2.05 HTML::TokeParser 1.06021 IO::File 1.0902 IO::Pipe 1.67 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.02 POSIX 1.7 Socket 1.01 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.65 DB_File 0.02 Digest 1.00 Digest::HMAC 2.07 Digest::MD5 1.01 Digest::SHA1 missing Inline missing Mail::ClamAV missing Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.28 Test::Harness 0.62 Test::Simple missing Text::Balanced 1.02 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Fri Nov 11 18:53:24 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: Hey guys, Well, it's finally happened: I contract IT services for a client who I've heard through the grapevine is seriously considering spam as an option. This company is a sub 20 person small business. First: let me say for the record that if I'm asked to implement this I will refuse and if they pursue this through other means I will sever the contract. That being said, I'd like to talk them out of it, as they're otherwise a good client and I'd like to keep them. I'd like to think that if they were presented with all the information they'd back off. The problem is that everything I can find is more of the technical "how do I fight spam" kind of document, and not so much "why you shouldn't send spam, you idiot" and I'm looking for documents of the latter type to send to this client. They haven't approached me about this yet, I heard this from a mid-level employee who thought I should know that it may be coming. I'd like to be armed with a bit more than "it's unethical" (although, really, that should be enough). I can explain about botnets and viruses, worms and trojans till I'm blue in the face, but all that stuff is sort of esoteric to a non-techie who's just looking for a revenue stream. So, if anyone has any links, advice, or anything else please let me know. If I get a lot of good info, I'll try to aggregate it on the Wiki, too. Thanks a lot, guys, --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Fri Nov 11 20:01:11 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Portilho Cavalcanti) Date: Thu Jan 12 21:31:11 2006 Subject: Uncommon rule do whitelist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have to deliver all e-mail (whitelist) coming from one specific ip address to some e-mail address. I think a rule like this in whitelist rules: From: a.b.c.d and To: badboy@domain.com yes And more... all e-mail coming from ip a.b.c.d AND with from e-mail *@domain.com AND to badboy@domain.com has to be whitelisted... how can I make this rule?? Thanks in advance, Mauricio ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jeff at DYNAMICTELECARD.COM Fri Nov 11 20:24:28 2005 From: jeff at DYNAMICTELECARD.COM (Jeff Davis) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, aside from the unethical part I would try to convince them how this will impact their bottom line in at least two ways. Some places have legistation that can cause them to fight legal battles and which will likely make their spam tactics become public knowledge possibly damaging their public image. http://www.spamlaws.com/ Also getting added to a blacklist would cause ALL mail from that server to get blocked not just the spam. How detrimental this would be depends on the business. -Jeff Jason Balicki wrote: > Hey guys, > > Well, it's finally happened: I contract IT services for a client > who I've heard through the grapevine is seriously considering > spam as an option. This company is a sub 20 person small > business. > > First: let me say for the record that if I'm asked to implement > this I will refuse and if they pursue this through other > means I will sever the contract. > > That being said, I'd like to talk them out of it, as they're > otherwise a good client and I'd like to keep them. I'd like > to think that if they were presented with all the information > they'd back off. > > The problem is that everything I can find is more of the > technical "how do I fight spam" kind of document, and not > so much "why you shouldn't send spam, you idiot" and I'm > looking for documents of the latter type to send to this > client. > > They haven't approached me about this yet, I heard this > from a mid-level employee who thought I should know that > it may be coming. I'd like to be armed with a bit more > than "it's unethical" (although, really, that should > be enough). I can explain about botnets and viruses, > worms and trojans till I'm blue in the face, but all > that stuff is sort of esoteric to a non-techie who's > just looking for a revenue stream. > > So, if anyone has any links, advice, or anything else > please let me know. > > If I get a lot of good info, I'll try to aggregate it > on the Wiki, too. > > Thanks a lot, guys, > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Nov 11 20:27:44 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've a few posts on my blog that might help .. or hinder :) have a poke around and see if you can find anything useful. If you can't I'll write something -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at KATY.COM Fri Nov 11 22:56:35 2005 From: john at KATY.COM (John Schmerold) Date: Thu Jan 12 21:31:11 2006 Subject: Resending archived messages Message-ID: Our Mailscanner was blocked by cbl. As a temporary solution, I've moved it to another IP address, however I have the problem of resending the messages saved to archive the df & qf files. How is this done, I can't find the thread that discussed this. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craigwhite at AZAPPLE.COM Sat Nov 12 02:35:45 2005 From: craigwhite at AZAPPLE.COM (Craig White) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: On Fri, 2005-11-11 at 12:53 -0600, Jason Balicki wrote: > Hey guys, > > Well, it's finally happened: I contract IT services for a client > who I've heard through the grapevine is seriously considering > spam as an option. This company is a sub 20 person small > business. > > First: let me say for the record that if I'm asked to implement > this I will refuse and if they pursue this through other > means I will sever the contract. > > That being said, I'd like to talk them out of it, as they're > otherwise a good client and I'd like to keep them. I'd like > to think that if they were presented with all the information > they'd back off. > > The problem is that everything I can find is more of the > technical "how do I fight spam" kind of document, and not > so much "why you shouldn't send spam, you idiot" and I'm > looking for documents of the latter type to send to this > client. > > They haven't approached me about this yet, I heard this > from a mid-level employee who thought I should know that > it may be coming. I'd like to be armed with a bit more > than "it's unethical" (although, really, that should > be enough). I can explain about botnets and viruses, > worms and trojans till I'm blue in the face, but all > that stuff is sort of esoteric to a non-techie who's > just looking for a revenue stream. > > So, if anyone has any links, advice, or anything else > please let me know. > > If I get a lot of good info, I'll try to aggregate it > on the Wiki, too. ---- first of all, doing spam is not a job for amateurs so it's highly unlikely they would do it in house. second of all, if they were to attempt to do it in house, as someone else already pointed out, their mail server would be blacklisted and legitimate email won't get delivered. thirdly, the leads they generate will be costly and ineffective. I have a friend who has a mortgage business and when he told me what he was doing I laughed and was glad he didn't try to get me involved. You don't have to lecture them, all you need to say is that is an area of the computer industry that you don't participate in, in fact, you work the other side...set up clients to stop that from occurring. If you lecture, you might lose a customer. If you simply point out these issues and perhaps any applicable laws, you look smart. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Nov 12 11:39:14 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/11/05, Jason Balicki wrote: > Hey guys, > > Well, it's finally happened: I contract IT services for a client > who I've heard through the grapevine is seriously considering > spam as an option. This company is a sub 20 person small > business. > > First: let me say for the record that if I'm asked to implement > this I will refuse and if they pursue this through other > means I will sever the contract. Thank you for that. > > That being said, I'd like to talk them out of it, as they're > otherwise a good client and I'd like to keep them. I'd like > to think that if they were presented with all the information > they'd back off. > Good plan. > The problem is that everything I can find is more of the > technical "how do I fight spam" kind of document, and not > so much "why you shouldn't send spam, you idiot" and I'm > looking for documents of the latter type to send to this > client. > > They haven't approached me about this yet, I heard this > from a mid-level employee who thought I should know that > it may be coming. I'd like to be armed with a bit more > than "it's unethical" (although, really, that should > be enough). I can explain about botnets and viruses, > worms and trojans till I'm blue in the face, but all > that stuff is sort of esoteric to a non-techie who's > just looking for a revenue stream. > > So, if anyone has any links, advice, or anything else > please let me know. > > If I get a lot of good info, I'll try to aggregate it > on the Wiki, too. > > Thanks a lot, guys, > > --J(K) > It's a question of common business sense. As with any commercial endeavour, they should be interested in their bottom line. You should probably not focus so much on the unethical/unlawful aspects of it as on the effects of the badwill they will generate. If they are serious in that they want to survive as a company for any number of years, they will be interested in protecting their good name. Using spam as a promotional channel is directly contrary to this and, if they stop and think about it, this should be pretty obvious. Do mention that the methods involved, if not the actual sending of spam, are a) not legal in very many countries and b) often operated by criminals of the sort any healthy company, big or small, would shy away from being associated with. As an example: The Swedish coffee brand Gevalia has been known to appear (of their own volition or not) in spams. I and all persons receiving such spam had three immediate reactions: - Chuckle a bit over their apparent stupidity - Strike them off the list of viable coffee brands - Tell everyone we know not to buy their products This would perhaps not be that bad in the short run, but let me elaborate: I work for a government pension fund here in Sweden. The fund has adopted a rather strong policy regarding ethics and morals, so these things could affect our positions in the actual company employing spam techniques (yes, we do trade small caps, so even really minor endeavours might be affected). While this is centered on more "heavy duty" breaches (human rights, labor rights etc), unethical/unlawful activities _will_ gender action from the fund and its rather extensive "ethics networking community". As such, the fund tries to work with the companies to eliminate and prevent these activities, but... Through "the network", substantial economical harm can be done to the culprit, so most companies tend to take a mere warning seriously. Since this type of focus on ethics/morality is becoming more common in the financial world, the business risk of "shady behaviour" is fast becoming a factor. Small companies might not be aware of this trend and, if they're privately held, might just shrug it off... But they still take a rather big risk with their brand, using it in spam. I suspect that put that way, they'll see the light. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sat Nov 12 16:12:22 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: I am trying to enable the Sign Clean Messages feature. I had created a rule set and it wasn’t doing anything, so I simply set Sign Clean Messages = yes. But, still nothing is happening. I am using an older version MailScanner-4.37.7-1. Is there a way that I can troubleshoot this? Thanks in Advance, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 12 16:16:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You are doing a "service MailScanner reload" between each change of configuration? Also, try it with a plain text message, so that you have a simple test. And make sure that the "Run As User" user can read the signature file(s). What does your maillog say? Anything useful? Diane Rolland wrote: > I am trying to enable the Sign Clean Messages feature. I had created a > rule set and it wasn^Òt doing anything, so I simply set Sign Clean > Messages = yes. But, still nothing is happening. > > I am using an older version MailScanner-4.37.7-1. > > Is there a way that I can troubleshoot this? > > Thanks in Advance, > > Diane > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy cNpiYbS3MTSPXxNyAYFiomro =eEBx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sat Nov 12 16:37:54 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: Yes, I had reloaded and even restarted. The maillog just indicates that a new batch went through successfully. I did try with just plain text and that seems to work. Not sure why the HTML wouldn't be working. I'm using the two default files that came with MailScanner. Thanks for getting me this far!!! > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Saturday, November 12, 2005 10:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: problem with Sign Clean Messages > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You are doing a "service MailScanner reload" between each change of > configuration? > Also, try it with a plain text message, so that you have a simple test. > And make sure that the "Run As User" user can read the signature file(s). > What does your maillog say? Anything useful? > > Diane Rolland wrote: > > > I am trying to enable the Sign Clean Messages feature. I had created a > > rule set and it wasn't doing anything, so I simply set Sign Clean > > Messages = yes. But, still nothing is happening. > > > > I am using an older version MailScanner-4.37.7-1. > > > > Is there a way that I can troubleshoot this? > > > > Thanks in Advance, > > > > Diane > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy > cNpiYbS3MTSPXxNyAYFiomro > =eEBx > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 12 16:58:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The HTML ones add the sig at the end of the message, using the best way I can. Have you tried looking at the message with another email app? Or what do you get when you look at the message source? Is it tucked away at the bottom of the source okay: Diane Rolland wrote: >Yes, I had reloaded and even restarted. The maillog just indicates that a >new batch went through successfully. > >I did try with just plain text and that seems to work. Not sure why the >HTML wouldn't be working. I'm using the two default files that came with >MailScanner. > >Thanks for getting me this far!!! > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Saturday, November 12, 2005 10:17 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: problem with Sign Clean Messages >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>You are doing a "service MailScanner reload" between each change of >>configuration? >>Also, try it with a plain text message, so that you have a simple test. >>And make sure that the "Run As User" user can read the signature file(s). >>What does your maillog say? Anything useful? >> >>Diane Rolland wrote: >> >> >> >>>I am trying to enable the Sign Clean Messages feature. I had created a >>>rule set and it wasn't doing anything, so I simply set Sign Clean >>>Messages = yes. But, still nothing is happening. >>> >>>I am using an older version MailScanner-4.37.7-1. >>> >>>Is there a way that I can troubleshoot this? >>> >>>Thanks in Advance, >>> >>>Diane >>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >>> >>> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.2 (Build 2424) >> >>iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy >>cNpiYbS3MTSPXxNyAYFiomro >>=eEBx >>-----END PGP SIGNATURE----- >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3YfLhH2WUcUFbZUEQLgXwCeO5oiVz3B5wnXl1nTnku9sy8MJbUAoIzb 1WF27nDbV+0UeY1IQLfi6jZn =FG5e -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 12 17:23:49 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig White wrote: > On Fri, 2005-11-11 at 12:53 -0600, Jason Balicki wrote: >> Hey guys, >> >> Well, it's finally happened: I contract IT services for a client >> who I've heard through the grapevine is seriously considering >> spam as an option. This company is a sub 20 person small >> business. >> >> First: let me say for the record that if I'm asked to implement >> this I will refuse and if they pursue this through other >> means I will sever the contract. >> >> That being said, I'd like to talk them out of it, as they're >> otherwise a good client and I'd like to keep them. I'd like >> to think that if they were presented with all the information >> they'd back off. >> >> The problem is that everything I can find is more of the >> technical "how do I fight spam" kind of document, and not >> so much "why you shouldn't send spam, you idiot" and I'm >> looking for documents of the latter type to send to this >> client. >> >> They haven't approached me about this yet, I heard this >> from a mid-level employee who thought I should know that >> it may be coming. I'd like to be armed with a bit more >> than "it's unethical" (although, really, that should >> be enough). I can explain about botnets and viruses, >> worms and trojans till I'm blue in the face, but all >> that stuff is sort of esoteric to a non-techie who's >> just looking for a revenue stream. >> >> So, if anyone has any links, advice, or anything else >> please let me know. >> >> If I get a lot of good info, I'll try to aggregate it >> on the Wiki, too. > ---- > first of all, doing spam is not a job for amateurs so it's highly > unlikely they would do it in house. > > second of all, if they were to attempt to do it in house, as someone > else already pointed out, their mail server would be blacklisted and > legitimate email won't get delivered. > > thirdly, the leads they generate will be costly and ineffective. > > I have a friend who has a mortgage business and when he told me what he > was doing I laughed and was glad he didn't try to get me involved. You > don't have to lecture them, all you need to say is that is an area of > the computer industry that you don't participate in, in fact, you work > the other side...set up clients to stop that from occurring. If you > lecture, you might lose a customer. If you simply point out these issues > and perhaps any applicable laws, you look smart. I agree. If you ever detect that they are sending spam, I'd do the innocent and tell them that you discovered and that they should investigate if they have zombies or something similar. You can ask them if they are doing that on purpose. If so, you can explain them all the consequences. They'll probably understand. If they want to test mass-mailing, they could use something like http://www.d-courrier.com/ and evaluate the results. Now the question is whether to act proactively or reactively... > > Craig > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 12 17:26:43 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Anyone here has scripts for testing queue lengths (incoming/outgoing) with sendmail? Regards, ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Sat Nov 12 17:59:08 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Hi, > > Anyone here has scripts for testing queue lengths > (incoming/outgoing) with sendmail? mailscanner-mrtg does it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 12 19:17:30 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Ugo Bellavance wrote: >> Hi, >> >> Anyone here has scripts for testing queue lengths >> (incoming/outgoing) with sendmail? > > mailscanner-mrtg does it. > Yes, but is it possible to use mailscanner-mrtg for alarms (when incoming queue > 100 for example)? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Sat Nov 12 19:37:42 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Matt Kettler wrote: > >> Ugo Bellavance wrote: >> >>> Hi, >>> >>> Anyone here has scripts for testing queue lengths >>> (incoming/outgoing) with sendmail? >> >> >> mailscanner-mrtg does it. >> > > Yes, but is it possible to use mailscanner-mrtg for alarms (when > incoming queue > 100 for example)? You could re-use the script itself for just about anything.. You don't need to hook it up to MRTG for graphing.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Sat Nov 12 20:38:18 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: --On Saturday, November 12, 2005 12:26:43 PM -0500 Ugo Bellavance wrote: > Hi, > > Anyone here has scripts for testing queue lengths (incoming/outgoing) > with sendmail? ...something qsize=$(mailq -OMaxQueueRunSize=1 -OQueueDirectory=$mq | grep 'Total requests:' | awk '{ print $3 }') and something... Not sure if this is what you want, but I use a shell-script every 15 minutes to report if mailqueues are big, or any relays are having lots of mail in the queue. It fills my needs, but it might be a bit of stupid programming, and really in need of rewriting before sharing. I think the idea still holds though. Tell me if you want to try it, I would just love if someone could make some comments on it or preferably rewrite it. regards -- Lars > > Regards, > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med vennlig hilsen Lars Kristiansen A D V E N T U R A S Tlf: 22 20 59 90 Fax: 22 20 59 91 lars@adventuras.no http://www.adventuras.no ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sun Nov 13 16:45:52 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: I looked at the delivered message with a webmail app, and I see the Clean Message. Outlook must be doing something strange with it? Another test I did was to send it to two different accounts that I have in Outlook. One came through but the other one did not. And it's the same Outlook client? I'll look more at the messages and see if I can tell any difference. Thanks for your help, Diane > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Saturday, November 12, 2005 10:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: problem with Sign Clean Messages > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The HTML ones add the sig at the end of the message, using the best way > I can. Have you tried looking at the message with another email app? Or > what do you get when you look at the message source? Is it tucked away > at the bottom of the source okay: > > Diane Rolland wrote: > > >Yes, I had reloaded and even restarted. The maillog just indicates that > a > >new batch went through successfully. > > > >I did try with just plain text and that seems to work. Not sure why the > >HTML wouldn't be working. I'm using the two default files that came with > >MailScanner. > > > >Thanks for getting me this far!!! > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Julian Field > >>Sent: Saturday, November 12, 2005 10:17 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: problem with Sign Clean Messages > >> > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>You are doing a "service MailScanner reload" between each change of > >>configuration? > >>Also, try it with a plain text message, so that you have a simple test. > >>And make sure that the "Run As User" user can read the signature > file(s). > >>What does your maillog say? Anything useful? > >> > >>Diane Rolland wrote: > >> > >> > >> > >>>I am trying to enable the Sign Clean Messages feature. I had created a > >>>rule set and it wasn't doing anything, so I simply set Sign Clean > >>>Messages = yes. But, still nothing is happening. > >>> > >>>I am using an older version MailScanner-4.37.7-1. > >>> > >>>Is there a way that I can troubleshoot this? > >>> > >>>Thanks in Advance, > >>> > >>>Diane > >>> > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) > >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>*Support MailScanner development - buy the book off the website!* > >>> > >>> > >>- -- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >>-----BEGIN PGP SIGNATURE----- > >>Version: PGP Desktop 9.0.2 (Build 2424) > >> > >>iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy > >>cNpiYbS3MTSPXxNyAYFiomro > >>=eEBx > >>-----END PGP SIGNATURE----- > >> > >>-- > >>This message has been scanned for viruses and > >>dangerous content by MailScanner, and is > >>believed to be clean. > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3YfLhH2WUcUFbZUEQLgXwCeO5oiVz3B5wnXl1nTnku9sy8MJbUAoIzb > 1WF27nDbV+0UeY1IQLfi6jZn > =FG5e > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Mon Nov 14 04:36:03 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:11 2006 Subject: TNEF decoder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why was the TNEF decoder switched from 'internal' to 'external' by default? I've searched the list archives and can't find a definitive reason. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Mon Nov 14 04:54:02 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:31:11 2006 Subject: Being let through: [Fwd: Mitchell Works Excellent] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > These messages are still not getting stopped properly. > A score of 2.9 is nowhere near good enough. I use Rules_Du_Jour, what am > I missing? I see that it matched a URI SURBL: > X-ECS-SpamCheck: not spam, SpamAssassin (score=2.913, required 6, > HTML_MESSAGE 0.00, INFO_TLD 1.27, UPPERCASE_25_50 0.00, URIBL_SBL 1.64) We typically override the default score for SURBL checks and give it a 5.0 or something with great results.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Mon Nov 14 09:15:08 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:11 2006 Subject: Being let through: [Fwd: Mitchell Works Excellent] Message-ID: Hi, BAYES_99 is hitting all of these for me. > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > These messages are still not getting stopped properly. > A score of 2.9 is nowhere near good enough. I use Rules_Du_Jour, what > am I missing? > > > - -------- Original Message -------- > Return-Path: > Received: from imap.ecs.soton.ac.uk ([unix socket]) by > imap.ecs.soton.ac.uk (Cyrus v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1) with > LMTPA; Sun, 13 Nov 2005 16:08:40 +0000 X-Sieve: CMU Sieve 2.2 > Received: from coot.ecs.soton.ac.uk > ([IPv6:2001:630:d0:f113:204:23ff:feb3:e42c]) by imap.ecs.soton.ac.uk > (8.13.1/8.13.1) with ESMTP id jADG8aLU029686 (version=TLSv1/SSLv3 > cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for > ; Sun, 13 Nov 2005 16:08:36 GMT Received: from > ftr.com ([60.27.7.10]) by coot.ecs.soton.ac.uk (8.13.1/8.13.1) with > SMTP id jADGBuG4017504 for ; Sun, 13 Nov > 2005 16:12:08 GMT Message-ID: > <003901c5e86c$e2da5a80$e44aa8c0@neckerchief> From: Inocencio Endo > To: Rufus Averitt > Subject: Mitchell Works Excellent Date: Sun, 13 Nov 2005 11:11:21 > -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; > boundary="----=_NextPart_000_0036_01C5E842.FA045280" X-Priority: 3 > X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express > 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE > V6.00.2800.1106 X-MailScanner-Information: Please contact > helpdesk@ecs.soton.ac.uk for more information X-ECS-MailScanner: > Found to be clean, Found to be clean X-ECS-SpamCheck: not spam, > SpamAssassin (score=2.913, required 6, HTML_MESSAGE 0.00, INFO_TLD > 1.27, UPPERCASE_25_50 0.00, URIBL_SBL 1.64) X-ECS-SpamScore: ss > X-MailScanner-From: inocraendo@ftr.com X-ECS-MailScanner-Information: > Please contact the Help Desk for more information > X-ECS-MailScanner-From: inocraendo@ftr.com > > > > > C A L V V X P I m e I A a r A b v A L n o L i i G I a z I e t R U > x a S n ra A M c 3,75 > > 3,32 1,22 > > > > http://www.noteranger.info > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3drrRH2WUcUFbZUEQLrOACg1lUdYQfpxc0xF5zGZk4k5zpdMNUAoMGL > h5zqK5n2HF8WMQX6sT0lubfq > =uQKS > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The poor have sometimes objected to being governed badly; the rich have always objected to being governed at all." - G. K. Chesterton. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schweizer.martin at GMAIL.COM Mon Nov 14 08:42:38 2005 From: schweizer.martin at GMAIL.COM (Martin Schweizer) Date: Thu Jan 12 21:31:11 2006 Subject: MailScanner / SMTP Auth Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello List Until now I run sendmail and mailscanner without any problems. Now I want to update sendmail with SMTP Auth. Is there anybody how has the same setup? Are there any pitfalls? My system: FreeBSD 5.4, sendmail 8.13.3 -- Martin Schweizer schweizer.martin@gmail.com Fax: +41 55 243 33 22 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schweizer.martin at GMAIL.COM Mon Nov 14 09:11:04 2005 From: schweizer.martin at GMAIL.COM (Martin Schweizer) Date: Thu Jan 12 21:31:11 2006 Subject: MailScanner / SMTP Auth (again) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, but probably I have to clarify my last post: Until now I run sendmail, mailscanner and cyrus-imapd without any problems. Now want to update sendmail with SMTP Auth. I updated my sendmail.mc like described in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. But after this all new mails only delivered local to root (no more to cyrus). Below attached is my sendmail.mc. Is there anybody how has the same setup? Are there any pitfalls? My system: FreeBSD 5.4, sendmail 8.13.3, cyrus IMAP4 2.2.12 Any hints are welcome. divert(-1) # # Copyright (c) 1983 Eric P. Allman # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by the University of # California, Berkeley and its contributors. # 4. Neither the name of the University nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a generic configuration file for FreeBSD 5.X and later systems. # If you want to customize it, copy it to a name appropriate for your # environment and do the modifications there. # # The best documentation for this .mc file is: # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README # divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $') OSTYPE(freebsd5) DOMAIN(generic) FEATURE(access_db, `hash -o -T /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl -------------------------------- dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}') FEATURE(dnsbl, `relays.ordb.org', `"550 Mail rejected - see http://www.ordb.org/faq"') FEATURE(dnsbl, `sbl.spamhaus.org', `"550 Mail rejected - see http://www.spamhaus.org/SBL"') dnl Dialup users should uncomment and define this appropriately define(`SMART_HOST', `[195.186.18.142]') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') dnl Änderung für Cyrus define(`confLOCAL_MAILER', `cyrusv2') MAILER(local) MAILER(smtp) dnl Änderung für Cyrus MAILER(`cyrusv2') Regards, -- Martin Schweizer schweizer.martin@gmail.com Fax: +41 55 243 33 22 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Mon Nov 14 10:40:19 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:11 2006 Subject: MailScanner / SMTP Auth (again) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Read this: http://www.sendmail.org/~ca/email/auth.html You may have not created the sasldb password file, among other things. Why you'd have LOGIN and not PLAIN is also very strange. LOGIN is antiquated (but still used by horrid email clients). Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 14 14:14:02 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:11 2006 Subject: Just noticed thei when doing a spamassassin -D --lint Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My dns check seem to fail, but doing any look ups form the command line on the box are fine...?? also doing a make test when install Net::DNS all test come back ok.... any ideas? i am sure if i am not doing any dns checking this will let through some spam? Thanks stewy:/home/rob# spamassassin -D --lint debug: SpamAssassin version 3.0.4 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/bin/X11', which doesn't exist, dropping. debug: Final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin debug: diag: module installed: DBI, version 1.48 debug: diag: module installed: DB_File, version 1.811 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.05 debug: diag: module installed: Net::DNS, version 0.51 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module not installed: Razor2::Client::Agent ('require' failed) debug: diag: module installed: Storable, version 2.13 debug: diag: module installed: URI, version 1.35 debug: ignore: using a test message to lint rules debug: using "/etc/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: config: read file /usr/share/spamassassin/65_debian.cf debug: using "/etc/spamassassin" for site rules dir debug: config: read file /etc/spamassassin/70_sare_adult.cf debug: config: read file /etc/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/spamassassin/70_sare_evilnum0.cf debug: config: read file /etc/spamassassin/70_sare_genlsubj.cf debug: config: read file /etc/spamassassin/70_sare_header.cf debug: config: read file /etc/spamassassin/70_sare_header0.cf debug: config: read file /etc/spamassassin/70_sare_header2.cf debug: config: read file /etc/spamassassin/70_sare_html.cf debug: config: read file /etc/spamassassin/70_sare_obfu.cf debug: config: read file /etc/spamassassin/70_sare_obfu2.cf debug: config: read file /etc/spamassassin/70_sare_obfu3.cf debug: config: read file /etc/spamassassin/70_sare_oem.cf debug: config: read file /etc/spamassassin/70_sare_random.cf debug: config: read file /etc/spamassassin/70_sare_ratware.cf debug: config: read file /etc/spamassassin/70_sare_specific.cf debug: config: read file /etc/spamassassin/70_sare_spoof.cf debug: config: read file /etc/spamassassin/70_sare_unsub.cf debug: config: read file /etc/spamassassin/70_sare_uri0.cf debug: config: read file /etc/spamassassin/70_sare_uri1.cf debug: config: read file /etc/spamassassin/70_sare_uri3.cf debug: config: read file /etc/spamassassin/70_sare_uri_eng.cf debug: config: read file /etc/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/spamassassin/bogus-virus-warnings.cf debug: config: read file /etc/spamassassin/local.cf debug: config: read file /etc/spamassassin/random.cf debug: config: read file /etc/spamassassin/tripwire.cf debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) implements 'parse_config' debug: using "/root/.spamassassin" for user state dir debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 debug: bayes: 25175 untie-ing debug: bayes: 25175 untie-ing db_toks debug: bayes: 25175 untie-ing db_seen debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 debug: bayes: 25175 untie-ing debug: bayes: 25175 untie-ing db_toks debug: bayes: 25175 untie-ing db_seen debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.51 debug: trying (3) sun.com... debug: looking up NS for 'sun.com' debug: NS lookup of sun.com failed horribly => Perhaps your resolv.conf isn't pointing at a valid server? debug: All NS queries failed => DNS unavailable (set dns_available to override) debug: is DNS available? 0 debug: decoding: no encoding detected debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: running body-text per-line regexp tests; score so far=-2.623 debug: running uri tests; score so far=-2.623 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec)) debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-2.623 debug: running full-text regexp tests; score so far=-2.623 debug: Razor2 is not available debug: Current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.623 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.053 debug: running header regexp tests; score so far=-1.053 debug: using "/root/.spamassassin" for user state dir debug: lock: 25175 created /root/.spamassassin/auto-whitelist.lock.stewy.25175 debug: lock: 25175 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 25175 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 25175 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: is spam? score=-1.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug:subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_M GID,__UNUSABLE_MSGID Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Mon Nov 14 14:20:54 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo: Here's what I use. This script takes two parameters. The first (result1) is the name of a file into which queue information gets dumped. The second (result2) is the name of a file which gets a list of all but 40 of the queue entries that are older than 2 minutes. My alarm threshold is "If there is a 41st queue entry that's older than 2 minutes". So, if the result2 file ends up being non-empty, then I mail myself a copy of the result1 file. -Bill I schedule the monitorqueue script to run every 15 minutes. > #!/bin/sh > > result1=$1 > result2=$2 > > ls -l --sort=time --full-time /var/spool/mqueue/|\ > tail +2 |\ > (cut --bytes=43-;echo `date '+%a %b %d %X %Y' --date '2 minutes ago'` > "--------- > -" )|\ > sort -r > $result2 > (echo junk;cat $result2)|sed '1,/----------/d'|\ > tail +41 > $result1 > > (echo junk;cat $result2)|sed '1,/----------/d'|\ > (echo "number of files older than 2 minutes:" `wc -l`) >> $result2 > (cd /var/spool/mqueue > cat /dev/null|\ > grep --with-filename "^HTo" `fuser qf* 2>/dev/null|sed 's/:.*//'` > ls -ld `fuser qf* 2>/dev/null|sed 's/:.*//;s/qf/\?f/'`) >> $result2 2>&1 Ugo Bellavance wrote: > Hi, > > Anyone here has scripts for testing queue lengths > (incoming/outgoing) with sendmail? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 14 14:20:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:11 2006 Subject: Just noticed thei when doing a spamassassin -D --lint Message-ID: I seem to remember people having problems with 0.51 of Net::DNS. Have a look in the SA-user email list archive for possible ways around.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 14 November 2005 14:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Just noticed thei when doing a spamassassin -D -- > lint > > My dns check seem to fail, but doing any look ups form the command line on > the box are fine...?? also doing a make test when install Net::DNS all > test come back ok.... any ideas? i am sure if i am not doing any dns > checking this will let through some spam? > > Thanks > > stewy:/home/rob# spamassassin -D --lint > debug: SpamAssassin version 3.0.4 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin/X11', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin > debug: diag: module installed: DBI, version 1.48 > debug: diag: module installed: DB_File, version 1.811 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.05 > debug: diag: module installed: Net::DNS, version 0.51 > debug: diag: module not installed: Net::LDAP ('require' failed) > debug: diag: module not installed: Razor2::Client::Agent ('require' > failed) > debug: diag: module installed: Storable, version 2.13 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: config: read file /usr/share/spamassassin/65_debian.cf > debug: using "/etc/spamassassin" for site rules dir > debug: config: read file /etc/spamassassin/70_sare_adult.cf > debug: config: read file /etc/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/spamassassin/70_sare_evilnum0.cf > debug: config: read file /etc/spamassassin/70_sare_genlsubj.cf > debug: config: read file /etc/spamassassin/70_sare_header.cf > debug: config: read file /etc/spamassassin/70_sare_header0.cf > debug: config: read file /etc/spamassassin/70_sare_header2.cf > debug: config: read file /etc/spamassassin/70_sare_html.cf > debug: config: read file /etc/spamassassin/70_sare_obfu.cf > debug: config: read file /etc/spamassassin/70_sare_obfu2.cf > debug: config: read file /etc/spamassassin/70_sare_obfu3.cf > debug: config: read file /etc/spamassassin/70_sare_oem.cf > debug: config: read file /etc/spamassassin/70_sare_random.cf > debug: config: read file /etc/spamassassin/70_sare_ratware.cf > debug: config: read file /etc/spamassassin/70_sare_specific.cf > debug: config: read file /etc/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/spamassassin/70_sare_uri1.cf > debug: config: read file /etc/spamassassin/70_sare_uri3.cf > debug: config: read file /etc/spamassassin/70_sare_uri_eng.cf > debug: config: read file /etc/spamassassin/72_sare_bml_post25x.cf > debug: config: read file /etc/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/spamassassin/bogus-virus-warnings.cf > debug: config: read file /etc/spamassassin/local.cf > debug: config: read file /etc/spamassassin/random.cf > debug: config: read file /etc/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/root/.spamassassin/user_prefs" for user prefs file > debug: config: read file /root/.spamassassin/user_prefs > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 > debug: bayes: 25175 untie-ing > debug: bayes: 25175 untie-ing db_toks > debug: bayes: 25175 untie-ing db_seen > debug: Score set 1 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 > debug: bayes: 25175 untie-ing > debug: bayes: 25175 untie-ing db_toks > debug: bayes: 25175 untie-ing db_seen > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.51 > debug: trying (3) sun.com... > debug: looking up NS for 'sun.com' > debug: NS lookup of sun.com failed horribly => Perhaps your resolv.conf > isn't pointing at a valid server? > debug: All NS queries failed => DNS unavailable (set dns_available to > override) > debug: is DNS available? 0 > debug: decoding: no encoding detected > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: running body-text per-line regexp tests; score so far=-2.623 > debug: running uri tests; score so far=-2.623 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec)) > debug: Razor2 is not available > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=-2.623 > debug: running full-text regexp tests; score so far=-2.623 > debug: Razor2 is not available > debug: Current PATH is: > /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin > debug: Pyzor is not available: pyzor not found > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is not available: no executable dccproc found. > debug: Running tests for priority: 500 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=-2.623 > debug: running header regexp tests; score so far=-1.053 > debug: running body-text per-line regexp tests; score so far=-1.053 > debug: running uri tests; score so far=-1.053 > debug: running raw-body-text per-line regexp tests; score so far=-1.053 > debug: running full-text regexp tests; score so far=-1.053 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=-1.053 > debug: running header regexp tests; score so far=-1.053 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 25175 created /root/.spamassassin/auto- > whitelist.lock.stewy.25175 > debug: lock: 25175 trying to get lock on /root/.spamassassin/auto- > whitelist with 0 retries > debug: lock: 25175 link to /root/.spamassassin/auto-whitelist.lock: link > ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: > undef, IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 25175 unlink /root/.spamassassin/auto-whitelist.lock > debug: Post AWL score: -1.053 > debug: running body-text per-line regexp tests; score so far=-1.053 > debug: running uri tests; score so far=-1.053 > debug: running raw-body-text per-line regexp tests; score so far=-1.053 > debug: running full-text regexp tests; score so far=-1.053 > debug: is spam? score=-1.053 required=5 > debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__S > ANE_MSGID,__UNUSABLE_MSGID > > > Rob... > http://www.stupidguytalk.org > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Mon Nov 14 14:24:47 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: Hi, Anyone here has scripts for testing queue lengths (incoming/outgoing) with sendmail? MRTG has the ability to send alerts itself, look for Thresh config parameters, don't know if this would work with mailscanner-mrtg. Here's my Big Brother script, nothing fancy but it works... #!/bin/sh BBPROG=mailq.sh; export BBPROG TEST="mailq" BBHOME=/opt/bb ; export BBHOME if test "$BBHOME" = "" then echo "BBHOME is not set... exiting" exit 1 fi if test ! "$BBTMP" # GET DEFINITIONS IF NEEDED then # echo "*** LOADING BBDEF ***" . $BBHOME/etc/bbdef.sh # INCLUDE STANDARD DEFINITIONS fi # SELECT SOME LEVELS... GREEN IS THE DEFAULT... WARN="100" # GO YELLOW AT THIS LEVEL PANIC="250" # GO RED AND PAGE AT THIS LEVEL # GETTING NUMBER OF QUEUE FILES LEVEL_IN=`find /var/spool/mqueue.in -name "qf*" -type f | wc -l 2> /dev/null` LEVEL_OUT=`find /var/spool/mqueue -name "qf*" | wc -l 2> /dev/null` LEVEL_OUT2=`find /var/spool/mqueue.spam -name "qf*" | wc -l 2> /dev/null` LEVEL_OUT3=`find /var/spool/mqueue.highspam -name "qf*" | wc -l 2> /dev/null` # # DETERMINE RED/YELLOW/GREEN # if test "$LEVEL_IN" -ge "$PANIC" -o "$LEVEL_OUT" -ge "$PANIC" then COLOR="red" elif test "$LEVEL_IN" -ge "$WARN" -o "$LEVEL_OUT" -ge "$WARN" then COLOR="yellow" else COLOR="green" fi MACHINE=`hostname` # # THE FIRST LINE IS STATUS INFORMATION... STRUCTURE IMPORANT! # THE REST IS FREE-FORM - WHATEVER YOU'D LIKE TO SEND... # LINE="status $MACHINE.$TEST $COLOR `date` The size of the incoming mail queue has reached: $LEVEL_IN The size of the outgoing mail queue has reached: $LEVEL_OUT The size of the spam outgoing queue has reached: $LEVEL_OUT2 The size of the high spam outgoing queue has reached: $LEVEL_OUT3" # NOW USE THE BB COMMAND TO SEND THE DATA ACROSS $BB $BBDISP "$LINE" # SEND IT TO BBDISPLAY ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Mon Nov 14 14:25:53 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:31:11 2006 Subject: Watch & Viagra Spam getting through.... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've asked this question before and never really got any suggestions. Now it seems like in the last few days I'm getting much more spam. I'm using the latest version of MailScanner, Spamassassin 3.x, Razor2, DCC, and rules du jour. Even though a high percentage of spam is caught, like I said, lately a lot of viagra, watch spam, etc has been getting through. Bayes gets the spam every time with 99% and adds 3.5 to the score. As I have the "is spam" score set to 6, that doesn't do much good. Everything seems to be working right based on the tests I've run (SA lint). This spam simply is not detected by DCC, rules or Razor. I guess the spammers are getting smarter. Can someone give me some recommendations as to how to catch this spam? How do some of the commercial products handle this? Are there new modules that can be added to MailScanner now? Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 14 14:28:15 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:11 2006 Subject: Just noticed thei when doing a spamassassin -D --lint Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahh ok after googling some more i found that .51 of Net::DNS had this bug... so i got .53 and SA --lint passes ok now with respect to DNS, but i noticed another possible problem.... bayes.... in my output i see.... debug: bayes: found bayes db version 3 debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 This does not sound good? Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, November 14, 2005 9:20 AM Subject: Re: Just noticed thei when doing a spamassassin -D --lint >I seem to remember people having problems with 0.51 of Net::DNS. Have a >look > in the SA-user email list archive for possible ways around.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Rob >> Sent: 14 November 2005 14:14 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: [MAILSCANNER] Just noticed thei when doing a spamassassin -D -- >> lint >> >> My dns check seem to fail, but doing any look ups form the command line >> on >> the box are fine...?? also doing a make test when install Net::DNS all >> test come back ok.... any ideas? i am sure if i am not doing any dns >> checking this will let through some spam? >> >> Thanks >> >> stewy:/home/rob# spamassassin -D --lint >> debug: SpamAssassin version 3.0.4 >> debug: Score set 0 chosen. >> debug: running in taint mode? yes >> debug: Running in taint mode, removing unsafe env vars, and resetting >> PATH >> debug: PATH included '/usr/local/sbin', keeping. >> debug: PATH included '/usr/local/bin', keeping. >> debug: PATH included '/usr/sbin', keeping. >> debug: PATH included '/usr/bin', keeping. >> debug: PATH included '/sbin', keeping. >> debug: PATH included '/bin', keeping. >> debug: PATH included '/usr/bin/X11', which doesn't exist, dropping. >> debug: Final PATH set to: >> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin >> debug: diag: module installed: DBI, version 1.48 >> debug: diag: module installed: DB_File, version 1.811 >> debug: diag: module installed: Digest::SHA1, version 2.10 >> debug: diag: module installed: IO::Socket::UNIX, version 1.21 >> debug: diag: module installed: MIME::Base64, version 3.05 >> debug: diag: module installed: Net::DNS, version 0.51 >> debug: diag: module not installed: Net::LDAP ('require' failed) >> debug: diag: module not installed: Razor2::Client::Agent ('require' >> failed) >> debug: diag: module installed: Storable, version 2.13 >> debug: diag: module installed: URI, version 1.35 >> debug: ignore: using a test message to lint rules >> debug: using "/etc/spamassassin/init.pre" for site rules init.pre >> debug: config: read file /etc/spamassassin/init.pre >> debug: using "/usr/share/spamassassin" for default rules dir >> debug: config: read file /usr/share/spamassassin/10_misc.cf >> debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf >> debug: config: read file /usr/share/spamassassin/20_body_tests.cf >> debug: config: read file /usr/share/spamassassin/20_compensate.cf >> debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf >> debug: config: read file /usr/share/spamassassin/20_drugs.cf >> debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf >> debug: config: read file /usr/share/spamassassin/20_head_tests.cf >> debug: config: read file /usr/share/spamassassin/20_html_tests.cf >> debug: config: read file /usr/share/spamassassin/20_meta_tests.cf >> debug: config: read file /usr/share/spamassassin/20_phrases.cf >> debug: config: read file /usr/share/spamassassin/20_porn.cf >> debug: config: read file /usr/share/spamassassin/20_ratware.cf >> debug: config: read file /usr/share/spamassassin/20_uri_tests.cf >> debug: config: read file /usr/share/spamassassin/23_bayes.cf >> debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf >> debug: config: read file /usr/share/spamassassin/25_hashcash.cf >> debug: config: read file /usr/share/spamassassin/25_spf.cf >> debug: config: read file /usr/share/spamassassin/25_uribl.cf >> debug: config: read file /usr/share/spamassassin/30_text_de.cf >> debug: config: read file /usr/share/spamassassin/30_text_fr.cf >> debug: config: read file /usr/share/spamassassin/30_text_nl.cf >> debug: config: read file /usr/share/spamassassin/30_text_pl.cf >> debug: config: read file /usr/share/spamassassin/50_scores.cf >> debug: config: read file /usr/share/spamassassin/60_whitelist.cf >> debug: config: read file /usr/share/spamassassin/65_debian.cf >> debug: using "/etc/spamassassin" for site rules dir >> debug: config: read file /etc/spamassassin/70_sare_adult.cf >> debug: config: read file /etc/spamassassin/70_sare_bayes_poison_nxm.cf >> debug: config: read file /etc/spamassassin/70_sare_evilnum0.cf >> debug: config: read file /etc/spamassassin/70_sare_genlsubj.cf >> debug: config: read file /etc/spamassassin/70_sare_header.cf >> debug: config: read file /etc/spamassassin/70_sare_header0.cf >> debug: config: read file /etc/spamassassin/70_sare_header2.cf >> debug: config: read file /etc/spamassassin/70_sare_html.cf >> debug: config: read file /etc/spamassassin/70_sare_obfu.cf >> debug: config: read file /etc/spamassassin/70_sare_obfu2.cf >> debug: config: read file /etc/spamassassin/70_sare_obfu3.cf >> debug: config: read file /etc/spamassassin/70_sare_oem.cf >> debug: config: read file /etc/spamassassin/70_sare_random.cf >> debug: config: read file /etc/spamassassin/70_sare_ratware.cf >> debug: config: read file /etc/spamassassin/70_sare_specific.cf >> debug: config: read file /etc/spamassassin/70_sare_spoof.cf >> debug: config: read file /etc/spamassassin/70_sare_unsub.cf >> debug: config: read file /etc/spamassassin/70_sare_uri0.cf >> debug: config: read file /etc/spamassassin/70_sare_uri1.cf >> debug: config: read file /etc/spamassassin/70_sare_uri3.cf >> debug: config: read file /etc/spamassassin/70_sare_uri_eng.cf >> debug: config: read file /etc/spamassassin/72_sare_bml_post25x.cf >> debug: config: read file /etc/spamassassin/72_sare_redirect_post3.0.0.cf >> debug: config: read file /etc/spamassassin/99_sare_fraud_post25x.cf >> debug: config: read file /etc/spamassassin/bogus-virus-warnings.cf >> debug: config: read file /etc/spamassassin/local.cf >> debug: config: read file /etc/spamassassin/random.cf >> debug: config: read file /etc/spamassassin/tripwire.cf >> debug: using "/root/.spamassassin" for user state dir >> debug: using "/root/.spamassassin/user_prefs" for user prefs file >> debug: config: read file /root/.spamassassin/user_prefs >> debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC >> debug: plugin: registered >> Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) >> debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC >> debug: plugin: registered >> Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) >> debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC >> debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548) >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) >> implements 'parse_config' >> debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) >> implements 'parse_config' >> debug: using "/root/.spamassassin" for user state dir >> debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks >> debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen >> debug: bayes: found bayes db version 3 >> debug: using "/root/.spamassassin" for user state dir >> debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < >> 200 >> debug: bayes: 25175 untie-ing >> debug: bayes: 25175 untie-ing db_toks >> debug: bayes: 25175 untie-ing db_seen >> debug: Score set 1 chosen. >> debug: ---- MIME PARSER START ---- >> debug: main message type: text/plain >> debug: parsing normal part >> debug: added part, type: text/plain >> debug: ---- MIME PARSER END ---- >> debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks >> debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen >> debug: bayes: found bayes db version 3 >> debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < >> 200 >> debug: bayes: 25175 untie-ing >> debug: bayes: 25175 untie-ing db_toks >> debug: bayes: 25175 untie-ing db_seen >> debug: metadata: X-Spam-Relays-Trusted: >> debug: metadata: X-Spam-Relays-Untrusted: >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) >> implements 'parsed_metadata' >> debug: is Net::DNS::Resolver available? yes >> debug: Net::DNS version: 0.51 >> debug: trying (3) sun.com... >> debug: looking up NS for 'sun.com' >> debug: NS lookup of sun.com failed horribly => Perhaps your resolv.conf >> isn't pointing at a valid server? >> debug: All NS queries failed => DNS unavailable (set dns_available to >> override) >> debug: is DNS available? 0 >> debug: decoding: no encoding detected >> debug: Running tests for priority: 0 >> debug: running header regexp tests; score so far=0 >> debug: registering glue method for check_hashcash_double_spend >> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) >> debug: registering glue method for check_for_spf_helo_pass >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) >> debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org >> debug: registering glue method for check_hashcash_value >> (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) >> debug: all '*To' addrs: >> debug: registering glue method for check_for_spf_softfail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) >> debug: registering glue method for check_for_spf_pass >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) >> debug: registering glue method for check_for_spf_helo_softfail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) >> debug: registering glue method for check_for_spf_fail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) >> debug: registering glue method for check_for_spf_helo_fail >> (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) >> debug: running body-text per-line regexp tests; score so far=-2.623 >> debug: running uri tests; score so far=-2.623 >> debug: registering glue method for check_uridnsbl >> (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec)) >> debug: Razor2 is not available >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) >> implements 'check_tick' >> debug: running raw-body-text per-line regexp tests; score so far=-2.623 >> debug: running full-text regexp tests; score so far=-2.623 >> debug: Razor2 is not available >> debug: Current PATH is: >> /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin >> debug: Pyzor is not available: pyzor not found >> debug: DCCifd is not available: no r/w dccifd socket found. >> debug: DCC is not available: no executable dccproc found. >> debug: Running tests for priority: 500 >> debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) >> implements 'check_post_dnsbl' >> debug: running meta tests; score so far=-2.623 >> debug: running header regexp tests; score so far=-1.053 >> debug: running body-text per-line regexp tests; score so far=-1.053 >> debug: running uri tests; score so far=-1.053 >> debug: running raw-body-text per-line regexp tests; score so far=-1.053 >> debug: running full-text regexp tests; score so far=-1.053 >> debug: Running tests for priority: 1000 >> debug: running meta tests; score so far=-1.053 >> debug: running header regexp tests; score so far=-1.053 >> debug: using "/root/.spamassassin" for user state dir >> debug: lock: 25175 created /root/.spamassassin/auto- >> whitelist.lock.stewy.25175 >> debug: lock: 25175 trying to get lock on /root/.spamassassin/auto- >> whitelist with 0 retries >> debug: lock: 25175 link to /root/.spamassassin/auto-whitelist.lock: link >> ok >> debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist >> debug: auto-whitelist (db-based): >> ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 >> debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: >> undef, IP: undef >> debug: DB addr list: untie-ing and unlocking. >> debug: DB addr list: file locked, breaking lock. >> debug: unlock: 25175 unlink /root/.spamassassin/auto-whitelist.lock >> debug: Post AWL score: -1.053 >> debug: running body-text per-line regexp tests; score so far=-1.053 >> debug: running uri tests; score so far=-1.053 >> debug: running raw-body-text per-line regexp tests; score so far=-1.053 >> debug: running full-text regexp tests; score so far=-1.053 >> debug: is spam? score=-1.053 required=5 >> debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME >> debug: >> subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__S >> ANE_MSGID,__UNUSABLE_MSGID >> >> >> Rob... >> http://www.stupidguytalk.org >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Mon Nov 14 14:34:52 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:31:11 2006 Subject: Watch & Viagra Spam getting through.... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Max Kipness wrote: >I've asked this question before and never really got any suggestions. Now >it seems like in the last few days I'm getting much more spam. > > >Even though a high percentage of spam is caught, like I said, lately a lot >of viagra, watch spam, etc has been getting through. Bayes gets the spam >every time with 99% and adds 3.5 to the score. > Can you publish some examples on a web page? Then we can try our setup against them..... matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Nov 14 14:43:05 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:11 2006 Subject: Just noticed thei when doing a spamassassin -D --lint Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rob > Sent: Monday, November 14, 2005 9:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Just noticed thei when doing a spamassassin -D --lint > > > Ahh ok after googling some more i found that .51 of Net::DNS had > this bug... > so i got .53 and SA --lint passes ok now with respect to DNS, but > i noticed > another possible problem.... bayes.... > > in my output i see.... > > debug: bayes: found bayes db version 3 > debug: bayes: Not available for scanning, only 0 spam(s) in > Bayes DB < 200 > > This does not sound good? > Two most likely causes of the above 1. You are not running the lint with the MailScanner user (different databases) 2. You are not training bayes. It must have a min of 200 spam/ham before it is used. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 14 14:42:52 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:11 2006 Subject: Watch & Viagra Spam getting through.... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] here is what i get often, with respect to watch and porn http://www.dido.ca/spam/watch.txt http://www.dido.ca/spam/porn-1.txt Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Hampton" To: Sent: Monday, November 14, 2005 9:34 AM Subject: Re: Watch & Viagra Spam getting through.... > Max Kipness wrote: > >>I've asked this question before and never really got any suggestions. Now >>it seems like in the last few days I'm getting much more spam. >> > > >>Even though a high percentage of spam is caught, like I said, lately a lot >>of viagra, watch spam, etc has been getting through. Bayes gets the spam >>every time with 99% and adds 3.5 to the score. > Can you publish some examples on a web page? > > Then we can try our setup against them..... > > matt > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 14 15:31:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: TNEF decoder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The internal one was producing a few problems with Postfix, so I changed the default. I have since fixed the problem, so you can safely switch back to internal now. Nathan Olson wrote: >Why was the TNEF decoder switched from 'internal' to 'external' by default? >I've searched the list archives and can't find a definitive reason. > >Nate > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3it5hH2WUcUFbZUEQLGwACg89wrO/PDXCkIQYH8TrJexYCe730AnjI7 ekJkm1T5LJkTcqPnUBisU7Au =dBFe -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 14 15:47:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: MailScanner / SMTP Auth (again) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Another things we hit with sasl on RedHat (and hence its clones too) is a configuration error in /etc/sysconfig/saslauthd, where they had MECH set wrong. It should be set MECH=pam so that it correctly checks all your authentication schemes. As shipped it only checks the local password. Oops. Nathan Olson wrote: >Read this: >http://www.sendmail.org/~ca/email/auth.html > >You may have not created the sasldb password file, among other things. >Why you'd have LOGIN and not PLAIN is also very strange. LOGIN is >antiquated (but still used by horrid email clients). > >Nate > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3ixlRH2WUcUFbZUEQLP7QCfa1hSt+kQdfy/tjJmRiwEFRhzwhYAoINu 4dlSQPQ88yJ/jTHE0VPDPJbI =QrfW -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Nov 14 15:29:46 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] William Burns wrote: > Ugo: > > Here's what I use. > > This script takes two parameters. The first (result1) is the name of a > file into which queue information gets dumped. > The second (result2) is the name of a file which gets a list of all but > 40 of the queue entries that are older than 2 minutes. > > My alarm threshold is "If there is a 41st queue entry that's older than > 2 minutes". So, if the result2 file ends up being non-empty, then I mail > myself a copy of the result1 file. > > -Bill > > I schedule the monitorqueue script to run every 15 minutes. > >> #!/bin/sh >> >> result1=$1 >> result2=$2 >> >> ls -l --sort=time --full-time /var/spool/mqueue/|\ >> tail +2 |\ >> (cut --bytes=43-;echo `date '+%a %b %d %X %Y' --date '2 minutes ago'` >> "--------- >> -" )|\ >> sort -r > $result2 >> (echo junk;cat $result2)|sed '1,/----------/d'|\ >> tail +41 > $result1 >> >> (echo junk;cat $result2)|sed '1,/----------/d'|\ >> (echo "number of files older than 2 minutes:" `wc -l`) >> $result2 >> (cd /var/spool/mqueue >> cat /dev/null|\ >> grep --with-filename "^HTo" `fuser qf* 2>/dev/null|sed 's/:.*//'` >> ls -ld `fuser qf* 2>/dev/null|sed 's/:.*//;s/qf/\?f/'`) >> $result2 2>&1 > > > > Ugo Bellavance wrote: > >> Hi, >> >> Anyone here has scripts for testing queue lengths >> (incoming/outgoing) with sendmail? > Thanks everyone... -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Nov 14 15:52:53 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:12 2006 Subject: High Positive SA AWL rule ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Thu, September 29, 2005 06:22, Drew Marshall wrote: > On 28 Sep 2005, at 21:08, Matt Kettler wrote: > >> Mailscanner wrote: >> >>> Has anyone noticed SA run AWL giving high positive scores like; >>> >>> Spam Report: >>> Score Matching Rule Description 7.42 AWL From: >>> address is in the >>> auto white-list >>> -2.60 BAYES_00 Bayesian spam probability is 0 to 1% >>> >>> >> >> Sure, I've seen it do that lots of times. Is there a specific >> problem, or were >> you merely confused about the AWL having a large positive score? >> >> In general, you might want to read up on how the AWL works. Once >> you have a >> basic handle on what the AWL *really* is (hint: it's a score >> averager, not a >> whitelist), you'll have a better idea what to look at to try to >> figure out >> problems you may have with it. >> >> http://wiki.apache.org/spamassassin/AutoWhitelist > > I know with SA versions before 3.x it was recommended to turn off > AWL. Since then I have played with this being on and off. It works > fine for a while until a nice spam message or two get hit with a nice > big negative score and it sails through. I was wondering if I am just > not giving the system enough time to sort it's self out or if SA with > MailScanner is better off with out AWL? Anyone got any opinions on this? It would be nice to know what others are running with. There was some inconclusive debate when SA 3.0 was released, which from memory resulted in a 'We'll give it a go and see'. I just wondered what if any results could be drawn. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Mon Nov 14 16:07:37 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:12 2006 Subject: High Positive SA AWL rule ? Message-ID: Hi, I am running with AWL and have had no major problems for a while now. I think the trick with AWL is to only switch it on once you have a stable setup and you are generally happy with your hit rate. If you use Bayes for instance, don't switch on AWL until your Bayes database is properly trained. This seems to be true with the Bayes autolearn feature as well. I am using SpamAssassin 3.1.0 with sitewide Bayes and AWL switched on. > On Thu, September 29, 2005 06:22, Drew Marshall wrote: > > On 28 Sep 2005, at 21:08, Matt Kettler wrote: > > > >> Mailscanner wrote: > >> > >>> Has anyone noticed SA run AWL giving high positive scores like; > >>> > >>> Spam Report: > >>> Score Matching Rule Description 7.42 AWL From: > >>> address is in the auto white-list -2.60 BAYES_00 Bayesian > >>> spam probability is 0 to 1% > >>> > >>> > >> > >> Sure, I've seen it do that lots of times. Is there a specific > >> problem, or were > >> you merely confused about the AWL having a large positive score? > >> > >> In general, you might want to read up on how the AWL works. Once > >> you have a basic handle on what the AWL *really* is (hint: it's a > >> score averager, not a whitelist), you'll have a better idea what to > >> look at to try to figure out problems you may have with it. > >> > >> http://wiki.apache.org/spamassassin/AutoWhitelist > > > > I know with SA versions before 3.x it was recommended to turn off > > AWL. Since then I have played with this being on and off. It works > > fine for a while until a nice spam message or two get hit with a > > nice big negative score and it sails through. I was wondering if I > > am just not giving the system enough time to sort it's self out or > > if SA with MailScanner is better off with out AWL? > > Anyone got any opinions on this? It would be nice to know what others > are running with. There was some inconclusive debate when SA 3.0 was > released, which from memory resulted in a 'We'll give it a go and > see'. I just wondered what if any results could be drawn. > > Drew > > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Computer software consists of only two components: ones and zeros, in roughly equal proportions. All that is required is to sort them into the correct order. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 14 16:03:51 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.04 question regarding URIBL Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] on my debian system there is a /etc/Mailscanner/spam.assassin.prefs.conf.dpkg-dist in there there is the lines below... urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 These are not in the /etc/Mailscanner/spam.assassin.prefs.conf file should i add it or does MS and SA have this as a default? Thanks... Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 14 17:23:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.04 question regarding URIBL Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have assumed in the most recent MailScanner distributions that you will have upgraded to SA 3.1.0. Fr older versions of SA you will need these lines. My advice is to download my easy ClamAV+SA distribution package and install that. Another reason is that there has been a security vulnerability discovered in SA 3.0 which has been corrected in SA 3.1.0. Rob wrote: > on my debian system there is a > /etc/Mailscanner/spam.assassin.prefs.conf.dpkg-dist > > in there there is the lines below... > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 > These are not in the /etc/Mailscanner/spam.assassin.prefs.conf file > should i add it or does MS and SA have this as a default? > > Thanks... > > > Rob... > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3jIGBH2WUcUFbZUEQL4FQCeJUBn28p4+Y5OXbwVUBcx+oGajVkAoPTk Yve3Tyzl8g5D0U9rcFr9nbJa =geic -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 14 17:27:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.04 question regarding URIBL Message-ID: URIBL_JP_SURBL is installed by default in 3.0.4. check in /usr/local/share/spamassassin which is where the rules from the distribution are kept. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 14 November 2005 17:24 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] SA 3.04 question regarding URIBL > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have assumed in the most recent MailScanner distributions that you > will have upgraded to SA 3.1.0. Fr older versions of SA you will need > these lines. My advice is to download my easy ClamAV+SA distribution > package and install that. Another reason is that there has been a > security vulnerability discovered in SA 3.0 which has been corrected in > SA 3.1.0. > > Rob wrote: > > > on my debian system there is a > > /etc/Mailscanner/spam.assassin.prefs.conf.dpkg-dist > > > > in there there is the lines below... > > > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > > describe URIBL_JP_SURBL Has URI in JP at > http://www.surbl.org/lists.html > > tflags URIBL_JP_SURBL net > > > > score URIBL_JP_SURBL 4.0 > > These are not in the /etc/Mailscanner/spam.assassin.prefs.conf file > > should i add it or does MS and SA have this as a default? > > > > Thanks... > > > > > > Rob... > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3jIGBH2WUcUFbZUEQL4FQCeJUBn28p4+Y5OXbwVUBcx+oGajVkAoPTk > Yve3Tyzl8g5D0U9rcFr9nbJa > =geic > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 14 17:35:55 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.04 question regarding URIBL Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahhh, thats where those are.... :) Actually there in /usr/share/spamassassin for me.... Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, November 14, 2005 12:27 PM Subject: Re: SA 3.04 question regarding URIBL > URIBL_JP_SURBL is installed by default in 3.0.4. check in > /usr/local/share/spamassassin which is where the rules from the > distribution > are kept. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: 14 November 2005 17:24 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] SA 3.04 question regarding URIBL >> >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> I have assumed in the most recent MailScanner distributions that you >> will have upgraded to SA 3.1.0. Fr older versions of SA you will need >> these lines. My advice is to download my easy ClamAV+SA distribution >> package and install that. Another reason is that there has been a >> security vulnerability discovered in SA 3.0 which has been corrected in >> SA 3.1.0. >> >> Rob wrote: >> >> > on my debian system there is a >> > /etc/Mailscanner/spam.assassin.prefs.conf.dpkg-dist >> > >> > in there there is the lines below... >> > >> > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 >> > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') >> > describe URIBL_JP_SURBL Has URI in JP at >> http://www.surbl.org/lists.html >> > tflags URIBL_JP_SURBL net >> > >> > score URIBL_JP_SURBL 4.0 >> > These are not in the /etc/Mailscanner/spam.assassin.prefs.conf file >> > should i add it or does MS and SA have this as a default? >> > >> > Thanks... >> > >> > >> > Rob... >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the Wiki (http://wiki.mailscanner.info/) >> > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > *Support MailScanner development - buy the book off the website!* >> >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> Professional Support Services at www.MailScanner.biz >> MailScanner thanks transtec Computers for their support >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.2 (Build 2424) >> >> iQA/AwUBQ3jIGBH2WUcUFbZUEQL4FQCeJUBn28p4+Y5OXbwVUBcx+oGajVkAoPTk >> Yve3Tyzl8g5D0U9rcFr9nbJa >> =geic >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 14 17:33:38 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.04 question regarding URIBL Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well i am using 3.04 as we use Debian's apt-get to keep everything uptodate, rather than install apps from source, so to speak.... as per Debian there is nothing past MS 4.41 or SA 3.04 unless i am not using the correct sources in my /ec/apt/sources.list I know there is a MS 4.47 and SA 3.10 but i was hoping they would be released under sarge/3.1 stable soon... Now if there is another way to install these new packages without upgrading anything else on the system, please let me know.... Thanks for all the help here, its a fantastic list! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Julian Field" To: Sent: Monday, November 14, 2005 12:23 PM Subject: Re: SA 3.04 question regarding URIBL > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have assumed in the most recent MailScanner distributions that you > will have upgraded to SA 3.1.0. Fr older versions of SA you will need > these lines. My advice is to download my easy ClamAV+SA distribution > package and install that. Another reason is that there has been a > security vulnerability discovered in SA 3.0 which has been corrected in > SA 3.1.0. > > Rob wrote: > >> on my debian system there is a >> /etc/Mailscanner/spam.assassin.prefs.conf.dpkg-dist >> >> in there there is the lines below... >> >> urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 >> body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') >> describe URIBL_JP_SURBL Has URI in JP at >> http://www.surbl.org/lists.html >> tflags URIBL_JP_SURBL net >> >> score URIBL_JP_SURBL 4.0 >> These are not in the /etc/Mailscanner/spam.assassin.prefs.conf file >> should i add it or does MS and SA have this as a default? >> >> Thanks... >> >> >> Rob... >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3jIGBH2WUcUFbZUEQL4FQCeJUBn28p4+Y5OXbwVUBcx+oGajVkAoPTk > Yve3Tyzl8g5D0U9rcFr9nbJa > =geic > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Nov 14 17:53:11 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.04 question regarding URIBL Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob spake the following on 11/14/2005 8:03 AM: > on my debian system there is a > /etc/Mailscanner/spam.assassin.prefs.conf.dpkg-dist > > in there there is the lines below... > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 > These are not in the /etc/Mailscanner/spam.assassin.prefs.conf file > should i add it or does MS and SA have this as a default? > I don't think this is in 3.0.4. It is in the spam.assassin.prefs.conf.dpkg-dist as a suggestion. Dpkg won't overwrite your existing conf files. It is worth adding, as another 4 points might be the difference between stopping spam or not. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yan at NEVERNEVERLAND.F9.CO.UK Mon Nov 14 18:08:20 2005 From: yan at NEVERNEVERLAND.F9.CO.UK (YAN) Date: Thu Jan 12 21:31:12 2006 Subject: Problem with HTML messages and MailScanner 4.47.4 Message-ID: I have been using MailScanner 4.43.8 for a while without any problems and decided to upgrade to 4.47.4. The first upgrade attempt was not done using the install.sh script, instead I just extracted the MailScanner-4.47.4-2.tar.gz from the perl directory of the MailScanner-install-4.47.4-2.tar.gz and edited the conf files for my system. I changed the MailScanner symlink in /opt to reflect the new version and the problem started. If the format of mail entering my MailScanner box is text or rich text then it is processed and delivered correctly. If the format is html then I get the following in my /var/log/maillog Nov 12 16:11:12 beckham MailScanner[5232]: MailScanner E-Mail Virus Scanner version 4.47.4 starting... Nov 12 16:11:12 beckham MailScanner[5083]: New Batch: Scanning 1 messages, 1459 bytes Nov 12 16:11:12 beckham MailScanner[5232]: Read 680 hostnames from the phishing whitelist Nov 12 16:11:12 beckham MailScanner[5232]: Config: calling custom init function SQLBlacklist Nov 12 16:11:12 beckham MailScanner[5232]: Starting up SQL Blacklist Nov 12 16:11:13 beckham MailScanner[5232]: Read 2986 blacklist entries Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init function MailWatchLogging Nov 12 16:11:13 beckham MailScanner[5232]: Started SQL Logging child Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init function SQLWhitelist Nov 12 16:11:13 beckham MailScanner[5232]: Starting up SQL Whitelist Nov 12 16:11:13 beckham MailScanner[5232]: Read 13 whitelist entries Nov 12 16:11:13 beckham MailScanner[5232]: Using locktype = flock This is repeated continually but the html message(s) never actually get processed or delivered. I have MailScanner set to have 5 processes but when html messages are encountered, the running processes seem to spawn new MailScanner processes. Some of these processes seem to die and leave the following in /var/log/messages Nov 13 18:05:53 beckham root: Process did not exit cleanly, returned 255 with signal 0 Nov 13 18:11:38 beckham root: Process did not exit cleanly, returned 9 with signal 0 This will continue until I manually move the 'stuck' html emails from /var/spool/mqueue.in at which point the logging stops and the MailScanner processes return to normal (until a new html message is received). Since the initial install I have ran the install.sh script to ensure that no perl dependencies are missing, which completes without error but I still cant process html emails. At this point the problem gets even weirder.... This particular MailScanner box is a semi-production box so until a fix could be found I tried to revert back to the last known working install of MailScanner, namely 4.43.8. This version has now also developed the dislike of html emails. Other than the attempted upgrade of MailScanner, nothing else has been changed on the box. It only acts as a MailScanner and nobody else has access to it to be able to change/install anything without my knowledge. As I was now having the same problem with both versions I decided to persist with the newer version (4.47.4). Debug shows the same log entries shown above and doesn't show any further information. I can force MailScanner 4.47.4 to process html emails by using Scan Messages = no (obviously this doesn't do any scanning) but the html emails are then processed and delivered. I cant seem to find what is causing this issue and hope that someone may have seen this before or be able to point me in the right direction to fix it. Details of the box are: FreeBSD 4.10-RELEASE Perl v5.8.2 Sendmail v 8.12.11 Any help/ideas will be greatly appreciated and further information will be supplied if needed. Regards Yan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 14 19:11:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:12 2006 Subject: Detecting grids of drug names Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have produced a rule which detects grids of letters. They are using a table trick to rotate the words by 90 degrees so the letters of the first column all come first, followed by all the letters of the second column and so on. This stops you detecting words with HTML junk in between the letters. But I can now detect these grids: rawbody JKF_DRUG_GRID1 /(\>([[:alpha:]]\s){4}[[:alpha:]].*){4}\>/i describe JKF_DRUG_GRID1 Grid of letters rotated to produce drug names score JKF_DRUG_GRID1 4.5 This detects grids of at least 4x4 characters, which is small enough to detect drug names. The first "4" sets the minimum number of rows in the grid, the second "4" sets the minimum number of columns. Quite succinct once you work out what you are looking for :-) All improvements and comments are most welcome. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3jhcxH2WUcUFbZUEQKvKwCfaNamPtR7k1aZW0UIDWtTujB6eLYAni0B o6WFlyHWf9byYvtqKlQbox1Y =Z2aP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Mon Nov 14 19:26:10 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:12 2006 Subject: Problem with HTML messages and MailScanner 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sounds like have corrupted one or more of the Perl modules required by it. You will need to uninstall the Perl modules so that install.sh can reinstall them. How much else does this box do? Could you just reinstall it from scratch? YAN wrote: >I have been using MailScanner 4.43.8 for a while without any problems and >decided to upgrade to 4.47.4. > >The first upgrade attempt was not done using the install.sh script, instead >I just extracted the MailScanner-4.47.4-2.tar.gz from the perl directory of >the MailScanner-install-4.47.4-2.tar.gz and edited the conf files for my >system. I changed the MailScanner symlink in /opt to reflect the new version >and the problem started. > >If the format of mail entering my MailScanner box is text or rich text then >it is processed and delivered correctly. If the format is html then I get >the following in my /var/log/maillog > >Nov 12 16:11:12 beckham MailScanner[5232]: MailScanner E-Mail Virus Scanner >version 4.47.4 starting... >Nov 12 16:11:12 beckham MailScanner[5083]: New Batch: Scanning 1 messages, >1459 bytes >Nov 12 16:11:12 beckham MailScanner[5232]: Read 680 hostnames from the >phishing whitelist >Nov 12 16:11:12 beckham MailScanner[5232]: Config: calling custom init >function SQLBlacklist >Nov 12 16:11:12 beckham MailScanner[5232]: Starting up SQL Blacklist >Nov 12 16:11:13 beckham MailScanner[5232]: Read 2986 blacklist entries >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init >function MailWatchLogging >Nov 12 16:11:13 beckham MailScanner[5232]: Started SQL Logging child >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init >function SQLWhitelist >Nov 12 16:11:13 beckham MailScanner[5232]: Starting up SQL Whitelist >Nov 12 16:11:13 beckham MailScanner[5232]: Read 13 whitelist entries >Nov 12 16:11:13 beckham MailScanner[5232]: Using locktype = flock > >This is repeated continually but the html message(s) never actually get >processed or delivered. I have MailScanner set to have 5 processes but when >html messages are encountered, the running processes seem to spawn new >MailScanner processes. Some of these processes seem to die and leave the >following in /var/log/messages > >Nov 13 18:05:53 beckham root: Process did not exit cleanly, returned 255 >with signal 0 >Nov 13 18:11:38 beckham root: Process did not exit cleanly, returned 9 with >signal 0 > >This will continue until I manually move the 'stuck' html emails from >/var/spool/mqueue.in at which point the logging stops and the MailScanner >processes return to normal (until a new html message is received). > >Since the initial install I have ran the install.sh script to ensure that no >perl dependencies are missing, which completes without error but I still >cant process html emails. At this point the problem gets even weirder.... > >This particular MailScanner box is a semi-production box so until a fix >could be found I tried to revert back to the last known working install of >MailScanner, namely 4.43.8. This version has now also developed the dislike >of html emails. Other than the attempted upgrade of MailScanner, nothing >else has been changed on the box. It only acts as a MailScanner and nobody >else has access to it to be able to change/install anything without my >knowledge. > >As I was now having the same problem with both versions I decided to persist >with the newer version (4.47.4). Debug shows the same log entries shown >above and doesn't show any further information. I can force MailScanner >4.47.4 to process html emails by using Scan Messages = no (obviously this >doesn't do any scanning) but the html emails are then processed and >delivered. > >I cant seem to find what is causing this issue and hope that someone may >have seen this before or be able to point me in the right direction to fix >it. > >Details of the box are: > >FreeBSD 4.10-RELEASE >Perl v5.8.2 >Sendmail v 8.12.11 > >Any help/ideas will be greatly appreciated and further information will be >supplied if needed. > >Regards > >Yan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field Teaching Systems Manager jkf@ecs.soton.ac.uk Electronics & Computer Science Tel. 023 8059 2817 University of Southampton Southampton SO17 1BJ -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3jk0hH2WUcUFbZUEQLWeQCg005NENeBCuH3KVIqd2blbl2oNlcAoKbD xgjW2J7VApJzt1mCLpnJqSIB =VB4m -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yan at NEVERNEVERLAND.F9.CO.UK Mon Nov 14 20:13:05 2005 From: yan at NEVERNEVERLAND.F9.CO.UK (YAN) Date: Thu Jan 12 21:31:12 2006 Subject: Problem with HTML messages and MailScanner 4.47.4 Message-ID: I could reinstall it from scratch as it does nothing else but run MailScanner. The problem with a reinstall is that the server is in a remote datacentre and im not planning a visit there for at least a week or so. If I need to flatten the box and reinstall then I will do that, but ill try removing and reinstalling the Perl modules first. Any ideas as to which module could be the likely culprit or are there multiple possibilities? Regards Yan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 14 November 2005 19:26 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem with HTML messages and MailScanner 4.47.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sounds like have corrupted one or more of the Perl modules required by it. You will need to uninstall the Perl modules so that install.sh can reinstall them. How much else does this box do? Could you just reinstall it from scratch? YAN wrote: >I have been using MailScanner 4.43.8 for a while without any problems and >decided to upgrade to 4.47.4. > >The first upgrade attempt was not done using the install.sh script, instead >I just extracted the MailScanner-4.47.4-2.tar.gz from the perl directory of >the MailScanner-install-4.47.4-2.tar.gz and edited the conf files for my >system. I changed the MailScanner symlink in /opt to reflect the new version >and the problem started. > >If the format of mail entering my MailScanner box is text or rich text then >it is processed and delivered correctly. If the format is html then I get >the following in my /var/log/maillog > >Nov 12 16:11:12 beckham MailScanner[5232]: MailScanner E-Mail Virus Scanner >version 4.47.4 starting... >Nov 12 16:11:12 beckham MailScanner[5083]: New Batch: Scanning 1 messages, >1459 bytes >Nov 12 16:11:12 beckham MailScanner[5232]: Read 680 hostnames from the >phishing whitelist >Nov 12 16:11:12 beckham MailScanner[5232]: Config: calling custom init >function SQLBlacklist >Nov 12 16:11:12 beckham MailScanner[5232]: Starting up SQL Blacklist >Nov 12 16:11:13 beckham MailScanner[5232]: Read 2986 blacklist entries >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init >function MailWatchLogging >Nov 12 16:11:13 beckham MailScanner[5232]: Started SQL Logging child >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init >function SQLWhitelist >Nov 12 16:11:13 beckham MailScanner[5232]: Starting up SQL Whitelist >Nov 12 16:11:13 beckham MailScanner[5232]: Read 13 whitelist entries >Nov 12 16:11:13 beckham MailScanner[5232]: Using locktype = flock > >This is repeated continually but the html message(s) never actually get >processed or delivered. I have MailScanner set to have 5 processes but when >html messages are encountered, the running processes seem to spawn new >MailScanner processes. Some of these processes seem to die and leave the >following in /var/log/messages > >Nov 13 18:05:53 beckham root: Process did not exit cleanly, returned 255 >with signal 0 >Nov 13 18:11:38 beckham root: Process did not exit cleanly, returned 9 with >signal 0 > >This will continue until I manually move the 'stuck' html emails from >/var/spool/mqueue.in at which point the logging stops and the MailScanner >processes return to normal (until a new html message is received). > >Since the initial install I have ran the install.sh script to ensure that no >perl dependencies are missing, which completes without error but I still >cant process html emails. At this point the problem gets even weirder.... > >This particular MailScanner box is a semi-production box so until a fix >could be found I tried to revert back to the last known working install of >MailScanner, namely 4.43.8. This version has now also developed the dislike >of html emails. Other than the attempted upgrade of MailScanner, nothing >else has been changed on the box. It only acts as a MailScanner and nobody >else has access to it to be able to change/install anything without my >knowledge. > >As I was now having the same problem with both versions I decided to persist >with the newer version (4.47.4). Debug shows the same log entries shown >above and doesn't show any further information. I can force MailScanner >4.47.4 to process html emails by using Scan Messages = no (obviously this >doesn't do any scanning) but the html emails are then processed and >delivered. > >I cant seem to find what is causing this issue and hope that someone may >have seen this before or be able to point me in the right direction to fix >it. > >Details of the box are: > >FreeBSD 4.10-RELEASE >Perl v5.8.2 >Sendmail v 8.12.11 > >Any help/ideas will be greatly appreciated and further information will be >supplied if needed. > >Regards > >Yan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 14 20:54:14 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:12 2006 Subject: Blocking messages containing web bugs? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Monday, November 14, 2005 3:06 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Blocking messages containing web bugs? > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Can anyone think up a good reason why I stopped being able to do this? > You can currently only set "Allow Web Bugs = yes" or "disarm". Any good > reason why I took out "no" as an option? > > - -- > Julian Field I can't think of any. There is possibly some "legit" email that contains web bugs. We've always used disarm. Any other comments? Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 14 21:06:21 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: Detecting grids of drug names Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I have produced a rule which detects grids of letters. They are using a > table trick to rotate the words by 90 degrees so the letters of the > first column all come first, followed by all the letters of the second > column and so on. This stops you detecting words with HTML junk in > between the letters. > > But I can now detect these grids: > > rawbody JKF_DRUG_GRID1 /(\>([[:alpha:]]\s){4}[[:alpha:]].*){4}\>/i > describe JKF_DRUG_GRID1 Grid of letters rotated to produce drug names > score JKF_DRUG_GRID1 4.5 > > This detects grids of at least 4x4 characters, which is small enough to > detect drug names. > The first "4" sets the minimum number of rows in the grid, the second > "4" sets the minimum number of columns. > > Quite succinct once you work out what you are looking for :-) > All improvements and comments are most welcome. > Julian, I had a similar to a concept on Friday.. Mine work a bit differently, these look for a specific drug name in the post-htm-stripped text. Thus far it works quite well, but I've got the scores low as I'm testing them still. See attached. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] body L_COLUMN_VIAG /\bv(?:\s\w){4,6}\si(?:\s\w){4,6}\sa(?:\s\w){4,6}\sg(?:\s\w){4,6}\sr(?:\s\w){4,6}\sa\b/i describe L_COLUMN_VIAG looks like a column-obfuscated v-pill ad score L_COLUMN_VIAG 0.5 body L_COLUMN_XAN /\bX(?:\s\w){4,6}\sA(?:\s\w){4,6}\sN(?:\s\w){4,6}\sA(?:\s\w){4,6}\sX\b/i describe L_COLUMN_XAN looks like a column-obfuscated x-pill ad score L_COLUMN_XAN 0.5 body L_COLUMN_CIA /\bC(?:\s\w){4,6}\sI(?:\s\w){4,6}\sA(?:\s\w){4,6}\sL(?:\s\w){4,6}\sI(?:\s\w){4,6}\sS\b/i describe L_COLUMN_CIA looks like a column-obfuscated C-pill ad score L_COLUMN_CIA 0.5 body L_COLUMN_VAL /\bV(?:\s\w){4,6}\sA(?:\s\w){4,6}\sL(?:\s\w){4,6}\sI(?:\s\w){4,6}\sU(?:\s\w){4,6}\sM\b/i describe L_COLUMN_VAL looks like a column-obfuscated val-pill ad score L_COLUMN_VAL 0.5 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 14 21:35:22 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: Failed to Parse line Pyzor,Raxor-config and DCC Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > On FreeBSD v5.4, the following utilities(executeables) pyzor,dcc are > located under > > /usr/local/bin > > razor-agent.conf is located under /root/.razor > > I have verified that the spam.assassin.prefs.conf file points to either > > > pyzor_path /usr/local/bin > dcc_path /usr/local/bin > razor_config /root/.razor > > I keep getting these warnings when runnng > > spamassassin -D -p /usr/local/etc/MailScanner/spam.assassin.prefs.cong > --lint > > [8258] warn: config: failed to parse line, skipping: pyzor_path > /usr/local/bin > [8258] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin > [8258] warn: config: failed to parse line, skipping: razor_config > /root/.razor/razor-agent.conf > > > Any ideas??? > Are you using SA 3.1.0? If so you need to load the plugins for those features to use them. See /etc/mail/spamassassin/v310.pre ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Tue Nov 15 00:24:55 2005 From: ajos1 at onion.demon.co.uk (Dj Ajos1) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.10 question Message-ID: ... SA 3.10 question Without post the rather huge debug printout... does anyone have a quick idea what might be wrong here. spamassassin -d --lint ====================== [23476] warn: config: failed to parse line, skipping: auto_learn 1 [23476] warn: lint: 1 issues detected, please rerun with debug enabled for more information Snippet of spamassassin -D --lint ================================= [23805] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i^M [23805] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i^M [23805] warn: config: failed to parse line, skipping: auto_learn 1^M [23805] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0xab5cec0) implements 'finish_parsing_end'^M [23805] dbg: replacetags: replacing tags^M == ===================================================================== = = "I tend to look off to the right and left when I indulge in linear = analysis." = = "I can get my Guinea Pig to speak to you..." - Tracy = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 15 00:38:05 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.10 question Message-ID: On 15 Nov 2005, at 00:24, Dj Ajos1 wrote: > ... > > SA 3.10 question > > Without post the rather huge debug printout... does anyone have a > quick idea what might be wrong here. > > > spamassassin -d --lint > ====================== > > [23476] warn: config: failed to parse line, skipping: > auto_learn 1 > [23476] warn: lint: 1 issues detected, please rerun with debug > enabled for more information > > > Snippet of spamassassin -D --lint > ================================= > [23805] dbg: config: adding redirector regex: m'^http.*?/redirect > \.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i^M > [23805] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+ > \.)?emf\d\.com/r\.cfm.*?&r=(.*)'i^M > [23805] warn: config: failed to parse line, skipping: > auto_learn 1^M > [23805] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH > (0xab5cec0) implements 'finish_parsing_end'^M > [23805] dbg: replacetags: replacing tags^M Check spam.assassin.prefs.conf for the line auto_learn and comment it out. SA auto learns spam/ ham by default so it won't matter but the line now should read bayes_auto_learn [0,1]. Drew PS Please don't add a reply to address in your mail client. It stops the list getting the 'benefit' (?!) of my reply -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Tue Nov 15 01:12:04 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:12 2006 Subject: Pyzor checks on legitimate mail bounces. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Folks, From ugob at CAMO-ROUTE.COM Tue Nov 15 03:04:37 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:12 2006 Subject: Child Process vs batch size Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I know that MailScanner gets its efficiency by processing messages in batches (hence loading SA and AV engines only once per batch. I was looking at the average size of my batches, and it rarely goes over 10, which is far from the standard max size of 30. Would I get more efficiency by lowering my # of child process? Would I have the same performance if I get struck by a spam storm? Open to opinions... Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 15 03:01:35 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:12 2006 Subject: Pyzor checks on legitimate mail bounces. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Tony Enderby wrote: > Hi Folks, > > From time to time I am seeing legitimate bounced message to users > behind my mailscanner servers get quarantined > due to pyzor seeing a URL in the bounce and assigning a relatively high > score to it. > > These are legitimate bounced messages where a user has incorrectly typed > a recipient email address. > > Is there a known way that this can be overcome? Whitelisting the originating server should do it, but I don't think Pyzor sees URL in messages, it's based on digests (checksums). > > Many thanks in advance. > > Tony. > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Nov 15 04:59:48 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:31:12 2006 Subject: funny log entry Message-ID: I asked this a while ago but never got an answer and cannot seem to find out why this log entry is showing up. Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks like a filename. If this is a ruleset filename, it must end in .rule or .rules Does this make any sense? My ruleset for spamoptions does end in .rules. The other weird thing is that the url should be /etc/MailScanner/rules/spamoptions.rules (note case) but that is the only odd thing I can see here other than the actual error log? Any help here? Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at YAHOO.COM Tue Nov 15 06:10:00 2005 From: micoots at YAHOO.COM (Michael Mansour) Date: Thu Jan 12 21:31:12 2006 Subject: Greylisting with MailScanner, Sendmail, Spamassassin Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm using the latest version of MailScanner with Sendmail and Spamassassin (and pyzor and razor). I've just recently enabled DCC to support greylisting, but I can't see whether it's actually working or not and am not sure how to test it. Under MailScanner, sendmail is run in background queueing mode, and the greylisting works (I think) by modifying sendmail to query DCC and if found to be "grey", rejects the message. But MailScanner is the one that listens on port 25, I believe it then forwards the message to the virus scanner first? then SA? which uses DCC, razor and pyzor to determine whether the message is spam? But the way greylisting is supposed to work is at the mailer level (no content scanning), so I'm wondering how we're supposed to get this running with MailScanner like this? I appreciate any feedback. Michael. ____________________________________________________ Do you Yahoo!? Take your Mail with you - get Yahoo! Mail on your mobile http://au.mobile.yahoo.com/mweb/index.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevins at BMRB.CO.UK Tue Nov 15 06:55:21 2005 From: kevins at BMRB.CO.UK (Kevin Spicer) Date: Thu Jan 12 21:31:12 2006 Subject: Greylisting with MailScanner, Sendmail, Spamassassin Message-ID: On Tue, 2005-11-15 at 17:10 +1100, Michael Mansour wrote: > But MailScanner is the one that listens on port 25, I > believe it then forwards the message to the virus > scanner first? then SA? which uses DCC, razor and > pyzor to determine whether the message is spam? No. sendmail listens on port 25, queues the message, MailScanner scans all messages in the incoming queue before moving them to the outgoing queue to be sent onwards by a second sendmail instance. You are also confusing the DCC stuff. DCC as used by SpamAssassin is the 'Distributed Checksum Clearinghouse' spam content filter - which basically works by comparing checksums of mail against checksums of known spam. [All these explanations are very much over simplified] DCC does have the ability to use greylisting, however as you are not calling DCC from sendmail this is not relevant to the use of DCC within SpamAssasin. To implement greylisting in sendmail I would suggest you use Anthony Howe's milter-gris http://www.snertsoft.com/sendmail/milter-gris/ ================================================================= BMRB http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 15 08:56:54 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:12 2006 Subject: Problem with HTML messages and MailScanner 4.47.4 Message-ID: Yan Was this originally installed from the ports system and then you tried to upgrade using the tar.gz??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of YAN > Sent: 14 November 2005 20:13 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Problem with HTML messages and MailScanner > 4.47.4 > > I could reinstall it from scratch as it does nothing else but run > MailScanner. The problem with a reinstall is that the server is in a > remote > datacentre and im not planning a visit there for at least a week or so. If > I > need to flatten the box and reinstall then I will do that, but ill try > removing and reinstalling the Perl modules first. > > Any ideas as to which module could be the likely culprit or are there > multiple possibilities? > > Regards > > Yan > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf > Of Julian Field > Sent: 14 November 2005 19:26 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Problem with HTML messages and MailScanner 4.47.4 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sounds like have corrupted one or more of the Perl modules required by > it. You will need to uninstall the Perl modules so that install.sh can > reinstall them. > > How much else does this box do? Could you just reinstall it from scratch? > > YAN wrote: > > >I have been using MailScanner 4.43.8 for a while without any problems and > >decided to upgrade to 4.47.4. > > > >The first upgrade attempt was not done using the install.sh script, > instead > >I just extracted the MailScanner-4.47.4-2.tar.gz from the perl directory > of > >the MailScanner-install-4.47.4-2.tar.gz and edited the conf files for my > >system. I changed the MailScanner symlink in /opt to reflect the new > version > >and the problem started. > > > >If the format of mail entering my MailScanner box is text or rich text > then > >it is processed and delivered correctly. If the format is html then I get > >the following in my /var/log/maillog > > > >Nov 12 16:11:12 beckham MailScanner[5232]: MailScanner E-Mail Virus > Scanner > >version 4.47.4 starting... > >Nov 12 16:11:12 beckham MailScanner[5083]: New Batch: Scanning 1 > messages, > >1459 bytes > >Nov 12 16:11:12 beckham MailScanner[5232]: Read 680 hostnames from the > >phishing whitelist > >Nov 12 16:11:12 beckham MailScanner[5232]: Config: calling custom init > >function SQLBlacklist > >Nov 12 16:11:12 beckham MailScanner[5232]: Starting up SQL Blacklist > >Nov 12 16:11:13 beckham MailScanner[5232]: Read 2986 blacklist entries > >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init > >function MailWatchLogging > >Nov 12 16:11:13 beckham MailScanner[5232]: Started SQL Logging child > >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init > >function SQLWhitelist > >Nov 12 16:11:13 beckham MailScanner[5232]: Starting up SQL Whitelist > >Nov 12 16:11:13 beckham MailScanner[5232]: Read 13 whitelist entries > >Nov 12 16:11:13 beckham MailScanner[5232]: Using locktype = flock > > > >This is repeated continually but the html message(s) never actually get > >processed or delivered. I have MailScanner set to have 5 processes but > when > >html messages are encountered, the running processes seem to spawn new > >MailScanner processes. Some of these processes seem to die and leave the > >following in /var/log/messages > > > >Nov 13 18:05:53 beckham root: Process did not exit cleanly, returned 255 > >with signal 0 > >Nov 13 18:11:38 beckham root: Process did not exit cleanly, returned 9 > with > >signal 0 > > > >This will continue until I manually move the 'stuck' html emails from > >/var/spool/mqueue.in at which point the logging stops and the MailScanner > >processes return to normal (until a new html message is received). > > > >Since the initial install I have ran the install.sh script to ensure that > no > >perl dependencies are missing, which completes without error but I still > >cant process html emails. At this point the problem gets even weirder.... > > > >This particular MailScanner box is a semi-production box so until a fix > >could be found I tried to revert back to the last known working install > of > >MailScanner, namely 4.43.8. This version has now also developed the > dislike > >of html emails. Other than the attempted upgrade of MailScanner, nothing > >else has been changed on the box. It only acts as a MailScanner and > nobody > >else has access to it to be able to change/install anything without my > >knowledge. > > > >As I was now having the same problem with both versions I decided to > persist > >with the newer version (4.47.4). Debug shows the same log entries shown > >above and doesn't show any further information. I can force MailScanner > >4.47.4 to process html emails by using Scan Messages = no (obviously this > >doesn't do any scanning) but the html emails are then processed and > >delivered. > > > >I cant seem to find what is causing this issue and hope that someone may > >have seen this before or be able to point me in the right direction to > fix > >it. > > > >Details of the box are: > > > >FreeBSD 4.10-RELEASE > >Perl v5.8.2 > >Sendmail v 8.12.11 > > > >Any help/ideas will be greatly appreciated and further information will > be > >supplied if needed. > > > >Regards > > > >Yan > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 15 09:24:49 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:12 2006 Subject: Child Process vs batch size Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can test this when your destination MTA is down and 2 or 3k message bank up- not sure how you can test this in real time without causing lots of delays for end users? It doesnt reach more than 10 because MS looks every 5sec and processes what mail it finds providing its less than 30 messages, I assume max per batch is set to 30. In 5 sec your mail server doesnt accumulate more than 10 messages. Performance when you get hammered wont change all that much (in my limeted experience) in low volume environments, like mine. Ugo Bellavance wrote: > Hi, > > I know that MailScanner gets its efficiency by processing messages > in batches (hence loading SA and AV engines only once per batch. I was > looking at the average size of my batches, and it rarely goes over 10, > which is far from the standard max size of 30. Would I get more > efficiency by lowering my # of child process? Would I have the same > performance if I get struck by a spam storm? > > Open to opinions... > > Regards, ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 15 09:26:02 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:12 2006 Subject: funny log entry Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Triple check MailScanner.conf for a typo. Try searching in VI with /mailscanner for the misspelt word. Pete Dave Filchak wrote: > I asked this a while ago but never got an answer and cannot seem to find > out why this log entry is showing up. > > Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks like > a filename. If this is a ruleset filename, it must end in .rule or .rules > > Does this make any sense? My ruleset for spamoptions does end in .rules. > The other weird thing is that the url should be > /etc/MailScanner/rules/spamoptions.rules (note case) but that is the > only odd thing I can see here other than the actual error log? > > Any help here? > > Dave > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schweizer.martin at GMAIL.COM Tue Nov 15 09:57:44 2005 From: schweizer.martin at GMAIL.COM (Martin Schweizer) Date: Thu Jan 12 21:31:12 2006 Subject: MailScanner / SMTP Auth (again) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello Nathan & Julian I will check this issues asap. Regards, Martin 2005/11/14, Julian Field : > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Another things we hit with sasl on RedHat (and hence its clones too) is > a configuration error in /etc/sysconfig/saslauthd, where they had MECH > set wrong. It should be set > MECH=pam > so that it correctly checks all your authentication schemes. As shipped > it only checks the local password. Oops. > > Nathan Olson wrote: > > >Read this: > >http://www.sendmail.org/~ca/email/auth.html > > > >You may have not created the sasldb password file, among other things. > >Why you'd have LOGIN and not PLAIN is also very strange. LOGIN is > >antiquated (but still used by horrid email clients). > > > >Nate > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3ixlRH2WUcUFbZUEQLP7QCfa1hSt+kQdfy/tjJmRiwEFRhzwhYAoINu > 4dlSQPQ88yJ/jTHE0VPDPJbI > =QrfW > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Martin Schweizer schweizer.martin@gmail.com Fax: +41 55 243 33 22 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Mon Nov 14 20:02:38 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:12 2006 Subject: Failed to Parse line Pyzor,Raxor-config and DCC Message-ID: On FreeBSD v5.4, the following utilities(executeables) pyzor,dcc are located under /usr/local/bin razor-agent.conf is located under /root/.razor I have verified that the spam.assassin.prefs.conf file points to either pyzor_path /usr/local/bin dcc_path /usr/local/bin razor_config /root/.razor I keep getting these warnings when runnng spamassassin -D -p /usr/local/etc/MailScanner/spam.assassin.prefs.cong --lint [8258] warn: config: failed to parse line, skipping: pyzor_path /usr/local/bin [8258] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin [8258] warn: config: failed to parse line, skipping: razor_config /root/.razor/razor-agent.conf Any ideas??? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Mon Nov 14 20:05:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:12 2006 Subject: Blocking messages containing web bugs? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can anyone think up a good reason why I stopped being able to do this? You can currently only set "Allow Web Bugs = yes" or "disarm". Any good reason why I took out "no" as an option? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3juIxH2WUcUFbZUEQLSvwCgo1TH0l51LD5P0nMRbZ3RETKElpsAoLlH O8YLAOTVZ308VZuICC+TG4sT =xpBZ -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Tue Nov 15 13:17:41 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:12 2006 Subject: Failed to Parse line Pyzor,Raxor-config and DCC Message-ID: I don't have a v310.pre file. The only thing I have under /etc/mail/spamassassin/init.pre I am using SA 3.1 that came bundled with Mailscanner port and InstallClamSA for Free BSD. How do I load the plugins for these? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> mkettler@EVI-INC.COM 11/14/2005 4:35:22 PM >>> Marc Dufresne wrote: > On FreeBSD v5.4, the following utilities(executeables) pyzor,dcc are > located under > > /usr/local/bin > > razor-agent.conf is located under /root/.razor > > I have verified that the spam.assassin.prefs.conf file points to either > > > pyzor_path /usr/local/bin > dcc_path /usr/local/bin > razor_config /root/.razor > > I keep getting these warnings when runnng > > spamassassin -D -p /usr/local/etc/MailScanner/spam.assassin.prefs.cong > --lint > > [8258] warn: config: failed to parse line, skipping: pyzor_path > /usr/local/bin > [8258] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin > [8258] warn: config: failed to parse line, skipping: razor_config > /root/.razor/razor-agent.conf > > > Any ideas??? > Are you using SA 3.1.0? If so you need to load the plugins for those features to use them. See /etc/mail/spamassassin/v310.pre ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From Marc.Dufresne at PARKS.ON.CA Tue Nov 15 14:24:16 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:12 2006 Subject: Failed to Parse line Pyzor,Raxor-config and DCC Message-ID: I have the plugins loaded now. The statments were not in /etc/mail/spamassassin/init.pre I've reduced my errors(warnings) by 8. Now I need to get rid of these. Do you know how?? I can't find any documentation. [11912] warn: config: warning: score set for non-existent rule FUZZY_GUARANTEE [11912] warn: config: warning: score set for non-existent rule FUZZY_BILLION [11912] warn: config: warning: score set for non-existent rule RCVD_IN_RSL [11912] warn: config: warning: score set for non-existent rule FUZZY_XPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_PRESCRIPT [11912] warn: config: warning: score set for non-existent rule FUZZY_SOFTWARE [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_TION [11912] warn: config: warning: score set for non-existent rule FUZZY_PHARMACY [11912] warn: config: warning: score set for non-existent rule FUZZY_TRAMADOL [11912] warn: config: warning: score set for non-existent rule FUZZY_OFFERS [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_MEDICATION [11912] warn: config: warning: score set for non-existent rule FUZZY_CREDIT [11912] warn: config: warning: score set for non-existent rule FUZZY_THOUSANDS [11912] warn: config: warning: score set for non-existent rule FUZZY_CPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_OBLIGATION [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS [11912] warn: config: warning: score set for non-existent rule FUZZY_MONEY [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS [11912] warn: config: warning: score set for non-existent rule FUZZY_CELEBREX [11912] warn: config: warning: score set for non-existent rule FUZZY_FOLLOW [11912] warn: config: warning: score set for non-existent rule FUZZY_PLEASE [11912] warn: config: warning: score set for non-existent rule FUZZY_VICODIN [11912] warn: config: warning: score set for non-existent rule FUZZY_ERECT [11912] warn: config: warning: score set for non-existent rule FUZZY_VLIUM [11912] warn: config: warning: score set for non-existent rule FUZZY_MILLION [11912] warn: config: warning: score set for non-existent rule FUZZY_AFFORDABLE [11912] warn: config: warning: score set for non-existent rule FUZZY_REMOVE [11912] warn: config: warning: score set for non-existent rule FUZZY_ROLEX [11912] warn: config: warning: score set for non-existent rule FUZZY_AMBIEN [11912] warn: config: warning: score set for non-existent rule FUZZY_MORTGAGE [11912] warn: config: warning: score set for non-existent rule FUZZY_PRICES [11912] warn: config: warning: score set for non-existent rule FUZZY_REFINANCE [11912] warn: config: warning: score set for non-existent rule FUZZY_VIOXX [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP [11912] warn: config: warning: score set for non-existent rule FUZZY_VPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_PHENT [11912] warn: config: warning: score set for non-existent rule FUZZY_MILF Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> Marc.Dufresne@PARKS.ON.CA 11/15/2005 8:17:41 AM >>> I don't have a v310.pre file. The only thing I have under /etc/mail/spamassassin/init.pre I am using SA 3.1 that came bundled with Mailscanner port and InstallClamSA for Free BSD. How do I load the plugins for these? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> mkettler@EVI-INC.COM 11/14/2005 4:35:22 PM >>> Marc Dufresne wrote: > On FreeBSD v5.4, the following utilities(executeables) pyzor,dcc are > located under > > /usr/local/bin > > razor-agent.conf is located under /root/.razor > > I have verified that the spam.assassin.prefs.conf file points to either > > > pyzor_path /usr/local/bin > dcc_path /usr/local/bin > razor_config /root/.razor > > I keep getting these warnings when runnng > > spamassassin -D -p /usr/local/etc/MailScanner/spam.assassin.prefs.cong > --lint > > [8258] warn: config: failed to parse line, skipping: pyzor_path > /usr/local/bin > [8258] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin > [8258] warn: config: failed to parse line, skipping: razor_config > /root/.razor/razor-agent.conf > > > Any ideas??? > Are you using SA 3.1.0? If so you need to load the plugins for those features to use them. See /etc/mail/spamassassin/v310.pre ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From KLekas at FOXRIVER.COM Tue Nov 15 14:29:01 2005 From: KLekas at FOXRIVER.COM (Kosta Lekas) Date: Thu Jan 12 21:31:12 2006 Subject: Greylisting with MailScanner, Sendmail, Spamassassin Message-ID: Hi, I'm using the latest version of MailScanner with Sendmail and Spamassassin (and pyzor and razor). I've just recently enabled DCC to support greylisting, but I can't see whether it's actually working or not and am not sure how to test it. Under MailScanner, sendmail is run in background queueing mode, and the greylisting works (I think) by modifying sendmail to query DCC and if found to be "grey", rejects the message. But MailScanner is the one that listens on port 25, I believe it then forwards the message to the virus scanner first? then SA? which uses DCC, razor and pyzor to determine whether the message is spam? But the way greylisting is supposed to work is at the mailer level (no content scanning), so I'm wondering how we're supposed to get this running with MailScanner like this? I appreciate any feedback. Michael. One way to find out if DCC is working is by greping your maillog for DCC_CHECK. Kosta Lekas Fox River Financial Resources 630.482.7142 - office 630.885.9355 - mobile 630.232.6074 - fax -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael Mansour Sent: Tuesday, November 15, 2005 12:10 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Greylisting with MailScanner, Sendmail, Spamassassin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gborders at jlewiscooper.com Tue Nov 15 14:09:26 2005 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Jan 12 21:31:12 2006 Subject: Large file attachment filtering Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greetings! I'm looking into a method to strip off very large mime attachments on outbound email, and store it locally on a HTTP / FTP server, and send a link out to it in the email. The recipient can then download the file via the web, and not clog the SMTP stream. I've seen this done on some milter programs, but nothing yet for MailScanner. Has anyone done any development work on this? A quick check of the archives didn't yield much. I think we could develop something off of the Maximum Attachment Size, with a rule set, and perhaps an external perl or shell script to handle the mime storage, and link replacement. Thoughts? -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 15 14:21:13 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:12 2006 Subject: Greylisting with MailScanner, Sendmail, Spamassassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Mansour wrote: > Hi, > > I'm using the latest version of MailScanner with > Sendmail and Spamassassin (and pyzor and razor). > > I've just recently enabled DCC to support greylisting, > but I can't see whether it's actually working or not > and am not sure how to test it. > > Under MailScanner, sendmail is run in background > queueing mode, and the greylisting works (I think) by > modifying sendmail to query DCC and if found to be > "grey", rejects the message. > > But MailScanner is the one that listens on port 25, I > believe it then forwards the message to the virus > scanner first? then SA? which uses DCC, razor and > pyzor to determine whether the message is spam? > No, MailScanner doesn't listen on port 25. Sendmail does. To do some kind of greylisting with DCC, you must configure the dccm (milter) component of DCC > But the way greylisting is supposed to work is at the > mailer level (no content scanning), so I'm wondering > how we're supposed to get this running with > MailScanner like this? > > I appreciate any feedback. > > Michael. > > > > ____________________________________________________ > Do you Yahoo!? > Take your Mail with you - get Yahoo! Mail on your mobile > http://au.mobile.yahoo.com/mweb/index.html > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Nov 15 15:41:02 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:12 2006 Subject: Quarantine report Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Guys, I have noticed over the last few days since installing my new MS box that I have an error with quarantine reporting. Is there any documentation that I have not found that helps me to configure this? Or is it in the new book? ( I have an old one). The reports are not being generated at the moment, and I would like to implement this. I am not sure if it is a MS config or a Mailwatch one. Point me in the right direction please. Lance BTW. Latest MS SA and others on SUSE 9.3 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailing_lists+mailscanner at caleotech.com Tue Nov 15 15:44:27 2005 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jan 12 21:31:12 2006 Subject: Message in maillog Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I got below message (and a lot more of the same) in my maillog when sending a tar.gz file. My mailscanner version is 4.45.4 and ClamAV 0.87 (Yes I know these versions are a bit old and I will update as soon as possible) Is it the ClamAV guys that I should be contacting ? Jens Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: unrecognised line "rrdtool-1.0.46/contrib/rrdlastds/README". Please contact the authors! Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/rrdlastds/rrdlastds.pl.in Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: unrecognised line "rrdtool-1.0.46/contrib/rrdlastds/rrdlastds.pl.in". Please contact the authors! Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/README Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: unrecognised line "rrdtool-1.0.46/contrib/README". Please contact the authors! Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/Makefile.in Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: unrecognised line "rrdtool-1.0.46/contrib/Makefile.in". Please contact the authors! Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/Makefile.am Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: unrecognised line "rrdtool-1.0.46/contrib/Makefile.am". Please contact the authors! Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/rrdview/CVS/Repository ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yan at NEVERNEVERLAND.F9.CO.UK Tue Nov 15 15:38:18 2005 From: yan at NEVERNEVERLAND.F9.CO.UK (YAN) Date: Thu Jan 12 21:31:12 2006 Subject: Problem with HTML messages and MailScanner 4.47.4 - SOLVED Message-ID: My problem with html messages did indeed turn out to be a Perl module issue. I removed all Perl modules and reinstalled MS using the install script which replaced all the modules. Thanks for the input and suggestions Regards Yan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of YAN Sent: 14 November 2005 20:13 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem with HTML messages and MailScanner 4.47.4 I could reinstall it from scratch as it does nothing else but run MailScanner. The problem with a reinstall is that the server is in a remote datacentre and im not planning a visit there for at least a week or so. If I need to flatten the box and reinstall then I will do that, but ill try removing and reinstalling the Perl modules first. Any ideas as to which module could be the likely culprit or are there multiple possibilities? Regards Yan -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field Sent: 14 November 2005 19:26 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Problem with HTML messages and MailScanner 4.47.4 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Sounds like have corrupted one or more of the Perl modules required by it. You will need to uninstall the Perl modules so that install.sh can reinstall them. How much else does this box do? Could you just reinstall it from scratch? YAN wrote: >I have been using MailScanner 4.43.8 for a while without any problems and >decided to upgrade to 4.47.4. > >The first upgrade attempt was not done using the install.sh script, instead >I just extracted the MailScanner-4.47.4-2.tar.gz from the perl directory of >the MailScanner-install-4.47.4-2.tar.gz and edited the conf files for my >system. I changed the MailScanner symlink in /opt to reflect the new version >and the problem started. > >If the format of mail entering my MailScanner box is text or rich text then >it is processed and delivered correctly. If the format is html then I get >the following in my /var/log/maillog > >Nov 12 16:11:12 beckham MailScanner[5232]: MailScanner E-Mail Virus Scanner >version 4.47.4 starting... >Nov 12 16:11:12 beckham MailScanner[5083]: New Batch: Scanning 1 messages, >1459 bytes >Nov 12 16:11:12 beckham MailScanner[5232]: Read 680 hostnames from the >phishing whitelist >Nov 12 16:11:12 beckham MailScanner[5232]: Config: calling custom init >function SQLBlacklist >Nov 12 16:11:12 beckham MailScanner[5232]: Starting up SQL Blacklist >Nov 12 16:11:13 beckham MailScanner[5232]: Read 2986 blacklist entries >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init >function MailWatchLogging >Nov 12 16:11:13 beckham MailScanner[5232]: Started SQL Logging child >Nov 12 16:11:13 beckham MailScanner[5232]: Config: calling custom init >function SQLWhitelist >Nov 12 16:11:13 beckham MailScanner[5232]: Starting up SQL Whitelist >Nov 12 16:11:13 beckham MailScanner[5232]: Read 13 whitelist entries >Nov 12 16:11:13 beckham MailScanner[5232]: Using locktype = flock > >This is repeated continually but the html message(s) never actually get >processed or delivered. I have MailScanner set to have 5 processes but when >html messages are encountered, the running processes seem to spawn new >MailScanner processes. Some of these processes seem to die and leave the >following in /var/log/messages > >Nov 13 18:05:53 beckham root: Process did not exit cleanly, returned 255 >with signal 0 >Nov 13 18:11:38 beckham root: Process did not exit cleanly, returned 9 with >signal 0 > >This will continue until I manually move the 'stuck' html emails from >/var/spool/mqueue.in at which point the logging stops and the MailScanner >processes return to normal (until a new html message is received). > >Since the initial install I have ran the install.sh script to ensure that no >perl dependencies are missing, which completes without error but I still >cant process html emails. At this point the problem gets even weirder.... > >This particular MailScanner box is a semi-production box so until a fix >could be found I tried to revert back to the last known working install of >MailScanner, namely 4.43.8. This version has now also developed the dislike >of html emails. Other than the attempted upgrade of MailScanner, nothing >else has been changed on the box. It only acts as a MailScanner and nobody >else has access to it to be able to change/install anything without my >knowledge. > >As I was now having the same problem with both versions I decided to persist >with the newer version (4.47.4). Debug shows the same log entries shown >above and doesn't show any further information. I can force MailScanner >4.47.4 to process html emails by using Scan Messages = no (obviously this >doesn't do any scanning) but the html emails are then processed and >delivered. > >I cant seem to find what is causing this issue and hope that someone may >have seen this before or be able to point me in the right direction to fix >it. > >Details of the box are: > >FreeBSD 4.10-RELEASE >Perl v5.8.2 >Sendmail v 8.12.11 > >Any help/ideas will be greatly appreciated and further information will be >supplied if needed. > >Regards > >Yan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kevind at GO2.IE Tue Nov 15 16:25:00 2005 From: kevind at GO2.IE (Kevin Dermody) Date: Thu Jan 12 21:31:12 2006 Subject: Large file attachment filtering Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Ive done something like this, it isnt too hard at all. Basicly I have a modified Quarantine.pm which does something along the lines of: if($report eq "MailScanner: Attachment is too large\n") { copy("$indir/$attachment", "$userpath/$attachment"); push @chownlist, "$userpath/$attachment"; } $userpath is determined from a database entry which is retrieved by using details in the mail. For security each $userpath is seperate and is located outside the webtree along side the Maildir folder. It is accessible only via an authenticated webmail login. That way even if people got a copy of the url only the account holder can access the file. This also took some hacking of the squirrelmail code. Kevin Dermody Go2web Ltd Greg Borders wrote: > Greetings! > I'm looking into a method to strip off very large mime attachments on > outbound email, and store it locally on a HTTP / FTP server, and send a > link out to it in the email. The recipient can then download the file > via the web, and not clog the SMTP stream. > > I've seen this done on some milter programs, but nothing yet for > MailScanner. Has anyone done any development work on this? A quick > check of the archives didn't yield much. > > I think we could develop something off of the Maximum Attachment Size, > with a rule set, and perhaps an external perl or shell script to handle > the mime storage, and link replacement. > > Thoughts? > > > -- > This transmission may contain information that is privileged, confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. Thank you. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 15 16:47:48 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: SA 3.10 question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dj Ajos1 wrote: > ... > > SA 3.10 question > > Without post the rather huge debug printout... does anyone have a quick idea what might be wrong here. > > > spamassassin -d --lint > ====================== > > [23476] warn: config: failed to parse line, skipping: auto_learn 1 > [23476] warn: lint: 1 issues detected, please rerun with debug enabled for more information > auto_learn was replaced by bayes_auto_learn is spamassassin 2.60 and higher. I'd STRONGLY suggest running spamassassin --lint *WITHOUT* the -D first. This way the messages you need to see don't get cluttered in with a ton of debug output. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 15 18:19:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:12 2006 Subject: Quarantine report Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The quarantining docs haven't changed as far as I remember. MailScanner just puts reports into the maillog, everything else is MailWatch. Lance Haig wrote: > Hi Guys, > > I have noticed over the last few days since installing my new MS box > that I have an error with quarantine reporting. > > Is there any documentation that I have not found that helps me to > configure this? Or is it in the new book? ( I have an old one). > > The reports are not being generated at the moment, and I would like to > implement this. > > I am not sure if it is a MS config or a Mailwatch one. > > Point me in the right direction please. > > Lance > > BTW. > > Latest MS SA and others on SUSE 9.3 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3omrhH2WUcUFbZUEQKkFQCghgJqdrPQmC5zIvU+QVqKBOLiF58An01A 5FDqAH/V+CY7tOsYB8xYmbND =lIK9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 15 18:23:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:12 2006 Subject: Message in maillog Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, don't contact the ClamAV guys. It is harmless output being generated by ClamAV. It is difficult for me to know what flag as extra log output, and what to just ignore. At the moment, I flag everything, I might change that to ignore everything, on the assumption that future problems will be noticed some other way as well. Shout quickly if you think that is the wrong thing to do! Jens Ahlin wrote: >Hi, > >I got below message (and a lot more of the same) in my maillog when >sending a tar.gz file. > >My mailscanner version is 4.45.4 and ClamAV 0.87 (Yes I know these >versions are a bit old and I will update as soon as possible) > >Is it the ClamAV guys that I should be contacting ? > > Jens > >Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: >unrecognised line "rrdtool-1.0.46/contrib/rrdlastds/README". Please >contact the authors! >Nov 15 16:35:18 tiger MailScanner[23942]: >rrdtool-1.0.46/contrib/rrdlastds/rrdlastds.pl.in >Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: >unrecognised line "rrdtool-1.0.46/contrib/rrdlastds/rrdlastds.pl.in". >Please contact the authors! >Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/README >Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: >unrecognised line "rrdtool-1.0.46/contrib/README". Please contact the >authors! >Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/Makefile.in >Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: >unrecognised line "rrdtool-1.0.46/contrib/Makefile.in". Please contact the >authors! >Nov 15 16:35:18 tiger MailScanner[23942]: rrdtool-1.0.46/contrib/Makefile.am >Nov 15 16:35:18 tiger MailScanner[23942]: ProcessClamAVOutput: >unrecognised line "rrdtool-1.0.46/contrib/Makefile.am". Please contact the >authors! >Nov 15 16:35:18 tiger MailScanner[23942]: >rrdtool-1.0.46/contrib/rrdview/CVS/Repository > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3ontBH2WUcUFbZUEQKgbQCeKOxzxZOel7mHikgq/3fKR0Jvg54AoOBS m4bvtG7jxEaCZV0bGhE1Vgc/ =jlBA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 15 19:10:18 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: Failed to Parse line Pyzor,Raxor-config and DCC Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > I don't have a v310.pre file. The only thing I have under > /etc/mail/spamassassin/init.pre > > I am using SA 3.1 that came bundled with Mailscanner port and > InstallClamSA for Free BSD. > > How do I load the plugins for these? > Check /etc/spamassassin instead... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 15 20:34:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: Failed to Parse line Pyzor,Raxor-config and DCC Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > I have the plugins loaded now. The statments were not in > /etc/mail/spamassassin/init.pre > > I've reduced my errors(warnings) by 8. Now I need to get rid of these. > Do you know how?? I can't find any documentation. > > [11912] warn: config: warning: score set for non-existent rule > FUZZY_GUARANTEE All of the "FUZZY_*" rules need the ReplaceTags plugin. Add this to your v310.pre loadplugin Mail::SpamAssassin::Plugin::ReplaceTags While you're at it you might want to check both your v310.pre and init.pre. Here's the plugins I make use of. You might want different sets depending on your network and bayes config, but I'd definitely recommend URIDNSBL and SPF if you're using network tests already. RelayCountry requires an additional perl module, and might not be as useful to you as it is to me. init.pre: loadplugin Mail::SpamAssassin::Plugin::RelayCountry loadplugin Mail::SpamAssassin::Plugin::URIDNSBL loadplugin Mail::SpamAssassin::Plugin::Hashcash loadplugin Mail::SpamAssassin::Plugin::SPF v310.pre: loadplugin Mail::SpamAssassin::Plugin::DCC loadplugin Mail::SpamAssassin::Plugin::Pyzor loadplugin Mail::SpamAssassin::Plugin::Razor2 loadplugin Mail::SpamAssassin::Plugin::SpamCop #loadplugin Mail::SpamAssassin::Plugin::AntiVirus #loadplugin Mail::SpamAssassin::Plugin::AWL loadplugin Mail::SpamAssassin::Plugin::AutoLearnThreshold #loadplugin Mail::SpamAssassin::Plugin::TextCat #loadplugin Mail::SpamAssassin::Plugin::AccessDB loadplugin Mail::SpamAssassin::Plugin::WhiteListSubject #loadplugin Mail::SpamAssassin::Plugin::DomainKeys loadplugin Mail::SpamAssassin::Plugin::MIMEHeader loadplugin Mail::SpamAssassin::Plugin::ReplaceTags > [11912] warn: config: warning: score set for non-existent rule > RCVD_IN_RSL Just remove your score statement for RCVD_IN_RSL. It's probably in spam.assassin.prefs.conf and is set to 0. Older versions of SA (3.0.0-3.0.4) needed this when RSL went down, but 3.1.0 has removed the rule entirely. (In general mailscanner tried to help by pushing this out in the default spam.assassin.prefs.conf. This helps people unaware of the problem in 3.0.x, but causes warnings for 3.1.0 users) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 15 21:38:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: {SPAM} Re: *****SPAM***** Re: Watch & Viagra Spam getting through.... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael Mansour wrote: > So how do I add these rules into MailScanner? 1) Save the respective .cf file to your /etc/mail/spamassassin/ directory. 2) run "spamassassin --lint" to make sure SA is happy with the file and it isn't corrupted. It should just run for several seconds and exit without printing anything. 3) if you use a RPM distribution, or other distro with the "service" command, run "service MailScanner reload". Otherwise, restart mailscanner however you normally restart it. (no need to restart the sendmail processes, as "service MailScanner restart" does). The same process goes for just about any add-on ruleset (rulesemporium.com, etc). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 15 21:44:02 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:12 2006 Subject: Child Process vs batch size Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pete Russell wrote: > You can test this when your destination MTA is down and 2 or 3k message > bank up- not sure how you can test this in real time without causing > lots of delays for end users? Well, I could always use the 'startin' options to the init script, so that the mta accepts connections; then start MailScanner after having a couple of dozens of messages in queue. But it may cause delays... > > It doesnt reach more than 10 because MS looks every 5sec and processes > what mail it finds providing its less than 30 messages, I assume max per > batch is set to 30. In 5 sec your mail server doesnt accumulate more > than 10 messages. > Yes, I know it is not a problem. I'm just wondering whether I could get more efficiency if I lowered my child process. I know it seems stupid to try to get better efficiency from a system that is not too busy. However, my is reasoning is that if process 1 picks up 5 messages and process 2 picks up only 1 message, process 1 might have to wait while SpamAssassin and virus engines are also loaded in memory by process 2. Here is where I am, I don't know enough of internals to figure out myself. So the question is, theoretically, will 100 messages will be processed more quickly by, say, 4 child processes (batches of 30, 30, 30, 10+ messages that came in in the meantime) than 10 child process (30, 30, 30, 10, + 6 processes that are processing 1-2 messages each. > Performance when you get hammered wont change all that much (in my > limeted experience) in low volume environments, like mine. Well, I think it might change if the total messages that is in the incoming queue at one moment is larger than the total messages that can be handled by all the MailScanner processes (30 X # of child processes) > > > Ugo Bellavance wrote: >> Hi, >> >> I know that MailScanner gets its efficiency by processing messages >> in batches (hence loading SA and AV engines only once per batch. I >> was looking at the average size of my batches, and it rarely goes over >> 10, which is far from the standard max size of 30. Would I get more >> efficiency by lowering my # of child process? Would I have the same >> performance if I get struck by a spam storm? >> >> Open to opinions... >> >> Regards, > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Tue Nov 15 22:59:12 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:12 2006 Subject: Quarantine report Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] AHH thanks Julian, Lance Julian Field wrote: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The quarantining docs haven't changed as far as I remember. MailScanner just puts reports into the maillog, everything else is MailWatch. Lance Haig wrote: Hi Guys, I have noticed over the last few days since installing my new MS box that I have an error with quarantine reporting. Is there any documentation that I have not found that helps me to configure this? Or is it in the new book? ( I have an old one). The reports are not being generated at the moment, and I would like to implement this. I am not sure if it is a MS config or a Mailwatch one. Point me in the right direction please. Lance BTW. Latest MS SA and others on SUSE 9.3 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3omrhH2WUcUFbZUEQKkFQCghgJqdrPQmC5zIvU+QVqKBOLiF58An01A 5FDqAH/V+CY7tOsYB8xYmbND =lIK9 -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at yahoo.com Wed Nov 16 04:58:57 2005 From: micoots at yahoo.com (Michael Mansour) Date: Thu Jan 12 21:31:12 2006 Subject: {SPAM} Re: *****SPAM***** Re: Watch & Viagra Spam getting through.... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Matt, > Michael Mansour wrote: > > So how do I add these rules into MailScanner? > > > 1) Save the respective .cf file to your > /etc/mail/spamassassin/ directory. > > 2) run "spamassassin --lint" to make sure SA is > happy with the file and it isn't > corrupted. It should just run for several seconds > and exit without printing > anything. > > 3) if you use a RPM distribution, or other distro > with the "service" command, > run "service MailScanner reload". > > Otherwise, restart mailscanner however you normally > restart it. (no need to > restart the sendmail processes, as "service > MailScanner restart" does). > > The same process goes for just about any add-on > ruleset (rulesemporium.com, etc). Many thanks for this, it works perfectly. I'll go to rulesemporium.com also to check out what they have available. Michael. ____________________________________________________ Do you Yahoo!? Yahoo! Photos: Now with unlimited storage http://au.photos.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From David.While at UCE.AC.UK Wed Nov 16 11:00:06 2005 From: David.While at UCE.AC.UK (David While) Date: Thu Jan 12 21:31:12 2006 Subject: Detecting grids of drug names Message-ID: I put both these rulesets into my setup and so far I have only seen hits on Matt's. -------------------------------------------- David While BSc CEng MBCS CITP Department of Computing University of Central England Tel: 0121 331 6211 -------------------------------------------- -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: 14 November 2005 21:06 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Detecting grids of drug names Julian Field wrote: > I have produced a rule which detects grids of letters. They are using a > table trick to rotate the words by 90 degrees so the letters of the > first column all come first, followed by all the letters of the second > column and so on. This stops you detecting words with HTML junk in > between the letters. > > But I can now detect these grids: > > rawbody JKF_DRUG_GRID1 /(\>([[:alpha:]]\s){4}[[:alpha:]].*){4}\>/i > describe JKF_DRUG_GRID1 Grid of letters rotated to produce drug names > score JKF_DRUG_GRID1 4.5 > > This detects grids of at least 4x4 characters, which is small enough to > detect drug names. > The first "4" sets the minimum number of rows in the grid, the second > "4" sets the minimum number of columns. > > Quite succinct once you work out what you are looking for :-) > All improvements and comments are most welcome. > Julian, I had a similar to a concept on Friday.. Mine work a bit differently, these look for a specific drug name in the post-htm-stripped text. Thus far it works quite well, but I've got the scores low as I'm testing them still. See attached. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-user at NELAND.DK Wed Nov 16 11:43:32 2005 From: mailscanner-user at NELAND.DK (Leif Neland) Date: Thu Jan 12 21:31:12 2006 Subject: Reformatting multipart/signed Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Especially on mailinglists I recive some messages signed with pgp. This is somewhat annoying when I read in Outlook express, because I only see the footer addded by the mailing list, attatched two files: a .txt containing the message and another file with the signature. Can MailScanner or another plugin reformat these messages, The message has the type: Content-Type: multipart/signed; micalg=pgp-sha1; Inside is two parts: Content-Type: text/plain Content-Transfer-Encoding: quoted-printable and Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part Leif ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Wed Nov 16 12:39:00 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:31:12 2006 Subject: Memory use Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] After one or two hours of running my red hat linux 9 machine the Ram memory is fully ocupied, by programs and disk cache. Then the system starts swaping and MailScanner reduces performance drastically. Our systen has: Mailscanner 4.45.4 Sendmail 8.12.8 Clamav 0.84 Spamassassin Here is the capture for 'free' command total used free shared buffers cached Mem: 2840672 2812672 28000 0 126556 2449792 -/+ buffers/cache: 236324 2604348 Swap: 1044184 77396 966788 Any idea? Thank you very much Jose ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 16 12:43:15 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:12 2006 Subject: Memory use Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How much ram? What does "vmstat 5" show when it's swapping. Have to reduced the number of Child processes in MailScanner.conf? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of José Angel Blanco González > Sent: 16 November 2005 12:39 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Memory use > > After one or two hours of running my red hat linux 9 machine the Ram > memory > is fully ocupied, by programs and disk cache. > Then the system starts swaping and MailScanner reduces performance > drastically. > > Our systen has: > Mailscanner 4.45.4 > Sendmail 8.12.8 > Clamav 0.84 > Spamassassin > > Here is the capture for 'free' command > total used free shared > buffers cached > Mem: 2840672 2812672 28000 0 126556 > 2449792 > -/+ buffers/cache: 236324 2604348 > Swap: 1044184 77396 966788 > > Any idea? > Thank you very much > > Jose > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 16 13:21:15 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:12 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 16/11/05, Martin Hepworth wrote: > How much ram? What does "vmstat 5" show when it's swapping. > > Have to reduced the number of Child processes in MailScanner.conf? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of José Angel Blanco González > > Sent: 16 November 2005 12:39 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: [MAILSCANNER] Memory use > > > > After one or two hours of running my red hat linux 9 machine the Ram > > memory > > is fully ocupied, by programs and disk cache. > > Then the system starts swaping and MailScanner reduces performance > > drastically. > > > > Our systen has: > > Mailscanner 4.45.4 > > Sendmail 8.12.8 > > Clamav 0.84 > > Spamassassin > > > > Here is the capture for 'free' command > > total used free shared > > buffers cached > > Mem: 2840672 2812672 28000 0 126556 > > 2449792 > > -/+ buffers/cache: 236324 2604348 > > Swap: 1044184 77396 966788 > > > > Any idea? > > Thank you very much > > > > Jose > > Also, take a quick look at what processes are the top memory consumers... Simple tools like "top" (sorted by memory consumers) might impart a clue here. It might not be MailScanner leaking the memory at all... One fun thing I saw back when RH9 wasn't desupported (oh so far back;-), was that gnome-terminal leaked like a veritable sieve... Especially ascerbated by me running top in one of 'em, with a continually (erroneously) growing scroll-back buffer, IIRC (Simple fix is to not use that terminal, of course:-). Also, you should at least update that frighteningly old clamav as soon as humanely possible. Do you even receive signature updates to it any more? Look at "tail /tmp/ClamAV.update.log" .... Martin, AFAICS that'd be 2.7 GiB RAM (from the free output) which probably means 3 GiB - "share memory graphics", or something similar. So the tight situation would imply a very many MS clients, or a "trusty" ol' leak (or several), wouldn't you agree? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 16 13:34:15 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:12 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 16/11/05, Glenn Steen wrote: > On 16/11/05, Martin Hepworth wrote: (snip) > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of José Angel Blanco González > > > Sent: 16 November 2005 12:39 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: [MAILSCANNER] Memory use > > > (snip) > > > total used free shared > > > buffers cached > > > Mem: 2840672 2812672 28000 0 126556 > > > 2449792 > > > -/+ buffers/cache: 236324 2604348 > > > Swap: 1044184 77396 966788 (snip) > Martin, AFAICS that'd be 2.7 GiB RAM (from the free output) which > probably means 3 GiB - "share memory graphics", or something similar. > So the tight situation would imply a very many MS clients, or a > "trusty" ol' leak (or several), wouldn't you agree? Argh! Think, then type.... As is perfectly obvious from the numbers, the RAM situation is normal on this one... More or less all the memory in "buffers" and "cache" will be returned when needed, so the swaping is not really due to a tight situation at all (more probable is page age). ISTR that the stock kernel of RH9 was a tad stupid when it came to swap priorities etc, so that might give an ... illusion... of a tight RAM. But the numbers above don't really show that. Martins suggested vmstat will probably show that no (or next to no) swaping is happening. If I were you, I'd seriously think on moving to a more ... modern ... distro/kernel. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed Nov 16 13:43:15 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:12 2006 Subject: Memory use Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What Kernel are you running? as 2.4.20 has a bug in it, buffers for cache are NOT released... change kernel versions if you do.... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Glenn Steen" To: Sent: Wednesday, November 16, 2005 8:34 AM Subject: Re: Memory use On 16/11/05, Glenn Steen wrote: > On 16/11/05, Martin Hepworth wrote: (snip) > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of José Angel Blanco González > > > Sent: 16 November 2005 12:39 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: [MAILSCANNER] Memory use > > > (snip) > > > total used free > > > shared > > > buffers cached > > > Mem: 2840672 2812672 28000 0 > > > 126556 > > > 2449792 > > > -/+ buffers/cache: 236324 2604348 > > > Swap: 1044184 77396 966788 (snip) > Martin, AFAICS that'd be 2.7 GiB RAM (from the free output) which > probably means 3 GiB - "share memory graphics", or something similar. > So the tight situation would imply a very many MS clients, or a > "trusty" ol' leak (or several), wouldn't you agree? Argh! Think, then type.... As is perfectly obvious from the numbers, the RAM situation is normal on this one... More or less all the memory in "buffers" and "cache" will be returned when needed, so the swaping is not really due to a tight situation at all (more probable is page age). ISTR that the stock kernel of RH9 was a tad stupid when it came to swap priorities etc, so that might give an ... illusion... of a tight RAM. But the numbers above don't really show that. Martins suggested vmstat will probably show that no (or next to no) swaping is happening. If I were you, I'd seriously think on moving to a more ... modern ... distro/kernel. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Nov 16 13:53:32 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:12 2006 Subject: Detecting grids of drug names Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David While wrote: >I put both these rulesets into my setup and so far I have only seen hits >on Matt's. > > From yesterday's log: JKF_DRUG_GRID1 14 L_DRUGS1 302 L_DRUGS11 303 L_DRUGS12 2005 All spam detected by JKF_DRUG_GRID1 already had a big enough score to get flagged as spam. 40 spam detected by L_DRUGS1 would not have been flagged as spam without L_DRUGS1. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Wed Nov 16 15:12:15 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:31:12 2006 Subject: Memory use Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In vmstat, si is always 0, so it is not using swap I suppose. The computer is a mail server with 500 mail accounts, maybe ipopd or imapd the bug?? ----- Original Message ----- From: "Rob" To: Sent: Wednesday, November 16, 2005 2:43 PM Subject: Re: Memory use > What Kernel are you running? as 2.4.20 has a bug in it, buffers for cache > are NOT released... change kernel versions if you do.... > > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Glenn Steen" > To: > Sent: Wednesday, November 16, 2005 8:34 AM > Subject: Re: Memory use > > > On 16/11/05, Glenn Steen wrote: >> On 16/11/05, Martin Hepworth wrote: > (snip) >> > > -----Original Message----- >> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> > > Behalf Of José Angel Blanco González >> > > Sent: 16 November 2005 12:39 >> > > To: MAILSCANNER@JISCMAIL.AC.UK >> > > Subject: [MAILSCANNER] Memory use >> > > > (snip) >> > > total used free shared >> > > buffers cached >> > > Mem: 2840672 2812672 28000 0 126556 >> > > 2449792 >> > > -/+ buffers/cache: 236324 2604348 >> > > Swap: 1044184 77396 966788 > (snip) >> Martin, AFAICS that'd be 2.7 GiB RAM (from the free output) which >> probably means 3 GiB - "share memory graphics", or something similar. >> So the tight situation would imply a very many MS clients, or a >> "trusty" ol' leak (or several), wouldn't you agree? > Argh! Think, then type.... > As is perfectly obvious from the numbers, the RAM situation is normal > on this one... More or less all the memory in "buffers" and "cache" > will be returned when needed, so the swaping is not really due to a > tight situation at all (more probable is page age). ISTR that the > stock kernel of RH9 was a tad stupid when it came to swap priorities > etc, so that might give an ... illusion... of a tight RAM. But the > numbers above don't really show that. > Martins suggested vmstat will probably show that no (or next to no) > swaping is happening. > > If I were you, I'd seriously think on moving to a more ... modern ... > distro/kernel. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 16 16:20:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:12 2006 Subject: Detecting grids of drug names Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 16 Nov 2005, at 13:53, Denis Beauchemin wrote: > David While wrote: > >> I put both these rulesets into my setup and so far I have only >> seen hits >> on Matt's. >> > From yesterday's log: > JKF_DRUG_GRID1 14 > L_DRUGS1 302 > L_DRUGS11 303 > L_DRUGS12 2005 > > All spam detected by JKF_DRUG_GRID1 already had a big enough score > to get flagged as spam. 40 spam detected by L_DRUGS1 would not > have been flagged as spam without L_DRUGS1. In which case can someone post me a copy of Matt's rules. I have seen a few hits on my grid rule, but not many. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3tcV/w32o+k+q+hAQEZEgf9H2aGowQySnFECPFjTGXLlcZndj3lLuGD VkW0ajeRhjCGjbw3gE+6Ur6/goYMsIVOxse2sOwwF4M7b8UNx2Am+K5P6RUlp77E 2JPon2YZVBsFtrB5nustZKPJGZV5qn2NcIngiSurGGhkUcszFxXfnQOJ77kobwuR UOt5hRJxE43dY8D7VkeiPR+qA128I7HmV3d4Mwj0zCdIFJkvROKOPB9JelrgKwWU TFUAk1RZa/bNbKyhugd2V7In/raCasCqLfGS9eYn5CAUrSbnb3unP9Ji5dhAw9CR RhRkJ5z79gNB+7K/mP+pz+b3EySRpyQET0QpbELiIvUArkEzEpYS3g== =y3Uz -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 16 16:30:38 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: Detecting grids of drug names Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > In which case can someone post me a copy of Matt's rules. I have seen > a few hits on my grid rule, but not many. I already did on 11/14/2005 Here's a re-post --------------------- Julian, I had a similar to a concept on Friday.. Mine work a bit differently, these look for a specific drug name in the post-htm-stripped text. Thus far it works quite well, but I've got the scores low as I'm testing them still. See attached. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] body L_COLUMN_VIAG /\bv(?:\s\w){4,6}\si(?:\s\w){4,6}\sa(?:\s\w){4,6}\sg(?:\s\w){4,6}\sr(?:\s\w){4,6}\sa\b/i describe L_COLUMN_VIAG looks like a column-obfuscated v-pill ad score L_COLUMN_VIAG 0.5 body L_COLUMN_XAN /\bX(?:\s\w){4,6}\sA(?:\s\w){4,6}\sN(?:\s\w){4,6}\sA(?:\s\w){4,6}\sX\b/i describe L_COLUMN_XAN looks like a column-obfuscated x-pill ad score L_COLUMN_XAN 0.5 body L_COLUMN_CIA /\bC(?:\s\w){4,6}\sI(?:\s\w){4,6}\sA(?:\s\w){4,6}\sL(?:\s\w){4,6}\sI(?:\s\w){4,6}\sS\b/i describe L_COLUMN_CIA looks like a column-obfuscated C-pill ad score L_COLUMN_CIA 0.5 body L_COLUMN_VAL /\bV(?:\s\w){4,6}\sA(?:\s\w){4,6}\sL(?:\s\w){4,6}\sI(?:\s\w){4,6}\sU(?:\s\w){4,6}\sM\b/i describe L_COLUMN_VAL looks like a column-obfuscated val-pill ad score L_COLUMN_VAL 0.5 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at pbco.ca Wed Nov 16 19:33:57 2005 From: jstork at pbco.ca (Johnny Stork) Date: Thu Jan 12 21:31:12 2006 Subject: GeoIP Support Stopped Working? Message-ID: I know this is not the mailwatcher list but I am not sure if this is mailwatcher or mailscanner issue. After upgrading to mailwatch 1.03, I am no longer able to click on a mail message in the web interface and see the countries? "GeoIP Lookup Failed" is all that shows?. I cant seem to locate anything in the Mailwatch book or FAQ's about the GeoIP support? Maybe it is only a mailwatcher setting? _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 16 19:48:14 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: GeoIP Support Stopped Working? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Johnny Stork wrote: > I know this is not the mailwatcher list but I am not sure if this is mailwatcher or mailscanner issue. After upgrading to mailwatch 1.03, I am no longer able to click on a mail message in the web interface and see the countries? "GeoIP Lookup Failed" is all that shows?. I cant seem to locate anything in the Mailwatch book or FAQ's about the GeoIP support? Maybe it is only a mailwatcher setting? Well, I don't know if it's a mailwatch issue or not, but it's certainly not a mailscanner issue. MailScanner has nothing to do with your web interface, or country lookups. However, you might find some info in this thread: http://forum.ev1servers.net/showthread.php?p=355291 In particular, someone in that thread mentioned they had geoip failures because they were missing /var/www/html/mailscanner/temp ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at YAHOO.COM Wed Nov 16 16:59:11 2005 From: hermit921 at YAHOO.COM (hermit921) Date: Thu Jan 12 21:31:12 2006 Subject: over zealous phishing warnings Message-ID: I receive a well respected email newsletter called Crypto-gram. It contains many links to the sender's web site for more detailed information. Below are some of the warnings I get. How literal are the phishing specifications? hermit921 MailScanner has detected a possible fraud attempt from " www.schneier.com" claiming to be < http://www.schneier.com> MailScanner has detected a possible fraud attempt from "www.counterpane.com" claiming to be MailScanner has detected a possible fraud attempt from "www.counterpane.com" claiming to be < http://www.counterpane.com> MailScanner has detected a possible fraud attempt from " www.schneier.com" claiming to be < http://www.schneier.com/crypto-gram.html> MailScanner has detected a possible fraud attempt from " www.schneier.com" claiming to be < http://www.schneier.com/blog>. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 16 22:51:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:12 2006 Subject: over zealous phishing warnings Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hermit921 wrote: > I receive a well respected email newsletter called Crypto-gram. It > contains many links to the sender's web site for more detailed > information. Below are some of the warnings I get. How literal are the > phishing specifications? How literal they are depends a bit on your version of MailScanner. There's been a lot of updates to the phishing net over the past year. Some of those warnings are quite outrageous. Certainly the warning about: "www.schneier.com" claiming to be is a problem. The phishing net should at minimum tolerate that. If you're on a current version, I'd consider it a bug. If not, I'd consider updating to see if it's been fixed. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 16 22:51:28 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:12 2006 Subject: GeoIP Support Stopped Working? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Johnny Stork wrote: >> I know this is not the mailwatcher list but I am not sure if this is mailwatcher or mailscanner issue. After upgrading to mailwatch 1.03, I am no longer able to click on a mail message in the web interface and see the countries? "GeoIP Lookup Failed" is all that shows?. I cant seem to locate anything in the Mailwatch book or FAQ's about the GeoIP support? Maybe it is only a mailwatcher setting? > > > Well, I don't know if it's a mailwatch issue or not, but it's certainly not a > mailscanner issue. MailScanner has nothing to do with your web interface, or > country lookups. > > However, you might find some info in this thread: > > http://forum.ev1servers.net/showthread.php?p=355291 > > In particular, someone in that thread mentioned they had geoip failures because > they were missing /var/www/html/mailscanner/temp > Please ask your question on the MailWatch list http://lists.sourceforge.net/lists/listinfo/mailwatch-users or the forums http://sourceforge.net/forum/?group_id=87163 (taken from the home page of http://mailwatch.sourceforge.net -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 17 00:04:56 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 17/11/05, Glenn Steen wrote: > On 16/11/05, José Angel Blanco González wrote: > > In vmstat, si is always 0, so it is not using swap I suppose. The computer > > is a mail server with 500 mail accounts, maybe ipopd or imapd the bug?? > > > How did you determine that MailScanner dropped in performance? Exactly > what characteristic are you seeing a problem with? > > You'll have to run the vmstat for a bit to be sure there really is no > swapping, and perhaps look into the sar command (think it's part of > the sysstat rpm or something similar.... I ditched my last RH9 the day > after the desupport notice.... (a while back:-), so my recollections > of exact package details is faint, to say the least...) > sar will help you (together with top) to determine if you have unusual > CPU load, which might be an indicator.... For IO, find and use iostat > in a similar way as you use vmstat. > > Until you have some facts, it's way to soon to start assigning blame > to individual systems/processes:-). > Replying to myself.... how ... quaint...:) If you use mbox format, or indeed if your users have huge mailboxes.... they might be seeing a big lag at certain message operations (and definitely when starting their client). Do you really need to support POP? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 16 23:57:52 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 16/11/05, José Angel Blanco González wrote: > In vmstat, si is always 0, so it is not using swap I suppose. The computer > is a mail server with 500 mail accounts, maybe ipopd or imapd the bug?? > How did you determine that MailScanner dropped in performance? Exactly what characteristic are you seeing a problem with? You'll have to run the vmstat for a bit to be sure there really is no swapping, and perhaps look into the sar command (think it's part of the sysstat rpm or something similar.... I ditched my last RH9 the day after the desupport notice.... (a while back:-), so my recollections of exact package details is faint, to say the least...) sar will help you (together with top) to determine if you have unusual CPU load, which might be an indicator.... For IO, find and use iostat in a similar way as you use vmstat. Until you have some facts, it's way to soon to start assigning blame to individual systems/processes:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From bmp at UNIVEXSYSTEMS.COM Thu Nov 17 07:15:33 2005 From: bmp at UNIVEXSYSTEMS.COM (Brian Parish) Date: Thu Jan 12 21:31:13 2006 Subject: Whole message quarantined Message-ID: I am used to seeing attachments quarantined of course, but this one is new to me: The original e-mail attachment "the entire message" is on the list of unacceptable attachments for this site and has been replaced by this warning message. This message consisted of some text with a large PDF attachment. MS didn't like the filename of the attachment - double file type - but why remove the message text as well? More importantly, how can I recover the attachment? It seems to be in TNEF format (yuk). I managed to get the message part back by dropping the entire file onto Outlook Express. Surprisingly this restored the message text, but the attached data was ignored. This attachment is 7MB and urgently required, so it would be nice not to have to have it resent. TIA Brian ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Thu Nov 17 08:06:01 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think maybe pop problem, but pop is necessary. Yes, we have some huge mailboxes. I thought that the problem was with MAilScanner because of swapping. Is there any solution for huge mailboxes?? Thank you Jose ----- Original Message ----- From: "Glenn Steen" To: Sent: Thursday, November 17, 2005 12:57 AM Subject: Re: Memory use > On 16/11/05, José Angel Blanco González wrote: >> In vmstat, si is always 0, so it is not using swap I suppose. The >> computer >> is a mail server with 500 mail accounts, maybe ipopd or imapd the bug?? >> > How did you determine that MailScanner dropped in performance? Exactly > what characteristic are you seeing a problem with? > > You'll have to run the vmstat for a bit to be sure there really is no > swapping, and perhaps look into the sar command (think it's part of > the sysstat rpm or something similar.... I ditched my last RH9 the day > after the desupport notice.... (a while back:-), so my recollections > of exact package details is faint, to say the least...) > sar will help you (together with top) to determine if you have unusual > CPU load, which might be an indicator.... For IO, find and use iostat > in a similar way as you use vmstat. > > Until you have some facts, it's way to soon to start assigning blame > to individual systems/processes:-). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Thu Nov 17 08:38:11 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I dont understand anything at all. I executed netx commands , all measures seem normal: - 'sar' CPU %user %nice %system %idle Media: all 10.67 2.31 6.18 80.44 - 'sar -b' tps rtps wtps bread/s bwrtn/s Media: 11.88 2.65 9.23 104.61 351.76 - 'hdparm -tT /dev/hda' Timing buffer-cache reads: 128MB in 0.31 seconds=412.90 MB/sec Timing buffered disk reads: 64 MB in 11.68 seconds=5.48 MB/s - free -m total used free shared buffers cached Mem: 2774 2748 25 0 110 2074 -+ buffers/caceh: 563 2210 Swap: 1019 4 1015 Maybe slow performance produced by slow disk reading?? Jose ----- Original Message ----- From: "Glenn Steen" To: Sent: Thursday, November 17, 2005 12:57 AM Subject: Re: Memory use > On 16/11/05, José Angel Blanco González wrote: >> In vmstat, si is always 0, so it is not using swap I suppose. The >> computer >> is a mail server with 500 mail accounts, maybe ipopd or imapd the bug?? >> > How did you determine that MailScanner dropped in performance? Exactly > what characteristic are you seeing a problem with? > > You'll have to run the vmstat for a bit to be sure there really is no > swapping, and perhaps look into the sar command (think it's part of > the sysstat rpm or something similar.... I ditched my last RH9 the day > after the desupport notice.... (a while back:-), so my recollections > of exact package details is faint, to say the least...) > sar will help you (together with top) to determine if you have unusual > CPU load, which might be an indicator.... For IO, find and use iostat > in a similar way as you use vmstat. > > Until you have some facts, it's way to soon to start assigning blame > to individual systems/processes:-). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at CODERS.CO.UK Thu Nov 17 09:07:47 2005 From: matt at CODERS.CO.UK (Matt Hampton) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] José Angel Blanco González wrote: > I think maybe pop problem, but pop is necessary. Yes, we have some > huge mailboxes. I thought that the problem was with MAilScanner > because of swapping. Is there any solution for huge mailboxes?? In our experience IMAP has been better at handling large mailboxes. matt ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From P.G.M.Peters at UTWENTE.NL Thu Nov 17 09:07:21 2005 From: P.G.M.Peters at UTWENTE.NL (Peter Peters) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 José Angel Blanco González wrote on 17-11-2005 9:06: > I think maybe pop problem, but pop is necessary. Yes, we have some huge > mailboxes. I thought that the problem was with MAilScanner because of > swapping. Is there any solution for huge mailboxes?? I worked on a mailscanner box that ran out of memory and it stopped working because of the ammount of swapping he did. After a few reboots (and waiting for the mirror to rebuild) we were able to pinpoint the problem. It was with SpamAssassin. Some trace investigations showed the box ran out of memory during the precompile of SpamAssassin. It happened also with a new version of SpamAssassin. The spamd test ran out of memory. The system was a RedHat EL3 based system with a recently updated glibc. After installing SA on a few other systems it showed EL4 didn't have any problem. Disabling TLS on the EL3 boxes fixed the problem. - -- Peter Peters, senior beheerder (Security) Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) Universiteit Twente, Postbus 217, 7500 AE Enschede telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDfEhJMbmy+DDgnIURAmlcAJsHoqBCjYOttaKJmdial922SY1myACgml// tuIYr1pFMKkrn9ZCwr8vnY0= =qMot -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 17 09:11:59 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:13 2006 Subject: over zealous phishing warnings Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 16 Nov 2005, at 22:51, Matt Kettler wrote: > hermit921 wrote: >> I receive a well respected email newsletter called Crypto-gram. It >> contains many links to the sender's web site for more detailed >> information. Below are some of the warnings I get. How literal >> are the >> phishing specifications? > > How literal they are depends a bit on your version of MailScanner. > There's been > a lot of updates to the phishing net over the past year. > > Some of those warnings are quite outrageous. Certainly the warning > about: > > "www.schneier.com" claiming to be > > is a problem. The phishing net should at minimum tolerate that. It does. This was fixed a little while ago. Please consider upgrading. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3xJYfw32o+k+q+hAQErDQgAiBc+IkJSxr62qW/d2n5z+sLd0tCt3K0I nNL9ol2fedkhp+P7lN7bTWWmd6AFEouF7LpQfz0rqykJK53BGOt02hlr1S+LUXnR U1dyVuakAtb+/vfg0p9WlvniFaNDjL5GeCLgmI39ysiKboU06tAHpQJ2qxXEQ0Gg 088MrqiEq2QY3QJLfvTd3+go/b38C9nno4Qnv8fBZPLEvZmfV4RzWagEtGpg3B1j HkANL45d89YWrKI24NUnR8NlyvktIawo3399SnR/QzjrfcE7Q66SIguPlBMF80hk QhQCQGJ2/EwKf57OVNJfWc2lAaP8lzD59LX4uuIlvE/9kz1uoCZv9w== =jo0G -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 17 12:16:38 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 17/11/05, Matt Hampton wrote: > José Angel Blanco González wrote: > > > I think maybe pop problem, but pop is necessary. Yes, we have some > > huge mailboxes. I thought that the problem was with MAilScanner > > because of swapping. Is there any solution for huge mailboxes?? > > In our experience IMAP has been better at handling large mailboxes. > > matt > Of course it is.... It's designed for that:-). POP spewing the entire mailbox to the client simply isn't very efficient... IMAP has some big improvements on that situation. But lets go back to my initial question: What are the exact "performance deficiencies" that you are seeing? Are the users complaining over something specific? Reason I ask is because the figures _do not (yet:-)_ support any theory that your box is resource-deprived. We haven't really seen any iostats, have we? Nor any longer-period sar snapshots, so it might still be such a situation... (And us just looking at snapshots from when the system is relatively OK:-)... But if you can describe, as exactly as possible, what prompted you to start looking... Then we might have "better precision" in our theories;). If you "benchmark" the time it takes a message to go through from the outside to a mailbox (wall-clock-time is good enough), is it unreasonably slooow? Or do you just have ... jumpy... users? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jose at TREELOGIC.COM Thu Nov 17 12:29:58 2005 From: jose at TREELOGIC.COM ([iso-8859-1] José Angel Blanco González) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I detect slow performance when sometimes the machine stops responding imap and pop connections. I think the preoblem is slow disk read/write operations. Some user have shared accounts and maintain a server copy, but they download the mayl by pop, I think they must use imap Jose ----- Original Message ----- From: "Glenn Steen" To: Sent: Thursday, November 17, 2005 1:16 PM Subject: Re: Memory use > On 17/11/05, Matt Hampton wrote: >> José Angel Blanco González wrote: >> >> > I think maybe pop problem, but pop is necessary. Yes, we have some >> > huge mailboxes. I thought that the problem was with MAilScanner >> > because of swapping. Is there any solution for huge mailboxes?? >> >> In our experience IMAP has been better at handling large mailboxes. >> >> matt >> > Of course it is.... It's designed for that:-). > > POP spewing the entire mailbox to the client simply isn't very > efficient... IMAP has some big improvements on that situation. > > But lets go back to my initial question: > What are the exact "performance deficiencies" that you are seeing? Are > the users complaining over something specific? > > Reason I ask is because the figures _do not (yet:-)_ support any > theory that your box is resource-deprived. > > We haven't really seen any iostats, have we? Nor any longer-period sar > snapshots, so it might still be such a situation... (And us just > looking at snapshots from when the system is relatively OK:-)... > But if you can describe, as exactly as possible, what prompted you to > start looking... Then we might have "better precision" in our > theories;). > > If you "benchmark" the time it takes a message to go through from the > outside to a mailbox (wall-clock-time is good enough), is it > unreasonably slooow? Or do you just have ... jumpy... users? > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 17 13:30:13 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 17/11/05, José Angel Blanco González wrote: > I detect slow performance when sometimes the machine stops responding imap > and pop connections. I think the preoblem is slow disk read/write > operations. > Some user have shared accounts and maintain a server copy, but they download > the mayl by pop, I think they must use imap > > Jose Thanks José. During those "sometimes" is the machine otherwise responsive? You should try to get some stats for those exact times. Look at CPU, memory usage, swap, IO and network performance during such a hiccup, if possible. This might mean you need to setup the sar package to run for an extended period of time, leave vmstat running (dumping to a file), same with iostat... And perhaps get ntop or a similar tool (I think IBMs nmon for linux might give you a "one-stop-shopping tool";). There's some stuff about things like this in the wiki (the maq and performance tuning bits).... Have a look there. Depressing but true: Troubleshooting performance problems rarely are fixed by a "quick fix", but more often by knowing, through stats and docs, exactly what is up and fixing just that. Iow: tweaking, not frobbing:-):-). Then again, just to confirm the rule by exception, one do get lucky from time to time whilst frobbing;-). Depending on what level of control you have over the client side, you should perhaps take "a long thought" on what protocols you do want to support, and the ramifications (POPs badness vs IMAPs .... mainly inefficiency vs having all mail stored on the server side, more or less). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at YAHOO.COM Thu Nov 17 16:23:09 2005 From: hermit921 at YAHOO.COM (hermit921) Date: Thu Jan 12 21:31:13 2006 Subject: over zealous phishing warnings Message-ID: At 02:51 PM 11/16/2005, Matt Kettler wrote: >hermit921 wrote: > > I receive a well respected email newsletter called Crypto-gram. It > > contains many links to the sender's web site for more detailed > > information. Below are some of the warnings I get. How literal are the > > phishing specifications? > >How literal they are depends a bit on your version of MailScanner. There's >been >a lot of updates to the phishing net over the past year. > >Some of those warnings are quite outrageous. Certainly the warning about: > >"www.schneier.com" claiming to be > >is a problem. The phishing net should at minimum tolerate that. > > If you're on a current version, I'd consider it a bug. If not, I'd consider >updating to see if it's been fixed. We are on version 4.46.2, not quite the most recent, but really close. hermit921 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gborders at jlewiscooper.com Thu Nov 17 17:03:38 2005 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Jan 12 21:31:13 2006 Subject: Large file attachment filtering Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > Greg Borders wrote: > > >> I'll investigate what the Quarantine can do as far as >> stripping/storing the mime attachments. The bit about "pretty message >> wrapping" and "constructed URLs" is where I was expecting to have some >> bits of code/script creep in. Not too sure yet where to grab bits of >> info to construct those... >> > > What I mean is for you to customise the report files sent to the user > (as in /etc/MailScanner/reports/en/). Various Perl variables can be used > in there (my examples use all the ones available) so you can construct a > report that includes a URL in the report. No code or script needed. That's the "bits" I was looking for! (Although one could argue using perl variables in a report is a form of coding *wink* ) Ok, after a day or two of tinkering I've got a system in place that does the basics. I thought I'd share my efforts with the MailScanner community, to help make it easier for the next person to implement. The MailScanner.conf file has a "Quarantine Permissions" variable that mentions setting it to 644 for allowing the web server to have access to the files. (It caused me a lot of frustration until I found that setting.) The MailScanner.conf also has the "Maximum Attachment Size" setting. This is typically set to -1 for unlimited size, or any number of bytes for a system wide restriction. Of course being a SysAdmin, we don't want to limit ourselves, so I created a separate rule set for indivduals / groups. So the MailScanner.conf line looks like : Maximum Attachment Size = %rules-dir%/max.attachment.size.rules And the rules file contains: #list of users and the max file bytes they can receive before they are quarantined. #Fred 100meg for special courier file FromOrTo: fred@comany-x.com 104857600 #test user max size for testuser 1 meg! FromOrTo: testuser@company-x.com 1048576 #everybodyelse gets default (no scan=-1) FromOrTo: default -1 Note you can set various levels of file sizes depending on what you want. I tested my settings with my testuser account, and it didn't affect the live users. Later I can set the default to a comfortable limit. Next, we need to change a couple of reports in /etc/MailScanner/reports/en/ From my tests, send.error.report.txt and stored.virus.message.txt were sent to the sender / recipient respectively when the "Attachment is too large" flag is tripped.. I included some lines in the stored.virus.message.txt that recreated the URL to the file. The available perl variables make this a cinch. URL: for direct download: http://www.company-x/pickup/$datenumber/$id/$filename Lastly, Note the above url path doesn't have the full /var/spool/MailScanner/quarantine/ in it. For Apache users. this is easy to do. With an alias in the httpd.conf file, you can better protect the quarantine area from malicious types. Alias /pickup/ "/var/spool/MailScanner/quarantine/" Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all Hope this helps anyone that needs to have automated access to their quarantine files! Next phase I may attempt to do more along the lines of what you did Julian, and instead of linking directly to the file, I'd send them off to a PHP/perl page to do a request for file, and then have IT administrators approve the transfer to the users before sending them a working link to the data. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at YETICOMPUTERS.COM Thu Nov 17 17:06:10 2005 From: mailscanner at YETICOMPUTERS.COM (Rick Chadderdon) Date: Thu Jan 12 21:31:13 2006 Subject: Whole message quarantined Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You can probably get to the attachment by dropping the entire message file on fentun: http://www.fentun.com/ Ummm... It looks like the site is down right now. I don't know if it's a temporary thing or not. If you have trouble finding a copy of the program I have a statically compiled Linux exe right here and can probably find a Windows version on one of the boxes at home. Rick Brian Parish wrote: >I am used to seeing attachments quarantined of course, but this one is new to >me: > >The original e-mail attachment "the entire message" >is on the list of unacceptable attachments for this site and has been >replaced by this warning message. > >This message consisted of some text with a large PDF attachment. MS didn't >like the filename of the attachment - double file type - but why remove the >message text as well? > >More importantly, how can I recover the attachment? It seems to be in TNEF >format (yuk). I managed to get the message part back by dropping the entire >file onto Outlook Express. Surprisingly this restored the message text, but >the attached data was ignored. > >This attachment is 7MB and urgently required, so it would be nice not to have >to have it resent. > >TIA >Brian > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jkf at ecs.soton.ac.uk Fri Nov 18 10:56:20 2005 From: jkf at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I'm getting no traffic through my mailing list today at all? It's highly unlikely that no-one in the entire MailScanner community has anything to say. Can you check your systems please? - -- Julian Field jkf@ecs.soton.ac.uk Teaching Systems Manager Electronics & Computer Science University of Southampton SO17 1BJ, UK -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ32zVvw32o+k+q+hAQFbFwf/R+H0EIq14n4gmxFkrHk0ftUuNHBlhSZV 1I3elwl9QRpZxsXZXJnL9dT4LYll1QnvirVnG8QOuoRgqy4whVrukf4S6crb+SRk 1cww4rGAhLLEekigLYaiQirAgkueupyG1UZfqGordZef+FySNTvbDVyJELdndh4K 7vs7ECz8apOQca+XhukeyhC7kXIwtztEi5J/8L1Ld8CrQ8w6BU6wBcv9GorDI9UU YM1g3kQO4IdAKqLrKGU+CtAdkm8VsXJBKH0d0Q4Mhnxz5aa0NF3iNad/xro7QPbb 20uwHJkWwQkwFUKrqBHy/cIuebMxFK+fYkpOiz8uaPmmSZsosNcg+Q== =39a1 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Fri Nov 18 11:02:05 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: Hi! > -----BEGIN PGP SIGNED MESSAGE----- > > I'm getting no traffic through my mailing list today at all? It's > highly unlikely that no-one in the entire MailScanner community has > anything to say. > > Can you check your systems please? :) Seems to work just fine. You should implement more bugs, so people have to be here more often. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Fri Nov 18 11:02:36 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This one clearly works :) On Friday, November 18, 2005 11:56 AM, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I'm getting no traffic through my mailing list today at all? It's > highly unlikely that no-one in the entire MailScanner community has > anything to say. > > Can you check your systems please? > - -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ32zVvw32o+k+q+hAQFbFwf/R+H0EIq14n4gmxFkrHk0ftUuNHBlhSZV > 1I3elwl9QRpZxsXZXJnL9dT4LYll1QnvirVnG8QOuoRgqy4whVrukf4S6crb+SRk > 1cww4rGAhLLEekigLYaiQirAgkueupyG1UZfqGordZef+FySNTvbDVyJELdndh4K > 7vs7ECz8apOQca+XhukeyhC7kXIwtztEi5J/8L1Ld8CrQ8w6BU6wBcv9GorDI9UU > YM1g3kQO4IdAKqLrKGU+CtAdkm8VsXJBKH0d0Q4Mhnxz5aa0NF3iNad/xro7QPbb > 20uwHJkWwQkwFUKrqBHy/cIuebMxFK+fYkpOiz8uaPmmSZsosNcg+Q== > =39a1 > -----END PGP SIGNATURE----- -- Met vriendelijke groet, Wietse Muizelaar ------------------------------------------- W.G. Muizelaar Boudisque Webmaster / ICT Drieharingstraat 5-31, 3511 BH Utrecht Telefoon: +31 (0)30 - 2394030 E-mail: wietse@boudisque.nl Website: www.boudisque.nl ------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gercke at HNM.DE Fri Nov 18 11:08:39 2005 From: gercke at HNM.DE (Daniel Gercke) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Seems to work just fine. You should implement more bugs, so people have > to be here more often. > > Bye, > Raymond. :-) Daniel Gercke programmierung . system managements -- haus neuer medien GmbH . agentur fuer neuen antrieb . Tel 03834 8313 0 . Fax 8313 13 . info@hnm.de . www.hnm.de Wolgaster Strasse 146 (Ollmannsche Villa) . 17489 Greifswald . Tel 040 2384 4630 . Fax 4154 6520 . Osterstrasse 124 . 20255 Hamburg . AG Stralsund HRB 5089 . Geschaeftsfuehrer RA Daniel Scheibner . -- [Diese Nachricht gilt als frei von Viren und gefaehrlichen Dateianhaengen. Schutz vor Viren und Spam von haus neuer medien. Bei Fragen oder Interesse Kontakt ueber mailscanner@hnm.de oder 03834 83130.] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Fri Nov 18 11:10:50 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Fri, November 18, 2005 11:02, Raymond Dijkxhoorn wrote: > Hi! > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I'm getting no traffic through my mailing list today at all? It's >> highly unlikely that no-one in the entire MailScanner community has >> anything to say. I did wonder that this morning but it seems to working OK. > Seems to work just fine. You should implement more bugs, so people have to > be here more often. Perhaps that's the answer :-p Certainly MailScanner is pretty easy to implement and currently (Not wishing to tempt fate!) Just Works TM which makes for a quieter time. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Nov 18 11:15:46 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Julian Field wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I'm getting no traffic through my mailing list today at all? It's >> highly unlikely that no-one in the entire MailScanner community has >> anything to say. >> >> Can you check your systems please? > > Julian, > > This IP 130.246.192.56 was listed in spamcop for some time 16-17th Nov > but doesn't appear to be listed any more.. > > Probably one of the reasons.. One more reason.. Nov 18 16:32:07 smtp1 postfix/smtp[16397]: 3D99B374A4A: host kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient disk space; try again later (in reply to MAIL FROM command) - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at soton.ac.uk Fri Nov 18 11:18:28 2005 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: Still getting stuff here. Gary MailScanner mailing list wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I'm getting no traffic through my mailing list today at all? It's > highly unlikely that no-one in the entire MailScanner community has > anything to say. > > Can you check your systems please? > - -- > Julian Field > jkf@ecs.soton.ac.uk > Teaching Systems Manager > Electronics & Computer Science > University of Southampton > SO17 1BJ, UK > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ32zVvw32o+k+q+hAQFbFwf/R+H0EIq14n4gmxFkrHk0ftUuNHBlhSZV > 1I3elwl9QRpZxsXZXJnL9dT4LYll1QnvirVnG8QOuoRgqy4whVrukf4S6crb+SRk > 1cww4rGAhLLEekigLYaiQirAgkueupyG1UZfqGordZef+FySNTvbDVyJELdndh4K > 7vs7ECz8apOQca+XhukeyhC7kXIwtztEi5J/8L1Ld8CrQ8w6BU6wBcv9GorDI9UU > YM1g3kQO4IdAKqLrKGU+CtAdkm8VsXJBKH0d0Q4Mhnxz5aa0NF3iNad/xro7QPbb > 20uwHJkWwQkwFUKrqBHy/cIuebMxFK+fYkpOiz8uaPmmSZsosNcg+Q== > =39a1 > -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Nov 18 11:01:56 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I'm getting no traffic through my mailing list today at all? It's > highly unlikely that no-one in the entire MailScanner community has > anything to say. > > Can you check your systems please? > - -- Julian, This IP 130.246.192.56 was listed in spamcop for some time 16-17th Nov but doesn't appear to be listed any more.. Probably one of the reasons.. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 18 10:34:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:13 2006 Subject: does this list still work? Message-ID: ??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 18 11:51:27 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:13 2006 Subject: does this list still work? Message-ID: Ah the backlog is starting to trickle through - good. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Martin Hepworth > Sent: 18 November 2005 10:34 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] does this list still work? > > ??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martelm at QUARK.VSC.EDU Fri Nov 18 11:53:19 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: --On November 18, 2005 10:56:20 AM +0000 Julian Field wrote: > I'm getting no traffic through my mailing list today at all? It's > highly unlikely that no-one in the entire MailScanner community has > anything to say. I've got nothing usefull to say. :) Does this mean it's fixed now ? Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Nov 18 12:24:00 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:13 2006 Subject: after the big fire Message-ID: Hi, Now that we know the list works again, I'm wondering how life and work is going for Julian after the big fire. You have been pretty quiet, so either the list ate your postings or you have been really busy due to the fire. And did the list eat my posting about Time::HiRes? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Nov 18 13:54:24 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > > This IP 130.246.192.56 was listed in spamcop for some time 16-17th Nov > but doesn't appear to be listed any more.. > > Probably one of the reasons.. > > - dhawal > Correction, it is still listed in bl.spamcop.net http://www.spamcop.net/w3m?action=blcheck&ip=130.246.192.56 That and the disk problem.. time for the list to move to Blacknight Solutions i think.. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 18 14:00:30 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: I have the MailScanner list (and other others) whitelisted, so it's not me blocking messages....I note my earlier message didn't get through for over an hour (till Jules prodded the list-admins) so I guess there's something else going one.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dhawal Doshy > Sent: 18 November 2005 13:54 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Lists down? > > Dhawal Doshy wrote: > > > > This IP 130.246.192.56 was listed in spamcop for some time 16-17th Nov > > but doesn't appear to be listed any more.. > > > > Probably one of the reasons.. > > > > - dhawal > > > > Correction, it is still listed in bl.spamcop.net > http://www.spamcop.net/w3m?action=blcheck&ip=130.246.192.56 > > That and the disk problem.. time for the list to move to Blacknight > Solutions i think.. > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Fri Nov 18 14:39:47 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin Hepworth wrote: > I have the MailScanner list (and other others) whitelisted, so it's not me > blocking messages....I note my earlier message didn't get through for over > an hour (till Jules prodded the list-admins) so I guess there's something > else going one.. You've probably missed out on this mail of mine.. Nov 18 16:32:07 smtp1 postfix/smtp[16397]: 3D99B374A4A: host kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient disk space; try again later (in reply to MAIL FROM command) Theres kili.jiscmail.ac.uk (disk full) and fili.jiscmail.ac.uk (currently accepting mails) as MXs for jiscmail.ac.uk - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 18 15:05:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:13 2006 Subject: after the big fire Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- On 18 Nov 2005, at 12:24, Jeff A. Earickson wrote: > Hi, > Now that we know the list works again, I'm wondering > how life and work is going for Julian after the big fire. > You have been pretty quiet, so either the list ate your postings > or you have been really busy due to the fire. It has been very busy, to put it mildly. Lots of 15-hour work days. I haven't had the time to devote much effort to MailScanner in the last 3 weeks since the fire (or however long it's been). We are currently aiming to spend about £ 5,000,000 on PC bits and pieces and replacement workstations, virtually all of which are very slightly different from each other, we're not talking 1 big order for 300 identical machines or anything like that, they mostly have to be done one at a time. That's an awful lot of quotes to get. And we have a few hundred fire-damaged hard disks to do data recovery from, that's no quick job either. Plus of course there is the usual term- time load as well. So you can guess what it's like round here! > And did the list eat my posting about Time::HiRes? I haven't had time to read every posting, so you may want to remind me of the question. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ33ts/w32o+k+q+hAQEP8QgAmKyEHrFWNmQOdxuvYXIaZ0lNOgjGeRqB p9/K3w+eqCjDQlLQ3OFbRJAkN8B832PoEXrl5kkl5vwmHwpPXwLcfcjq2NqozjWa DG00DLpcRGMMWOqedjquknLh8yMlqf0z7vJ5ZD4Ea+IS2IkVocbNeDy/LuK0fqMS U5F47MvG4fKWsgkHa4Btj4iGFlp2VzZGF1xWUnfps6QJYFic/oxYXPdJdqHyDAd4 wmDpVqYtIiCkpnLLINPseUToKNXeS1UNx6toXw7uyX+sEBWTECmIJFsZ5dxe9wIQ LghINMBdAAO1DEz1S1j8zKzeWYLne3neaDUbQpyOWb4P67shQyN4QQ== =5dR2 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 18 14:59:22 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: Ahhh that'll explain the outaqe then......ah well if they will run listserv and on windows..... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dhawal Doshy > Sent: 18 November 2005 14:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Lists down? > > Martin Hepworth wrote: > > I have the MailScanner list (and other others) whitelisted, so it's not > me > > blocking messages....I note my earlier message didn't get through for > over > > an hour (till Jules prodded the list-admins) so I guess there's > something > > else going one.. > > You've probably missed out on this mail of mine.. > > Nov 18 16:32:07 smtp1 postfix/smtp[16397]: 3D99B374A4A: host > kili.jiscmail.ac.uk[130.246.192.52] said: 452 4.4.5 Insufficient > disk space; try again later (in reply to MAIL FROM command) > > Theres kili.jiscmail.ac.uk (disk full) and fili.jiscmail.ac.uk > (currently accepting mails) as MXs for jiscmail.ac.uk > > - dhawal > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Edge at TWU.CA Fri Nov 18 19:55:49 2005 From: Edge at TWU.CA (Richard Edge) Date: Thu Jan 12 21:31:13 2006 Subject: Spam scores in headers Message-ID: I am running MailScanner 4.47.4, SA 3.01 with Rules Du Jour and was wondering how to configure things to show all of the tests failed. Looking at the headers and totaling up the scores it is obvious that some other tests are also being triggered, but not recorded in the "X-MailScanner-SpamCheck:" header lines. For example: X-TWU-MailScanner-SpamCheck: spam, SpamAssassin (score=7.557, required 5,BAYES_50 0.00, HTML_90_100 0.11, HTML_IMAGE_ONLY_04 3.60,HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 1.08,HTML_SHORT_LENGTH 1.57, MIME_BASE64_NO_NAME 0.22,MIME_HTML_ONLY 0.00, NO_REAL_NAME 0.96) X-TWU-MailScanner-SpamScore: sssssss I am using the following RDJ: TRUSTED_RULESETS="ANTIDRUG SARE_ADULT SARE_OEM BOGUSVIRUS SARE_FRAUD SARE_OBFU0 SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_SPOOF" Also, is there a way to include the SpamAssassin version number in the "X-MailScanner-SpamCheck:" header. I have seen it in some, but they appear to be using spamassassin as either spamc or spamd. Is this the reason or have I missed something in the docs and/or MailScannner.conf options? We are using MailScanner on our two email gateways forwarding all email to our Exchange Servers and also using IMF on the Exchange front end server. I want to rely more on MailScanner for this as IMF 2.0 is generating too many false positives and MailScanner/SpamAssassin is not catching enough spam for me to rely on it totally. We are trying to move away from a dependency on MS products and may even move our main email servers to a Linux solution (IT Director vision) but in order to do so, I need to be able to have MailScanner/SpamAssassin doing all of the anti-spam as well as the anti-virus. While I am continually tweaking MailScanner to get the most out of it, it appears there is still a ways to go. I also need to be able to allow quarantining in a way that allows for one location to maintain quarantined spam. To this end I will be installing MailWatch on a separate server and was wanting to know if anyone can point me to documentation for setting this up to have two gateway smtp servers running MailScanner/SpamAssassin and quarantine manage from a single separate server if this is indeed the best scenario. I will also ask about this in the MailWatch list. Any tips or ideas from the user community would be very helpful. Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge@twu.ca | www.twu.ca/technology ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 18 20:55:31 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:13 2006 Subject: Spam scores in headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard Edge wrote: > I am running MailScanner 4.47.4, SA 3.01 Warning: 3.0.1 is subject to a remote DoS vulnerability in its mime decoder. Any spammer can exploit this by sending you malformed messages. with Rules Du Jour and was > wondering how to configure things to show all of the tests failed. > Looking at the headers and totaling up the scores it is obvious that > some other tests are also being triggered, but not recorded in the > "X-MailScanner-SpamCheck:" header lines. > > For example: > > X-TWU-MailScanner-SpamCheck: spam, SpamAssassin (score=7.557, required > 5,BAYES_50 0.00, HTML_90_100 0.11, HTML_IMAGE_ONLY_04 3.60,HTML_MESSAGE > 0.00, HTML_MIME_NO_HTML_TAG 1.08,HTML_SHORT_LENGTH 1.57, > MIME_BASE64_NO_NAME 0.22,MIME_HTML_ONLY 0.00, NO_REAL_NAME 0.96) Any chance you have the AWL on? (note: disabling this in MailScanner.conf doesn't work, you have to do it in /etc/mail/spamassassin/local.cf) > > X-TWU-MailScanner-SpamScore: sssssss > > I am using the following RDJ: > > TRUSTED_RULESETS="ANTIDRUG SARE_ADULT SARE_OEM BOGUSVIRUS SARE_FRAUD > SARE_OBFU0 SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_SPOOF" Warning: Do not use antidrug.cf with SA 3.0.0 or newer. Antidrug.cf is intended to be used by users of SA 2.64 and older only. As of SA 3.0.0 the rules are already built-in to SA. By loading antidrug.cf you'll over-ride any improvements that the SA developers may have made. I am the author of antidrug.cf, and although I haven't checked to see if the devs have updated the rules, I am no longer maintaining this configfile directly. Any future updates I make will likely be pushed directly to the spamassassin project, and possibly to separate rulesets like "antidrug_31.cf", etc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Fri Nov 18 21:00:46 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:13 2006 Subject: MailScanner not working with sendmail directories Message-ID: I am using FreeBSD 5.4 with MailScanner.4.44.6 (installed with installClamSA). I am using sendmail as my MTA. I noticed that MailScanner is not working, because the subject line is not being modified. After issuing a ps -ax, I noticed that their are two sendmail processes running. One sendmail QueueRunner process points to /var/spool/clientmqueue and the other sendmail QueueRunner process points to /var/spool/mqueue. On FreeBSD sendmail is enabled by this statement in the /etc/rc.conf file sendmail_enable="YES" /etc/mail/sendmail.cf "QueueDirectory=/var/spool/mqueue" /etc/mail/submit.cf "QueueDirectory"=/var/spool/clientmqueue MailScanner.conf "Incoming Queue Directory"= /var/spool/mqueue "Outgoing Queue directoy"=/var/spool/mqueue When the first process of sendmail loads by way of /etc/rc.conf, all incoming mail is being stored in /var/spool/clientmqueue, then is relayed on to my internal mail server for processing. All e-mail is delivered, but is bypassing MailScanner. I specified sendmail_enable="NO" in /etc/rc.conf, then changed my /etc/mail/submit.cf to point to /var/spool/mqueue just like the sendmail.cf file. I stoppped mailscanner and sendmail. Ran /etc/mail/make /etc/mail/make install ( to make sure the submit.cf file change took.) shutdown -r now Once the server rebooted, I logged in and ran mailq. The results said mail queue points to /var/spool/mqueue (correct destination) What is happening is that the mail is received and deposited into the /var/spool/clientmqueue directory(not the /var/spool/mqueue directory). Mail just gets queued and sits their. I am pulling my hair out!!! Can anyone help??? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From gborders at jlewiscooper.com Fri Nov 18 21:17:29 2005 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Jan 12 21:31:13 2006 Subject: Spam scores in headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Richard Edge wrote: > >> I am running MailScanner 4.47.4, SA 3.01 >> > > Warning: 3.0.1 is subject to a remote DoS vulnerability in its mime decoder. Any > spammer can exploit this by sending you malformed messages. This is the SA that is being distributed with the MailScanner RPM version. I too have the SA 3.01 running. How easy is it to migrate SA to the 3.1 version? I'm a bit leary at first glance, knowing how it's been integrated with MailScanner, and all the config files that may get over written accidentally. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Edge at TWU.CA Fri Nov 18 23:19:30 2005 From: Edge at TWU.CA (Richard Edge) Date: Thu Jan 12 21:31:13 2006 Subject: (SCL: 1) Re: Spam scores in headers Message-ID: Thanks Matt. As mentioned in another message I am using 3.1 not 3.01. It was a typo on my part. I have removed antidrug.cf. The spam.assassin.prefs.conf suggested renaming the local.cf file so that it wouldn't be used. Are you suggesting then that it be used to disable certain SpamAssassin functions/tests? Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge@twu.ca | www.twu.ca/technology -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Kettler Sent: Friday, November 18, 2005 12:56 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: (SCL: 1) Re: Spam scores in headers Richard Edge wrote: > I am running MailScanner 4.47.4, SA 3.01 Warning: 3.0.1 is subject to a remote DoS vulnerability in its mime decoder. Any spammer can exploit this by sending you malformed messages. with Rules Du Jour and was > wondering how to configure things to show all of the tests failed. > Looking at the headers and totaling up the scores it is obvious that > some other tests are also being triggered, but not recorded in the > "X-MailScanner-SpamCheck:" header lines. > > For example: > > X-TWU-MailScanner-SpamCheck: spam, SpamAssassin (score=7.557, required > 5,BAYES_50 0.00, HTML_90_100 0.11, HTML_IMAGE_ONLY_04 > 3.60,HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 1.08,HTML_SHORT_LENGTH > 1.57, MIME_BASE64_NO_NAME 0.22,MIME_HTML_ONLY 0.00, NO_REAL_NAME 0.96) Any chance you have the AWL on? (note: disabling this in MailScanner.conf doesn't work, you have to do it in /etc/mail/spamassassin/local.cf) > > X-TWU-MailScanner-SpamScore: sssssss > > I am using the following RDJ: > > TRUSTED_RULESETS="ANTIDRUG SARE_ADULT SARE_OEM BOGUSVIRUS SARE_FRAUD > SARE_OBFU0 SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 SARE_SPOOF" Warning: Do not use antidrug.cf with SA 3.0.0 or newer. Antidrug.cf is intended to be used by users of SA 2.64 and older only. As of SA 3.0.0 the rules are already built-in to SA. By loading antidrug.cf you'll over-ride any improvements that the SA developers may have made. I am the author of antidrug.cf, and although I haven't checked to see if the devs have updated the rules, I am no longer maintaining this configfile directly. Any future updates I make will likely be pushed directly to the spamassassin project, and possibly to separate rulesets like "antidrug_31.cf", etc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-PKCS7-SIGNATURE 6.3KB. ] [ Unable to print this part. ] From peter at UCGBOOK.COM Fri Nov 18 23:32:44 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:31:13 2006 Subject: MailScanner not working with sendmail directories Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > MailScanner.conf "Incoming Queue Directory"= /var/spool/mqueue > "Outgoing Queue > directoy"=/var/spool/mqueue The incoming directory should be mqueue.in, it must not be the same as the outgoing, then you will have what you have - that MailScanner can't get the mail before Sendmail delivers it. Read the below to learn more: http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Edge at TWU.CA Fri Nov 18 23:03:26 2005 From: Edge at TWU.CA (Richard Edge) Date: Thu Jan 12 21:31:13 2006 Subject: Spam scores in headers Message-ID: That's a typo on my part, I actually have updated it to 3.1, not 3.01. I followed the instructions at http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/264.html. I then renamed the local.cf file in /etc/mail/spamassassin as per the comments in the /wetc/MailScanner/spam.assassin.prefs.conf file. A sample file can be found at http://www.fsl.com/support/spam.assassin.prefs.conf.SA-3.0 Richard Edge Senior Systems Administrator | Technology Services Trinity Western University | t: 604.513.2089 f: 604.513.2038 | e: edge@twu.ca | www.twu.ca/technology -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Greg Borders Sent: Friday, November 18, 2005 1:17 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Spam scores in headers Matt Kettler wrote: > Richard Edge wrote: > >> I am running MailScanner 4.47.4, SA 3.01 >> > > Warning: 3.0.1 is subject to a remote DoS vulnerability in its mime > decoder. Any spammer can exploit this by sending you malformed messages. This is the SA that is being distributed with the MailScanner RPM version. I too have the SA 3.01 running. How easy is it to migrate SA to the 3.1 version? I'm a bit leary at first glance, knowing how it's been integrated with MailScanner, and all the config files that may get over written accidentally. -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-PKCS7-SIGNATURE 6.3KB. ] [ Unable to print this part. ] From Richard.Frovarp at SENDIT.NODAK.EDU Sat Nov 19 05:35:40 2005 From: Richard.Frovarp at SENDIT.NODAK.EDU (Richard Frovarp) Date: Thu Jan 12 21:31:13 2006 Subject: Spam scores in headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The total for the rules listed is 7.54 which is not that far off of the score of 7.557. The scores listed for the rules are not the exact scores that SA uses. This leads to rounding errors. See: http://wiki.apache.org/spamassassin/RoundingIssues Richard Edge wrote: > I am running MailScanner 4.47.4, SA 3.01 with Rules Du Jour and was > wondering how to configure things to show all of the tests failed. > Looking at the headers and totaling up the scores it is obvious that > some other tests are also being triggered, but not recorded in the > "X-MailScanner-SpamCheck:" header lines. > > For example: > > X-TWU-MailScanner-SpamCheck: spam, SpamAssassin (score=7.557, required > 5,BAYES_50 0.00, HTML_90_100 0.11, HTML_IMAGE_ONLY_04 > 3.60,HTML_MESSAGE 0.00, HTML_MIME_NO_HTML_TAG 1.08,HTML_SHORT_LENGTH > 1.57, MIME_BASE64_NO_NAME 0.22,MIME_HTML_ONLY 0.00, NO_REAL_NAME 0.96) > > X-TWU-MailScanner-SpamScore: sssssss > > I am using the following RDJ: > > TRUSTED_RULESETS="ANTIDRUG SARE_ADULT SARE_OEM BOGUSVIRUS SARE_FRAUD > SARE_OBFU0 SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 > SARE_SPOOF" > > Also, is there a way to include the SpamAssassin version number in the > "X-MailScanner-SpamCheck:" header. I have seen it in some, but they > appear to be using spamassassin as either spamc or spamd. Is this the > reason or have I missed something in the docs and/or MailScannner.conf > options? > > We are using MailScanner on our two email gateways forwarding all > email to our Exchange Servers and also using IMF on the Exchange front > end server. I want to rely more on MailScanner for this as IMF 2.0 is > generating too many false positives and MailScanner/SpamAssassin is > not catching enough spam for me to rely on it totally. We are trying > to move away from a dependency on MS products and may even move our > main email servers to a Linux solution (IT Director vision) but in > order to do so, I need to be able to have MailScanner/SpamAssassin > doing all of the anti-spam as well as the anti-virus. While I am > continually tweaking MailScanner to get the most out of it, it appears > there is still a ways to go. I also need to be able to allow > quarantining in a way that allows for one location to maintain > quarantined spam. To this end I will be installing MailWatch on a > separate server and was wanting to know if anyone can point me to > documentation for setting this up to have two gateway smtp servers > running MailScanner/SpamAssassin and quarantine manage from a single > separate server if this is indeed the best scenario. I will also ask > about this in the MailWatch list. > > Any tips or ideas from the user community would be very helpful. > > *Richard Edge* > /Senior Systems Administrator |/ Technology Services > Trinity Western University | t: 604.513.2089 > f: 604.513.2038 | e: ___edge@twu.ca___ ___ | > ______www.twu.ca/technology___ ___ ___ > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From meshbahuddin at YAHOO.COM Sat Nov 19 11:23:18 2005 From: meshbahuddin at YAHOO.COM (Meshbah Uddin Ahmed) Date: Thu Jan 12 21:31:13 2006 Subject: mail not sent Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] HI, i m using postfix (2.1.5-9) + mailscanner (4.41.3-2) + clamav in debian. It worked fine. Now a days, i m facing prb for sending mail. postfix recvd mail, but didnt sent. every 7/8 mins later mailscanner restarts automatically and that time mail sends and within few secs again stops. during restarting mailscanner the log shows- MailScanner: Commercial scanner clamav timed out! MailScanner: Virus Scanning: ClamAV found 1 infections MailScanner: Virus Scanning: Denial Of Service attack detected! MailScanner: MailScanner E-Mail Virus Scanner version 4.41.3 starting... MailScanner: Read 120 hostnames from the phishing whitelist MailScanner: Using locktype = flock another thing, i have checked by 'ps -ef' and found postfix and mailscanner process running. when i run, # netstat -an | more tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN tcp6 0 0 :::25 :::* LISTEN here 25 is listen on tcp and tcp6 ports. i have another mail server with same configuration, but there only tcp port is listening, not tcp6. can u pls help me, where is my problem. how can i get rid off here. regards meshbah __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Sat Nov 19 02:00:13 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:13 2006 Subject: Spam scores in headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/18/05, Richard Edge wrote: > Looking at the headers and totaling up the scores it is obvious that some other > tests are also being triggered, but not recorded in the > "X-MailScanner-SpamCheck:" header lines. MS only reports two decimal places by default. I'm guessing that's where the remainder is. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Sat Nov 19 01:55:43 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:13 2006 Subject: (SCL: 1) Re: Spam scores in headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Renaming local.cf isn't necessarily required. The one that ships by default with SA 3.1 does nothing. I think FSL is just attempting to avoid a potential source of problems/confusion. All of the SA configuration should be done in spam.assassin.prefs.conf Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at GMAIL.COM Sat Nov 19 05:32:04 2005 From: brent.bolin at GMAIL.COM (BB) Date: Thu Jan 12 21:31:13 2006 Subject: MailScanner not working with sendmail directories Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Change /etc/rc.conf or /etc/defaults/rc.conf sendmail_enable=NONE Verify mailscanner is starting up with /usr/local/etc/rc.d/mailscanner.sh Think you need to manually create some of the directores. Verify MailScanner.conf for directories. tail -f /var/log/maillog will show you the details The only reason to rebuild sendmail.cf is to remove IPv6 stuff. I would use m4 macro for that. Webmin would be a good choice to use. # SMTP daemon options O DaemonPortOptions=Name=IPv4, Family=inet O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O O DaemonPortOptions=Port=587, Name=MSA, M=E On 11/18/05, Marc Dufresne wrote: I am using FreeBSD 5.4 with MailScanner.4.44.6 (installed with installClamSA). I am using sendmail as my MTA. I noticed that MailScanner is not working, because the subject line is not being modified. After issuing a ps -ax, I noticed that their are two sendmail processes running. One sendmail QueueRunner process points to /var/spool/clientmqueue and the other sendmail QueueRunner process points to /var/spool/mqueue. On FreeBSD sendmail is enabled by this statement in the /etc/rc.conf file sendmail_enable="YES" /etc/mail/sendmail.cf "QueueDirectory=/var/spool/mqueue" /etc/mail/submit.cf "QueueDirectory"=/var/spool/clientmqueue MailScanner.conf "Incoming Queue Directory"= /var/spool/mqueue "Outgoing Queue directoy"=/var/spool/mqueue When the first process of sendmail loads by way of /etc/rc.conf, all incoming mail is being stored in /var/spool/clientmqueue, then is relayed on to my internal mail server for processing. All e-mail is delivered, but is bypassing MailScanner. I specified sendmail_enable="NO" in /etc/rc.conf, then changed my /etc/mail/submit.cf to point to /var/spool/mqueue just like the sendmail.cf file. I stoppped mailscanner and sendmail. Ran /etc/mail/make /etc/mail/make install ( to make sure the submit.cf file change took.) shutdown -r now Once the server rebooted, I logged in and ran mailq. The results said mail queue points to /var/spool/mqueue (correct destination) What is happening is that the mail is received and deposited into the /var/spool/clientmqueue directory(not the /var/spool/mqueue directory). Mail just gets queued and sits their. I am pulling my hair out!!! Can anyone help??? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Sun Nov 20 13:16:47 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:13 2006 Subject: Subject Encoding Bug?? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, I think I've found a bug - but I'm not sure which piece of the jigsaw is causing it. On a message input to MailScanner with the subject header of: Subject: =?GB2312?B?t7+12LL6z+7Ev76tvMPGwLzbytay4Q==?= MailScanner's $message->{subject} at the 'Always Looked Up Last' stage contains '1' - I've seen this happen on 39 messages out of 6,136 messages and I've only seen this on GB2312 and KOI8-R character sets. Here are the full headers of an example message: Return-Path: <�g> Received: from sina.com ([221.219.134.109]) by mail.xxx.com (8.13.1/8.13.1) with ESMTP id jAKCZSn5031525 for ; Sun, 20 Nov 2005 07:35:55 -0500 Message-Id: <200511201235.jAKCZSn5031525@mail.xxx.com> From: "goutong@sina.com" Subject: =?GB2312?B?t7+12LL6z+7Ev76tvMPGwLzbytay4Q==?= To: xxx@xxx.com Content-Type: text/html;charset="GB2312" Reply-To: goutong@sina.com Date: Sun, 20 Nov 2005 20:44:17 +0800 X-Priority: 3 X-Mailer: Microsoft Outlook Express 5.50.4133.2400 Any ideas?? Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Nov 20 15:03:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:13 2006 Subject: Subject Encoding Bug?? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Well found. Fixed. Steve Freegard wrote: >Hi All, > >I think I've found a bug - but I'm not sure which piece of the jigsaw is >causing it. > >On a message input to MailScanner with the subject header of: > >Subject: =?GB2312?B?t7+12LL6z+7Ev76tvMPGwLzbytay4Q==?= > >MailScanner's $message->{subject} at the 'Always Looked Up Last' stage >contains '1' - I've seen this happen on 39 messages out of 6,136 >messages and I've only seen this on GB2312 and KOI8-R character sets. > >Here are the full headers of an example message: > >Return-Path: <�g> >Received: from sina.com ([221.219.134.109]) > by mail.xxx.com (8.13.1/8.13.1) with ESMTP id jAKCZSn5031525 > for ; Sun, 20 Nov 2005 07:35:55 -0500 >Message-Id: <200511201235.jAKCZSn5031525@mail.xxx.com> >From: "goutong@sina.com" >Subject: =?GB2312?B?t7+12LL6z+7Ev76tvMPGwLzbytay4Q==?= >To: xxx@xxx.com >Content-Type: text/html;charset="GB2312" >Reply-To: goutong@sina.com >Date: Sun, 20 Nov 2005 20:44:17 +0800 >X-Priority: 3 >X-Mailer: Microsoft Outlook Express 5.50.4133.2400 > >Any ideas?? > >Kind regards, >Steve. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ4CQSBH2WUcUFbZUEQL/uACcChy7DzbWjyVFPBrGoc3zHQSs7CUAoP8F 2fZ8r49ZBuV8e8vnQ45e0vBo =WSev -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Nov 20 15:05:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:13 2006 Subject: Beta release 4.48.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have just released Beta 4.48.1. This fixes the Subject: decoding bug found by Steve Freegard. It enables blocking of messages containing web bugs, and fixes 3 other bugs as well. Download as usual from www.mailscanner.info The full Change Log is this: * New Features and Improvements * - - Upgraded ClamAV to 0.87.1. - - Improved Sophos wrapper script to allow for EM library installations. No support for Sophos V5.0 yet. - - Enabled blocking of messages containing web bugs. Note this may have some false alarms, as a web bug is any image of 2x2 or smaller. - - Changed ClamAV parser to not generate warning output when it sees lines it wasn't expected, as there are so many false positives that no-one ever looks at them anyway. - - Added HTML::Parser to the list of Perl modules installed by my ClamAV+SA package so it can be used separately from MailScanner, without needing MailScanner to be installed first. * Fixes * - - Added "report-type" MIME attribute to spam notification multipart/report messages as the RFC says it should be there, and this lacking caused a problem in a few email apps. Thanks for Georg@hackt.net for this. - - Added missing ", 0777" from mkdir call in internal TNEF code. - - Fixed startup problems reading rulesets from LDAP on first message batch. - - Subject lines are all MIME-decoded properly now. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ4CQuhH2WUcUFbZUEQK+IACg98Vx5e469WPAsT0sSdcaPRWgxEIAoM0S mchdiNGeHIMR92/+cVCQKSnN =GHb4 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Sun Nov 20 16:11:25 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:13 2006 Subject: MailScanner on freebsd Message-ID: I am going to explain my understanding of the MailScanner setup. Please reveiw and let me know if I'm understanding this correctly? When MailScanner.conf is configured, the following parameters should be set if I'm using sendmail on FreeBSD 5.4: #MTA used for the Gateway MTA=sendmail #Set how to invoke MTA when sending messages MailScanner has created (e.g. to sender/recipient saying "found a virus in your message"). This can also be the filename of a ruleset. sendmail=/usr/sbin/sendmail #Incoming mail queue directory for Sendmail Incoming Queue Directory=/var/spool/mqueue #Outgoing mail queue directory for Sendmail Outgoing Queue Directory=/var/spool/mqueue #Incoming Queue Directory for MailScanner /var/spool/MailScanner/incoming #Quarantine Directory for MailScanner /var/spool/MailScanner/quaratine System Startup should be as follows: 1) #Disable sendmail from loading at system startup modify /etc/rc.conf to disable sendmail load http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html Section 23.4.2.3 FreeBSD 5.0-STABLE and Later /etc/rc.conf sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" 2) #Load MailScanner at system startup. #Make sure mailscanner.sh file is located under /usr/local/etc/rc.d in order to load MailScannner process at startup. Mailscanner.sh should invoke sendmail and mailscanner process to start scanning/delivering mail. /usr/local/etc/rc.d/mailscanner.sh _________________________________ First Problem I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried everything. Sendmail still loads at startup??????? Second Problem Once system is completly loaded and sitting at the login prompt, I receive an error NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind address already in use I login, and run ps -ax (This is what I see) 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/client 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for /var/spool/mqueue 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for /var/spool/client 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local 614 ?? S 0:02.33 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner /usr/local Third Problem I run tail -f /var/log/maillog I will send test e-mails from the outside and watch sendmail receive and process incoming mail. Everyone receives e-mails from the outside, but mailscanner does not scan any messages. I will issue a mailq to view /var/spool/mqueue directory. Directory is always empty. I'm completely stumped here as to why Sendmail refuses to disable at startup and MailScanner refuses to scan e-mail messages!!!!! Any ideas???? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> BB 11/19/2005 12:38 AM >>> Don't know if they ever got the list fixed for my replies, so I'm doing it direct and through the list. Change /etc/rc.conf or /etc/defaults/rc.conf sendmail_enable=NONE Verify mailscanner is starting up with /usr/local/etc/rc.d/mailscanner .sh Think you need to manually create some of the directores. Verify MailScanner.conf for directories. tail -f /var/log/maillog will show you the details The only reason to rebuild sendmail.cf is to remove IPv6 stuff. I would use m4 macro for that. Webmin would be a good choice to use. # SMTP daemon options O DaemonPortOptions=Name=IPv4, Family=inet O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O O DaemonPortOptions=Port=587, Name=MSA, M=E -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From ugob at CAMO-ROUTE.COM Sun Nov 20 18:44:18 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:13 2006 Subject: mail not sent Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Meshbah Uddin Ahmed wrote: > HI, > > i m using postfix (2.1.5-9) + mailscanner (4.41.3-2) + > clamav in debian. It worked fine. > > Now a days, i m facing prb for sending mail. postfix > recvd mail, but didnt sent. every 7/8 mins later > mailscanner restarts automatically and that time mail > sends and within few secs again stops. during > restarting mailscanner the log shows- > > MailScanner: Commercial scanner clamav timed out! > MailScanner: Virus Scanning: ClamAV found 1 infections > MailScanner: Virus Scanning: Denial Of Service attack > detected! > MailScanner: MailScanner E-Mail Virus Scanner version > 4.41.3 starting... > MailScanner: Read 120 hostnames from the phishing > whitelist > MailScanner: Using locktype = flock > > another thing, i have checked by 'ps -ef' and found > postfix and mailscanner process running. > > when i run, > > # netstat -an | more > > tcp 0 0 0.0.0.0:25 0.0.0.0:* > LISTEN > tcp6 0 0 :::25 :::* > LISTEN > > here 25 is listen on tcp and tcp6 ports. i have > another mail server with same configuration, but there > only tcp port is listening, not tcp6. > > can u pls help me, where is my problem. how can i get > rid off here. > Try disabling clamAV and re-starting MailScanner... > > regards > meshbah > > > > > __________________________________ > Yahoo! FareChase: Search multiple travel sites in one click. > http://farechase.yahoo.com > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sun Nov 20 18:49:47 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:13 2006 Subject: MailScanner on freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > I am going to explain my understanding of the MailScanner setup. Please > reveiw and let me know if I'm understanding this correctly? > Have you taken a look at http://bio.fsu.edu/%7Esysalex/freebsd-mail-server_v5.htm -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Nov 18 17:13:15 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Peters spake the following on 11/17/2005 1:07 AM: > José Angel Blanco González wrote on 17-11-2005 9:06: > >>>I think maybe pop problem, but pop is necessary. Yes, we have some huge >>>mailboxes. I thought that the problem was with MAilScanner because of >>>swapping. Is there any solution for huge mailboxes?? > > > I worked on a mailscanner box that ran out of memory and it stopped > working because of the ammount of swapping he did. After a few reboots > (and waiting for the mirror to rebuild) we were able to pinpoint the > problem. It was with SpamAssassin. Some trace investigations showed the > box ran out of memory during the precompile of SpamAssassin. > > It happened also with a new version of SpamAssassin. The spamd test ran > out of memory. The system was a RedHat EL3 based system with a recently > updated glibc. After installing SA on a few other systems it showed EL4 > didn't have any problem. Disabling TLS on the EL3 boxes fixed the problem. > > -- > Peter Peters, senior beheerder (Security) > Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE) > Universiteit Twente, Postbus 217, 7500 AE Enschede > telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe The TLS libraries have been a source of many problems in the EL3 / Redhat 9 era of distros. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Sun Nov 20 21:02:40 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:13 2006 Subject: Clever Spammers, Anything to catch this? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Glenn Steen > Sent: Sunday, November 20, 2005 1:05 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MailScanner HIGHLY Probable Spam] Re: Clever Spammers, > Anything to catch this? > > > On 20/11/05, Rick Cooper wrote: > > I have also sent this to the SpamAssassin List but thought I > would post here > > as well. > > > > I have noted there are a lot of spams getting through that are > using
> > tags and spelling the drug workds in columns top to bottom then move a > > column right and repeat. An example would be [...] > Both Jules and Matt Kettler posted some rules that I think are aimed > at these.... And at least some get taged by them (@work). Posted just > the other day, so take a look through the relatively recent archives. > I tried those and Jules's didn't hit at all, Matt's hit one of seven drugs listed in the email, one of four that they were designed to hit. I changed Matt's rules a bit (changed all the \s to \s? ) and added a rule and hit all of the drugs listed. I also converted to meta rule so I could assign a score based on how many hits 4,3, 2 or 1 to lessen the possibility of false positives when I want to drop at SMTP. I attached a copy of the changes I made to Matt's rules and it also includes my own rule. My own rule doesn't care about the words just the methodology used. I didn't get any FPs with the latest SA public Corpus BTW. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "DIVSpellRules.cf") 8.3KB. ] [ Unable to print this part. ] From ssilva at SGVWATER.COM Fri Nov 18 18:23:20 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:13 2006 Subject: Memory use Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I detect slow performance when sometimes the machine stops responding > imap and pop connections. I think the preoblem is slow disk read/write > operations. > Some user have shared accounts and maintain a server copy, but they > download the mayl by pop, I think they must use imap > If they want shared accounts, or access from multiple computers, then IMAP is your best bet. Server storage will go up, but speed is much better, especially with a newer OS and either Courier IMAP or Dovecot. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Nov 18 19:21:23 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:13 2006 Subject: Bayes Scores Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Information Services spake the following on 11/17/2005 8:11 AM: > I am running MailScanner-4.47.4-2 and SA 3.1.0 and RDJ with: > > TRUSTED_RULESETS="TRIPWIRE ANTIDRUG EVILNUMBERS BLACKLIST_URI RANDOMVAL > BOGUSVIRUS SARE_ADULT SARE_FRAUD SARE_BML SARE_RATWARE SARE_SPOOF > SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER_ABUSE > SARE_SPECIFIC SARE_CODING_HTML SARE_GENLSUBJ SARE_UNSUB SARE_URI0 > SARE_REDIRECT_POST300" > > Lately I have been noticed that my Bayes Scores seem to be letting spam > through. I have been seeing a lot of negative Bayes Scores on obvious > spam. I have read through the mailscanner archives, and have read that > I should manually feed Bayes spam in order to get better results. Not > really sure on how to do this. Also, I saw a post that said I should > manipulate the Bayes scores, but the follow up post said it was a bad > idea b/c it would mess up SA scores. Here is a message that came > through today that should have been tagged as spam, but as you can see > from the log it was sent through clean. > > Nov 17 09:00:50 wks-lin12 sendmail[1318]: jAHF0fQv001318: from=>, size=1137, class=0, nrcpts=1, msgid=< > BAY10-F236A1BA552DC2A6434D6D0B3200@BoarderMail.com >, proto=SMTP, daemon=MTA, relay=[222.69.251.4 ] > Nov 17 09:00:53 wks-lin12 MailScanner[16837]: Saved archive copies of jAHF0krZ001312 jAHF0fQv001318 > > Nov 17 09:01:06 wks-lin12 MailScanner[16837]: Message jAHF0fQv001318 from 222.69.251.4 (oznydq@yeah.net ) to lovebox.com > is not spam, SpamAssassin (score=-0.133, required 3, ALL_TRUSTED -1.80, BAYES_50 0.00, MSGID_FROM_MTA_HEADER 0.00, SARE_RECV_IP_222064 1.67) > > MailScanner log shows: > > Header: > > Return-Path: <�g> > Received: from 67.64.17.166 ([222.69.251.4 > ]) > by mail.lovebox.com (8.13.4/8.13.4) with > SMTP id jAHF0fQv001318 > for >; Thu, 17 Nov > 2005 09:00:47 -0600 > Return-Path: > > Received: from Bolt-fe3.Bolt.com > (mail.Bolt-fe3 [216.74.152.11 ]) > by be3 (Cyrus v2.2.10) with LMTPA; > Thu, 17 Nov 2005 11:54:40 -0300 > X-Sieve: CMU Sieve 2.2 > Message-ID: > > Received: from 222.69.251.4 by > by10fd.bay10.BoarderMail.com with > HTTP; > Thu, 17 Nov 2005 16:00:40 +0100 > X-Originating-IP: [222.69.251.4 ] > X-Originating-Email: [AlexanderKing@BoarderMail.com > ] > X-Sender: AlexanderKing@BoarderMail.com > > From: "College Registration [Llittle]" > > To: llittle@lovebox.com > Subject: Major Loop hole > Date: Thu, 17 Nov 2005 16:52:40 +0200 > Mime-Version: 1.0 > Content-Type: text/plain > > Spam Report > -1.80 ALL_TRUSTED Did not pass through any untrusted hosts > 0.00 BAYES_50 Bayesian spam probability is 40 to 60% > 0.00 MSGID_FROM_MTA_HEADER Message-Id was added by a relay > 1.67 SARE_RECV_IP_222064 Spam passed through possible spammer relay > > So, how do I get Bayes to give more accurate scores, and if it is by > manually feeding it spam, what do I need to do to accomplish this task? > > Your biggest problem is with the "ALL_TRUSTED" settings in spamassassin. It subtracted 1.8 points because spamassassin is having problems determining your local network configuration. You either need to fix the configuration for spamassassin or set the score to 0 until you can fix it. Look at http://wiki.apache.org/spamassassin/TrustPath -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Nov 18 18:55:40 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:13 2006 Subject: Slightly OT: Using ISP's DNS server as forwarder with local caching dns server Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I was reading Sendmail's bat book and it was saying that it was better to use a "busy" DNS server, to make sure the entries don't time out. I run a caching name server (redhat's package, using bind) and I was wondering if I could get a benefit of having my ISP's DNS server as a forwarder. From what I can understand, the forwarder will be used if my local server does not have the answer in the cache. If my ISP has the entry in cache, it would be faster to retrieve it this way than doing the whole query by my local server. Any opinions? Is that actually possible with the redhat package+edits or I'd need to configure bind manually to set the caching+forwarders to avoid conflicts? Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Nov 18 19:44:59 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:13 2006 Subject: Lists down? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Raymond Dijkxhoorn spake the following on 11/18/2005 3:02 AM: > Hi! > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> I'm getting no traffic through my mailing list today at all? It's >> highly unlikely that no-one in the entire MailScanner community has >> anything to say. >> >> Can you check your systems please? > > > :) > > Seems to work just fine. You should implement more bugs, so people have > to be here more often. > > Bye, > Raymond. > There not bugs! They are undocumented features! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Nov 20 21:40:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:13 2006 Subject: Clever Spammers, Anything to catch this? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] >I tried those and Jules's didn't hit at all, Matt's hit one of seven drugs >listed in the email, one of four that they were designed to hit. I changed >Matt's rules a bit (changed all the \s to \s? ) and added a rule and hit all >of the drugs listed. I also converted to meta rule so I could assign a score >based on how many hits 4,3, 2 or 1 to lessen the possibility of false >positives when I want to drop at SMTP. > > Shame mine didn't work. I was quite pleased with the implementation, the rule was quite succinct. It hit a couple I tried it on, but I guess the spammers didn't take that path. Guess I'll leave writing rules to others in the future, not much point writing code if it doesn't do anything useful :-) -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Nov 18 21:34:21 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:13 2006 Subject: Spam scores in headers Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Borders spake the following on 11/18/2005 1:17 PM: > Matt Kettler wrote: > >> Richard Edge wrote: >> >> >>> I am running MailScanner 4.47.4, SA 3.01 >> >> >> Warning: 3.0.1 is subject to a remote DoS vulnerability in its mime >> decoder. Any >> spammer can exploit this by sending you malformed messages. > > This is the SA that is being distributed with the MailScanner RPM > version. I too have the SA 3.01 running. How easy is it to migrate SA to > the 3.1 version? I'm a bit leary at first glance, knowing how it's been > integrated with MailScanner, and all the config files that may get over > written accidentally. > > If you look at the MailScanner website, the current install package for spamassassin is 3.1.0 and clamav 0.87.1. http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/install-Clam-SA.tar.gz > -- > This transmission may contain information that is privileged, confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. Thank you. > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sun Nov 20 22:51:26 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:13 2006 Subject: Slightly OT: Using ISP's DNS server as forwarder with local caching dns server Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Friday, November 18, 2005 1:56 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Slightly OT: Using ISP's DNS server as forwarder with local > caching dns server > > Hi, > > I was reading Sendmail's bat book and it was saying that it was > better > to use a "busy" DNS server, to make sure the entries don't time out. > If you're running SpamAssassin whichever name server you're using is a very "busy DNS server" :) > I run a caching name server (redhat's package, using bind) and I was > wondering if I could get a benefit of having my ISP's DNS server as a > forwarder. From what I can understand, the forwarder will be used if my > local server does not have the answer in the cache. If my ISP has the > entry in cache, it would be faster to retrieve it this way than doing > the whole query by my local server. > > Any opinions? Is that actually possible with the redhat > package+edits > or I'd need to configure bind manually to set the caching+forwarders to > avoid conflicts? > > Regards, > -- > Ugo > Ugo, Red Hat's standard named.conf's includes these lines at the top: options { directory "/var/named"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; // forwarders { // 111.111.111.15; // 111.111.111.17; // }; }; The lines which call the forwarder in the snippet above are commented out with the "//"s. You can change these to match your forwarder's IP address, uncomment the lines, restart named (or nscd). Do check to make sure named or nscd is working after your edits! I've thought about this a bit and tried different approaches over the years and I'm not convinced that adding forwarders on a system that's using SpamAssassin is an absolute plus. I believe that using nscd, or better, running a name server on the gateway is a good idea but I can easily be corrected if someone can offer some logic to prove their point. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at YAHOO.COM Sun Nov 20 23:51:32 2005 From: micoots at YAHOO.COM (Michael Mansour) Date: Thu Jan 12 21:31:13 2006 Subject: Spam Actions ruleset doesn't seem to work Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Last month or so I asked how to get the spam.actions.rules setup so that messages for particular users or domains that are known to be spam are auto-deleted. After some excellent answers, I then created my ruleset for: spam.actions.rules high.scoring.spam.actions.rules Which are of the following format (identical contents for each file): FromOrTo: *@domain.com delete FromOrTo: default deliver When delivered, the emails are tagged with the "{Spam?}" tag. My problem is, I still get emails tagged with "{Spam?}" delivered, even though looking at the maillog it shows action is to "delete". My MailScanner.conf contains: Spam Actions = %rules-dir%/spam.actions.rules High Scoring Spam Actions = %rules-dir%/high.scoring.spam.actions.rules I'm using MailScanner 4.47.4-1 on Fedora Core. Is there any advice anyone can give as to what to check or how to make this work? Thanks. Michael. ____________________________________________________ Do you Yahoo!? The New Yahoo! Movies: Check out the Latest Trailers, Premiere Photos and full Actor Database. http://au.movies.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Nov 21 00:48:16 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:13 2006 Subject: Clever Spammers, Anything to catch this? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Sunday, November 20, 2005 4:40 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Clever Spammers, Anything to catch this? > > > >I tried those and Jules's didn't hit at all, Matt's hit one of > seven drugs > >listed in the email, one of four that they were designed to hit. > I changed > >Matt's rules a bit (changed all the \s to \s? ) and added a rule > and hit all > >of the drugs listed. I also converted to meta rule so I could > assign a score > >based on how many hits 4,3, 2 or 1 to lessen the possibility of false > >positives when I want to drop at SMTP. > > > > > Shame mine didn't work. I was quite pleased with the implementation, the > rule was quite succinct. It hit a couple I tried it on, but I guess the > spammers didn't take that path. > > Guess I'll leave writing rules to others in the future, not much point > writing code if it doesn't do anything useful :-) I would think it more likely mutated a bit. The concept is a bit frightening because it wouldn't be too hard to add other obfuscation techniques to the DIV crap . It really seem to me the best way to catch it would be with a multi-line match so you could look for a pattern of
X
in a
section, but unless I missed something even the latest SA doesn't allow that. :-( Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Mon Nov 21 08:59:10 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:13 2006 Subject: Clever Spammers, Anything to catch this? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 20/11/05, Rick Cooper wrote: (snip) > I attached a copy of the changes I made to Matt's rules and it also includes > my own rule. My own rule doesn't care about the words just the methodology > used. I didn't get any FPs with the latest SA public Corpus BTW. > Thanks, will drop them into place and see what happens... (If they work out well, at least my PHB will be ecstatic... Probably me too:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Mon Nov 21 13:45:23 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:13 2006 Subject: MailScanner on freebsd Message-ID: Couldn't download any of your sample files. None of the links to your files work. From ugob at CAMO-ROUTE.COM Mon Nov 21 14:17:59 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:13 2006 Subject: MailScanner on freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > Couldn't download any of your sample files. None of the links to your > files work. Looking a the links, I'm not surprised. The way you are quoting is making it very hard to follow. Please avoid having private discussions while using a public mailing list and don't top-post. > > From the command line, if I issue sendmail -v root I receive this error, > > root....connecting to [127.0.0.1] via relay > root....Deferred: Connection refused by [127.0.0.1] Is sendmail running? On what port/IP is it running on? > > What files do I need to modify under /etc/mail? > Are you familiar with Sendmail or other MTAs? Regards, Ugo > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> BB 11/20/2005 9:38 PM >>> > Marc, > > I have attached working sendmail.mc and > sendmail.cffiles along with /etc/rc.conf startup. > There are a number of things in the > rc.conf that you don't need just use the sendmail portion for examples. > BTW > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf does > not > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > The first thing is to get a working copy of sendmail running. Make > your > edits to /etc/rc.conf with the examples sent. > > Copy sendmail.cf /etc/mail > > Verify no sendmail processes are running and if they are kill the pid > of > them. Verify again they are gone. > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > sendmail. > Send your self a test message from the MTA level - > > sendmail -v root > This should send a test mesage to root with no subject and undisclosed > recipients. Thats fine all we want to know is if sendmail is running. > Its > also a good test to check the header files. > > If its working thats great, move on to MailScanner. I've included a > working > copy of a mailscanner.conf file. There are some things configured that > you > might not be using, but all the directores are in place and are set to > defaults. > > Virus scanners set to none if not using (I'm using three) > Spamassassin set to no if not using (I'm using 3.1.0_3) > Uncomment the whitlist and blacklist file rules, I'm using > SQLblacklist/whitelists > > I've included another file called directories.needed. Just run, it > will > create them if they don't exist > > This should be enough to get you going. Remember you need to get > sendmail > running first. I didn't or never have used the Makefile included with > the > distribution. I use the m4 macro on the configuration file *.mc or just > use > webmin. Its in the ports or can be downloaded from > webmin.com > . > > It does not make sense to me why sendmail is running if it is marked > to > "NONE". If that dosen't do it mark the first instance with NONE and all > the > others with NO > > BTW: There is also a nice webmin modual for MailScanner. Once setup > things > don't change much other then whitelists/blacklists. The latest version > of > mailwatch can do this hence > > Is Definitely Not Spam = &SQLWhitelist > Is Definitely Spam = &SQLBlacklist > > > Hang on for the ride... > > > > On 11/20/05, Marc Dufresne wrote: >> I am going to explain my understanding of the MailScanner setup. > Please >> reveiw and let me know if I'm understanding this correctly? >> >> When MailScanner.conf is configured, the following parameters should > be >> set if I'm using sendmail on FreeBSD 5.4: >> >> #MTA used for the Gateway >> MTA=sendmail >> >> #Set how to invoke MTA when sending messages MailScanner has created >> (e.g. to sender/recipient saying "found a virus in your message"). > This >> can also be the filename of a ruleset. >> sendmail=/usr/sbin/sendmail >> >> #Incoming mail queue directory for Sendmail >> Incoming Queue Directory=/var/spool/mqueue >> >> #Outgoing mail queue directory for Sendmail >> Outgoing Queue Directory=/var/spool/mqueue >> >> #Incoming Queue Directory for MailScanner >> /var/spool/MailScanner/incoming >> >> #Quarantine Directory for MailScanner >> /var/spool/MailScanner/quaratine >> >> System Startup should be as follows: >> >> 1) #Disable sendmail from loading at system startup >> modify /etc/rc.conf to disable sendmail load >> >> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > >> >> Section 23.4.2.3 FreeBSD 5.0-STABLE and Later >> >> /etc/rc.conf >> >> sendmail_enable="NO" >> sendmail_submit_enable="NO" >> sendmail_outbound_enable="NO" >> sendmail_msp_queue_enable="NO" >> >> 2) #Load MailScanner at system startup. >> #Make sure mailscanner.sh file is located under /usr/local/etc/rc.d >> in order to load MailScannner process at startup. Mailscanner.sh > should >> invoke sendmail and mailscanner process to start scanning/delivering >> mail. >> >> /usr/local/etc/rc.d/mailscanner.sh >> _________________________________ >> >> First Problem >> >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried >> everything. Sendmail still loads at startup??????? >> >> Second Problem >> >> Once system is completly loaded and sitting at the login prompt, I >> receive an error >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind >> address already in use >> >> I login, and run ps -ax (This is what I see) >> >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for >> /var/spool/client >> >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> /var/spool/mqueue >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> /var/spool/client >> >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl >> -I/usr/local/lib/MailScanner /usr/local >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> >> Third Problem >> >> I run tail -f /var/log/maillog >> >> I will send test e-mails from the outside and watch sendmail receive >> and process incoming mail. Everyone receives e-mails from the > outside, >> but mailscanner does not scan any messages. >> >> I will issue a mailq to view /var/spool/mqueue directory. Directory > is >> always empty. >> >> I'm completely stumped here as to why Sendmail refuses to disable at >> startup and MailScanner refuses to scan e-mail messages!!!!! >> >> Any ideas???? >> >> >> Marc Dufresne, Corporate IT Officer >> St. Lawrence Parks Commission >> 13740 County Road 2 >> Morrisburg, ON K0C 1X0 >> >> E-mail: Marc.Dufresne@parks.on.ca >> Voice: 613-543-3704 Ext#2455 >> Fax: 613-543-2847 >> Corporate website: www.parks.on.ca >> >>>>> BB 11/19/2005 12:38 AM >>> >> Don't know if they ever got the list fixed for my replies, so I'm > doing >> it >> direct and through the list. >> >> Change /etc/rc.conf or /etc/defaults/rc.conf >> sendmail_enable=NONE >> >> Verify mailscanner is starting up with > /usr/local/etc/rc.d/mailscanner >> .sh >> >> Think you need to manually create some of the directores. Verify >> MailScanner.conf for directories. >> >> tail -f /var/log/maillog will show you the details >> >> The only reason to rebuild sendmail.cf > >> is to >> remove >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good >> choice to >> use. >> >> # SMTP daemon options >> >> O DaemonPortOptions=Name=IPv4, Family=inet >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O >> O DaemonPortOptions=Port=587, Name=MSA, M=E >> >> >> -- >> ACK and you shall receive >> >> >> > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 21 14:55:15 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:13 2006 Subject: Off topic: Roundhouse Message-ID: This is a bit off topic but I've found a new tool that is exceptionally handy for testing and I'm sure some of you will be able to use to too. Besides the list is so quiet these days that if there aren't some messages sent a few times a day, we start getting all those "is the list down??" messages :) Anthony Howe has released a free beta of Roundhouse. I quote from the web site: "Roundhouse is an SMTP multiplexer, which takes the input from an SMTP client connection and copies it to one or more SMTP servers. Intended as means to debug and test different mail server configurations using a production mail server's live data stream." It couldn't be simpler to install and run. Just Download and compile, carefully following the instructions on the web site. Note that for sendmail you will need to have the sendmail-devel rpm installed (just the same as compiling milters). Roundhouse runs on port 25 so once Roundhouse is installed you'll need to modify the MailScanner init script to listen on port 26. For sendmail this is as easy as changing: $SENDMAIL -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID to: $SENDMAIL -bd -OPrivacyOptions=noetrn \ -ODeliveryMode=queueonly \ -ODaemonPortOptions=Port=26 \ -OQueueDirectory=$INQDIR \ -OPidFile=$INPID To use Roundhouse without duplexing the conversation simply: 1. Stop MailScanner 2. Modify the MailScanner Init script 3. Start Roundhouse to simply converse with port 26: /usr/local/sbin/roundhouse localhost,26 4. Start Mailscanner Any time you want to send a duplicate email stream to a test system: 1. Stop Roundhouse 2. Restart Roundhouse configured to send a duplicate conversation to the test system: /usr/local/sbin/roundhouse localhost,26 test.local.domain,25 That's all there is to it. We leave Roundhouse running on our spamtrap gateway and it seems to have no impact on performance but it's had a big impact on how easy it is to send real world messages to our test systems or to new pre-production servers on client's sites. Don't forget if you do use Roundhouse, send some feed back, pro or con, to Anthony. He's trying to get a thorough testing cycle finished so he can make a production release. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From max at KIPNESS.COM Mon Nov 21 15:34:10 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:31:13 2006 Subject: No Report Template Found Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello - I'm trying to run some tests to see if my SA rules are working right. When I run the following: spamassassin -t /home/***/mail/SpamStudy I get a full report at the bottom as such: Content analysis details: (8.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.1 SARE_RECV_IP_061190 Spam passed through possible spammer relay 0.1 DATE_IN_PAST_24_48 Date: is 24 to 48 hours before Received: date 2.4 SARE_SPEC_XXGEOCITIES URI: spamsign pointing to free webhost spam site 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] But when I run the command as below, I do not get the report, but rather at the end get a "No Report Template Found" message. spamassassin -C /etc/MailScanner/spam.assassin.prefs.conf -t /home/***/mail/SpamStudy Is this the correct way to run the test since I am using MailScanner? Isn't the default location of the spamassassin config /etc/mail/spamassassin/local.cf? This file only has two lines in it. The above email tested subsequently got through MailScanner without hitting the above rules, so now I'm wondering if there is something wrong with my spam.assassin.prefs.conf file. Thanks, Max ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Mon Nov 21 15:57:27 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:14 2006 Subject: MailScanner on freebsd Message-ID: My apologies for the private discussions. Didn't realize I posted to the forum. Sendmail is running on port 25. Sendmail is acting as a Relay for my domain. I have no problem sending/receiving internet e-mail. The two problems I am having are: 1- MailScanner doesn't seem to be scanning inbound mail. 2- local mail sent to root and postmaster is not being delivered. The /var/spool/clientmqueue is backing up with e-mails sent to root and postmaster. Here's what /var/spool/maillog is saying mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, delay=10:33:28, xdelay=00:00:00, mailer=relay, pri=1023910, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1] I issued the command sendmail -v root >> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> Marc Dufresne wrote: > Couldn't download any of your sample files. None of the links to your > files work. Looking a the links, I'm not surprised. The way you are quoting is making it very hard to follow. Please avoid having private discussions while using a public mailing list and don't top-post. > > From the command line, if I issue sendmail -v root I receive this error, > > root....connecting to [127.0.0.1] via relay > root....Deferred: Connection refused by [127.0.0.1] Is sendmail running? On what port/IP is it running on? > > What files do I need to modify under /etc/mail? > Are you familiar with Sendmail or other MTAs? Regards, Ugo > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> BB 11/20/2005 9:38 PM >>> > Marc, > > I have attached working sendmail.mc and > sendmail.cffiles along with /etc/rc.conf startup. > There are a number of things in the > rc.conf that you don't need just use the sendmail portion for examples. > BTW > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf does > not > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > The first thing is to get a working copy of sendmail running. Make > your > edits to /etc/rc.conf with the examples sent. > > Copy sendmail.cf /etc/mail > > Verify no sendmail processes are running and if they are kill the pid > of > them. Verify again they are gone. > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > sendmail. > Send your self a test message from the MTA level - > > sendmail -v root > This should send a test mesage to root with no subject and undisclosed > recipients. Thats fine all we want to know is if sendmail is running. > Its > also a good test to check the header files. > > If its working thats great, move on to MailScanner. I've included a > working > copy of a mailscanner.conf file. There are some things configured that > you > might not be using, but all the directores are in place and are set to > defaults. > > Virus scanners set to none if not using (I'm using three) > Spamassassin set to no if not using (I'm using 3.1.0_3) > Uncomment the whitlist and blacklist file rules, I'm using > SQLblacklist/whitelists > > I've included another file called directories.needed. Just run, it > will > create them if they don't exist > > This should be enough to get you going. Remember you need to get > sendmail > running first. I didn't or never have used the Makefile included with > the > distribution. I use the m4 macro on the configuration file *.mc or just > use > webmin. Its in the ports or can be downloaded from > webmin.com > . > > It does not make sense to me why sendmail is running if it is marked > to > "NONE". If that dosen't do it mark the first instance with NONE and all > the > others with NO > > BTW: There is also a nice webmin modual for MailScanner. Once setup > things > don't change much other then whitelists/blacklists. The latest version > of > mailwatch can do this hence > > Is Definitely Not Spam = &SQLWhitelist > Is Definitely Spam = &SQLBlacklist > > > Hang on for the ride... > > > > On 11/20/05, Marc Dufresne wrote: >> I am going to explain my understanding of the MailScanner setup. > Please >> reveiw and let me know if I'm understanding this correctly? >> >> When MailScanner.conf is configured, the following parameters should > be >> set if I'm using sendmail on FreeBSD 5.4: >> >> #MTA used for the Gateway >> MTA=sendmail >> >> #Set how to invoke MTA when sending messages MailScanner has created >> (e.g. to sender/recipient saying "found a virus in your message"). > This >> can also be the filename of a ruleset. >> sendmail=/usr/sbin/sendmail >> >> #Incoming mail queue directory for Sendmail >> Incoming Queue Directory=/var/spool/mqueue >> >> #Outgoing mail queue directory for Sendmail >> Outgoing Queue Directory=/var/spool/mqueue >> >> #Incoming Queue Directory for MailScanner >> /var/spool/MailScanner/incoming >> >> #Quarantine Directory for MailScanner >> /var/spool/MailScanner/quaratine >> >> System Startup should be as follows: >> >> 1) #Disable sendmail from loading at system startup >> modify /etc/rc.conf to disable sendmail load >> >> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > >> >> Section 23.4.2.3 FreeBSD 5.0-STABLE and Later >> >> /etc/rc.conf >> >> sendmail_enable="NO" >> sendmail_submit_enable="NO" >> sendmail_outbound_enable="NO" >> sendmail_msp_queue_enable="NO" >> >> 2) #Load MailScanner at system startup. >> #Make sure mailscanner.sh file is located under /usr/local/etc/rc.d >> in order to load MailScannner process at startup. Mailscanner.sh > should >> invoke sendmail and mailscanner process to start scanning/delivering >> mail. >> >> /usr/local/etc/rc.d/mailscanner.sh >> _________________________________ >> >> First Problem >> >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried >> everything. Sendmail still loads at startup??????? >> >> Second Problem >> >> Once system is completly loaded and sitting at the login prompt, I >> receive an error >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind >> address already in use >> >> I login, and run ps -ax (This is what I see) >> >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for >> /var/spool/client >> >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> /var/spool/mqueue >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> /var/spool/client >> >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl >> -I/usr/local/lib/MailScanner /usr/local >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> >> Third Problem >> >> I run tail -f /var/log/maillog >> >> I will send test e-mails from the outside and watch sendmail receive >> and process incoming mail. Everyone receives e-mails from the > outside, >> but mailscanner does not scan any messages. >> >> I will issue a mailq to view /var/spool/mqueue directory. Directory > is >> always empty. >> >> I'm completely stumped here as to why Sendmail refuses to disable at >> startup and MailScanner refuses to scan e-mail messages!!!!! >> >> Any ideas???? >> >> >> Marc Dufresne, Corporate IT Officer >> St. Lawrence Parks Commission >> 13740 County Road 2 >> Morrisburg, ON K0C 1X0 >> >> E-mail: Marc.Dufresne@parks.on.ca >> Voice: 613-543-3704 Ext#2455 >> Fax: 613-543-2847 >> Corporate website: www.parks.on.ca >> >>>>> BB 11/19/2005 12:38 AM >>> >> Don't know if they ever got the list fixed for my replies, so I'm > doing >> it >> direct and through the list. >> >> Change /etc/rc.conf or /etc/defaults/rc.conf >> sendmail_enable=NONE >> >> Verify mailscanner is starting up with > /usr/local/etc/rc.d/mailscanner >> .sh >> >> Think you need to manually create some of the directores. Verify >> MailScanner.conf for directories. >> >> tail -f /var/log/maillog will show you the details >> >> The only reason to rebuild sendmail.cf > >> is to >> remove >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good >> choice to >> use. >> >> # SMTP daemon options >> >> O DaemonPortOptions=Name=IPv4, Family=inet >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O >> O DaemonPortOptions=Port=587, Name=MSA, M=E >> >> >> -- >> ACK and you shall receive >> >> >> > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION:2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From max at KIPNESS.COM Mon Nov 21 16:24:02 2005 From: max at KIPNESS.COM (Max Kipness) Date: Thu Jan 12 21:31:14 2006 Subject: No Report Template Found [Figured Out] Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, figured out that I had my config file specified wrong. Max > Hello - > > I'm trying to run some tests to see if my SA rules are working right. > > When I run the following: > > spamassassin -t /home/***/mail/SpamStudy > > I get a full report at the bottom as such: > > Content analysis details: (8.4 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 1.1 SARE_RECV_IP_061190 Spam passed through possible spammer relay > 0.1 DATE_IN_PAST_24_48 Date: is 24 to 48 hours before Received: date > 2.4 SARE_SPEC_XXGEOCITIES URI: spamsign pointing to free webhost spam > site > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 1.0000] > 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > ] > > > But when I run the command as below, I do not get the report, but rather > at the end get a "No Report Template Found" message. > > spamassassin -C /etc/MailScanner/spam.assassin.prefs.conf -t > /home/***/mail/SpamStudy > > Is this the correct way to run the test since I am using MailScanner? > Isn't the default location of the spamassassin config > /etc/mail/spamassassin/local.cf? This file only has two lines in it. > > The above email tested subsequently got through MailScanner without > hitting the above rules, so now I'm wondering if there is something wrong > with my spam.assassin.prefs.conf file. > > Thanks, > Max > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at GMAIL.COM Mon Nov 21 16:26:02 2005 From: brent.bolin at GMAIL.COM (BB) Date: Thu Jan 12 21:31:14 2006 Subject: MailScanner on freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't care about private discussions. The list exiled me when I called someone a "Dipswitch". Pretty harsh words ya think ? Do you show this? # ps auxwww|grep sendmail root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting connections (sendmail) root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail Sounds to me like your sendmail submit isn't running. Also attaching a valid submit.cf file Make sure your using both the sendmail.cf and submit files I'm sending you. On 11/21/05, Marc Dufresne wrote: My apologies for the private discussions. Didn't realize I posted to the forum. Sendmail is running on port 25. Sendmail is acting as a Relay for my domain. I have no problem sending/receiving internet e-mail. The two problems I am having are: 1- MailScanner doesn't seem to be scanning inbound mail. 2- local mail sent to root and postmaster is not being delivered. The /var/spool/clientmqueue is backing up with e-mails sent to root and postmaster. Here's what /var/spool/maillog is saying mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, delay=10:33:28, xdelay=00:00:00, mailer=relay, pri=1023910, relay=[numericlinkwarning 127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [numericlinkwarning 127.0.0.1] I issued the command sendmail -v root >> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> Marc Dufresne wrote: > Couldn't download any of your sample files. None of the links to your > files work. Looking a the links, I'm not surprised. The way you are quoting is making it very hard to follow. Please avoid having private discussions while using a public mailing list and don't top-post. > > From the command line, if I issue sendmail -v root I receive this error, > > root....connecting to [numericlinkwarning 127.0.0.1] via relay > root....Deferred: Connection refused by [numericlinkwarning 127.0.0.1] Is sendmail running? On what port/IP is it running on? > > What files do I need to modify under /etc/mail? > Are you familiar with Sendmail or other MTAs? Regards, Ugo > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> BB 11/20/2005 9:38 PM >>> > Marc, > > I have attached working sendmail.mc and > sendmail.cffiles along with /etc/rc.conf startup. > There are a number of things in the > rc.conf that you don't need just use the sendmail portion for examples. > BTW > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf does > not > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > The first thing is to get a working copy of sendmail running. Make > your > edits to /etc/rc.conf with the examples sent. > > Copy sendmail.cf /etc/mail > > Verify no sendmail processes are running and if they are kill the pid > of > them. Verify again they are gone. > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > sendmail. > Send your self a test message from the MTA level - > > sendmail -v root > This should send a test mesage to root with no subject and undisclosed > recipients. Thats fine all we want to know is if sendmail is running. > Its > also a good test to check the header files. > > If its working thats great, move on to MailScanner. I've included a > working > copy of a mailscanner.conf file. There are some things configured that > you > might not be using, but all the directores are in place and are set to > defaults. > > Virus scanners set to none if not using (I'm using three) > Spamassassin set to no if not using (I'm using 3.1.0_3) > Uncomment the whitlist and blacklist file rules, I'm using > SQLblacklist/whitelists > > I've included another file called directories.needed. Just run, it > will > create them if they don't exist > > This should be enough to get you going. Remember you need to get > sendmail > running first. I didn't or never have used the Makefile included with > the > distribution. I use the m4 macro on the configuration file *.mc or just > use > webmin. Its in the ports or can be downloaded from > webmin.com > . > > It does not make sense to me why sendmail is running if it is marked > to > "NONE". If that dosen't do it mark the first instance with NONE and all > the > others with NO > > BTW: There is also a nice webmin modual for MailScanner. Once setup > things > don't change much other then whitelists/blacklists. The latest version > of > mailwatch can do this hence > > Is Definitely Not Spam = &SQLWhitelist > Is Definitely Spam = &SQLBlacklist > > > Hang on for the ride... > > > > On 11/20/05, Marc Dufresne wrote: >> I am going to explain my understanding of the MailScanner setup. > Please >> reveiw and let me know if I'm understanding this correctly? >> >> When MailScanner.conf is configured, the following parameters should > be >> set if I'm using sendmail on FreeBSD 5.4: >> >> #MTA used for the Gateway >> MTA=sendmail >> >> #Set how to invoke MTA when sending messages MailScanner has created >> (e.g. to sender/recipient saying "found a virus in your message"). > This >> can also be the filename of a ruleset. >> sendmail=/usr/sbin/sendmail >> >> #Incoming mail queue directory for Sendmail >> Incoming Queue Directory=/var/spool/mqueue >> >> #Outgoing mail queue directory for Sendmail >> Outgoing Queue Directory=/var/spool/mqueue >> >> #Incoming Queue Directory for MailScanner >> /var/spool/MailScanner/incoming >> >> #Quarantine Directory for MailScanner >> /var/spool/MailScanner/quaratine >> >> System Startup should be as follows: >> >> 1) #Disable sendmail from loading at system startup >> modify /etc/rc.conf to disable sendmail load >> >> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > >> >> Section numericlinkwarning 23.4.2.3 FreeBSD 5.0-STABLE and Later >> >> /etc/rc.conf >> >> sendmail_enable="NO" >> sendmail_submit_enable="NO" >> sendmail_outbound_enable="NO" >> sendmail_msp_queue_enable="NO" >> >> 2) #Load MailScanner at system startup. >> #Make sure mailscanner.sh file is located under /usr/local/etc/rc.d >> in order to load MailScannner process at startup. Mailscanner.sh > should >> invoke sendmail and mailscanner process to start scanning/delivering >> mail. >> >> /usr/local/etc/rc.d/mailscanner.sh >> _________________________________ >> >> First Problem >> >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried >> everything. Sendmail still loads at startup??????? >> >> Second Problem >> >> Once system is completly loaded and sitting at the login prompt, I >> receive an error >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind >> address already in use >> >> I login, and run ps -ax (This is what I see) >> >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for >> /var/spool/client >> >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> /var/spool/mqueue >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> /var/spool/client >> >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local 614 ?? S 0: 02.33 /usr/bin/perl >> -I/usr/local/lib/MailScanner /usr/local >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner >> /usr/local >> >> Third Problem >> >> I run tail -f /var/log/maillog >> >> I will send test e-mails from the outside and watch sendmail receive >> and process incoming mail. Everyone receives e-mails from the > outside, >> but mailscanner does not scan any messages. >> >> I will issue a mailq to view /var/spool/mqueue directory. Directory > is >> always empty. >> >> I'm completely stumped here as to why Sendmail refuses to disable at >> startup and MailScanner refuses to scan e-mail messages!!!!! >> >> Any ideas???? >> >> >> Marc Dufresne, Corporate IT Officer >> St. Lawrence Parks Commission >> 13740 County Road 2 >> Morrisburg, ON K0C 1X0 >> >> E-mail: Marc.Dufresne@parks.on.ca >> Voice: 613-543-3704 Ext#2455 >> Fax: 613-543-2847 >> Corporate website: www.parks.on.ca >> >>>>> BB < brent.bolin@gmail.com> 11/19/2005 12:38 AM >>> >> Don't know if they ever got the list fixed for my replies, so I'm > doing >> it >> direct and through the list. >> >> Change /etc/rc.conf or /etc/defaults/rc.conf >> sendmail_enable=NONE >> >> Verify mailscanner is starting up with > /usr/local/etc/rc.d/mailscanner >> .sh >> >> Think you need to manually create some of the directores. Verify >> MailScanner.conf for directories. >> >> tail -f /var/log/maillog will show you the details >> >> The only reason to rebuild sendmail.cf > >> is to >> remove >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good >> choice to >> use. >> >> # SMTP daemon options >> >> O DaemonPortOptions=Name=IPv4, Family=inet >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O >> O DaemonPortOptions=Port=587, Name=MSA, M=E >> >> >> -- >> ACK and you shall receive >> >> >> > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). > > Support MailScanner development - buy the book off the website! > > > ------------------------------------------------------------------------ > > BEGIN:VCARD > VERSION: 2.1 > X-GWTYPE:USER > FN:Marc Dufresne > TEL;WORK:613-543-3704 > ORG:;Information Technology > TEL;PREF;FAX:613-543-2847 > EMAIL;WORK;PREF;NGW: Marc.Dufresne@parks.on.ca > N:Dufresne;Marc > TITLE:Corporate IT Officer > END:VCARD > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/ ) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "sendmail.cf") 80KB. ] [ Unable to print this part. ] [ Part 3, Application/OCTET-STREAM (Name: "submit.cf") 53KB. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Mon Nov 21 16:27:39 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Richard Edge wrote: > Thanks Matt. As mentioned in another message I am using 3.1 not 3.01. It was > a typo on my part. I have removed antidrug.cf. The spam.assassin.prefs.conf > suggested renaming the local.cf file so that it wouldn't be used. Are you > suggesting then that it be used to disable certain SpamAssassin > functions/tests? > I'm suggesting, that the advice in spam.assassin.prefs.conf is dangerous. I have no idea why Julian suggests this, as it's a BAD IDEA. Among other things, spam.assassin.prefs.conf should not contain any privileged or administrator options. These options work in this file on some versions of SA, but this is largely accidental because currently only the spamd code strictly enforces all aspects of the privilege parsing rules. According to the documentation of spamassassin, many of the options that Julian has in spam.assassin.prefs.conf should be ignored, and may well be ignored in a future version. In particular, use_auto_whitelist has proven unreliable if declared in spam.assassin.prefs.conf under 3.0.x. It only seems to work if declared in the place the docs for 3.0.x tell you it needs to be. At the site config level i IMNSHO, spam.assassin.prefs.conf should _ONLY_ contain options that you want to use under MailScanner, but not when using the command line. Fundamentally this is a user_prefs file, and should be treated as such. It is NOT a local.cf replacement. Using your local.cf for your site-wide settings guarantees that these settings will properly apply to sa-learn, and spamassassin --lint, without requiring you to remember to use -p /etc/MailScanner/spam.assassin.prefs.conf every time. Very often people add bayes_path statements to spam.assassin.prefs.conf, but fail to pass -p to sa-learn. In this case, all their manual training becomes useless, as it goes to the wrong place. Currently I've reduced my spam.assassin.prefs.conf to be empty except for timeout adjustments. I'd strongly suggest mailscanner users think long and hard about their options placement, and avoid using spam.assassin.prefs.conf for settings which really belong in local.cf. Treat this file not as a "master config" but as a way of customizing SA's behavior for MailScanner. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Mon Nov 21 16:47:19 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Matt, > Richard Edge wrote: > > Thanks Matt. As mentioned in another message I am using 3.1 not > > 3.01. It was a typo on my part. I have removed antidrug.cf. The > > spam.assassin.prefs.conf suggested renaming the local.cf file so > > that it wouldn't be used. Are you suggesting then that it be used to > > disable certain SpamAssassin functions/tests? > > > > I'm suggesting, that the advice in spam.assassin.prefs.conf is > dangerous. I have no idea why Julian suggests this, as it's a BAD > IDEA. > > > Among other things, spam.assassin.prefs.conf should not contain any > privileged or administrator options. > > These options work in this file on some versions of SA, but this is > largely accidental because currently only the spamd code strictly > enforces all aspects of the privilege parsing rules. > > According to the documentation of spamassassin, many of the options > that Julian has in spam.assassin.prefs.conf should be ignored, and may > well be ignored in a future version. > > In particular, use_auto_whitelist has proven unreliable if declared in > spam.assassin.prefs.conf under 3.0.x. It only seems to work if > declared in the place the docs for 3.0.x tell you it needs to be. At > the site config level i > > > IMNSHO, spam.assassin.prefs.conf should _ONLY_ contain options that > you want to use under MailScanner, but not when using the command > line. Fundamentally this is a user_prefs file, and should be treated > as such. It is NOT a local.cf replacement. > > Using your local.cf for your site-wide settings guarantees that these > settings will properly apply to sa-learn, and spamassassin --lint, > without requiring you to remember to use -p > /etc/MailScanner/spam.assassin.prefs.conf every time. > > Very often people add bayes_path statements to > spam.assassin.prefs.conf, but fail to pass -p to sa-learn. In this > case, all their manual training becomes useless, as it goes to the > wrong place. > > Currently I've reduced my spam.assassin.prefs.conf to be empty except > for timeout adjustments. > > I'd strongly suggest mailscanner users think long and hard about their > options placement, and avoid using spam.assassin.prefs.conf for > settings which really belong in local.cf. Treat this file not as a > "master config" but as a way of customizing SA's behavior for > MailScanner. Thanks for eloquently expressing something that I have been meaning to write for a little while now. I got bitten by the advice in the MailScanner spam.assassin.prefs file, until I realised that it should be considered a user prefs file, and not a replacement for local.cf. I am all for making life easy and not having commands in lots of different places, but instructing people to delete local.cf is an oversimplification. I now have a basically empty spam.assassin.prefs file, as I want most of the SA configurations to be applied site wide, whilst running the SA command line tools as well as running from MailScanner. And some of the configuration commands are not valid in a user prefs file anyway. I think it is a very good idea that Julian has created installs that can install and configure a complete MailScanner, SA, ClamAV and MTA setup 'out of the box'. This makes life very easy for people starting from scratch, who may not have the knowledge and experience to stitch this all together. However, this does cause confusion when somone wants to implement a feature of SA that cannot be configured in a user prefs file. (There was something recently, but I can't find it in the archives right now.) Please do not take this as a pop at Julian or any of the other contributors. I just think it would be better to make the distinction between SA's different config files, rather than glossing over them. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Mon Nov 21 16:53:44 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:14 2006 Subject: MailScanner on freebsd Message-ID: I found this doc http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml Sendmail.cf incoming QueueDirectory is setup to /var/spool/mqueue. Are these the right permissions? Here is the output from ls -l /var/spool drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in MailScanner.conf is setup as Incoming Queue Dir = /var/spool/mqueue Outgoing Queue Dir = /var/spool/mqueue # Set where to unpack incoming messages before scanning them Incoming Work Dir = /var/spool/MailScanner/incoming Here is output ls -l /var/spool/MailScanner drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming # Set where to store infected and message attachments Quarantine Dir = /var/spool/MailScanner/quarantine Here is output ls -l /var/spool/MailScanner drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> Don't care about private discussions. The list exiled me when I called someone a "Dipswitch". Pretty harsh words ya think ? Do you show this? # ps auxwww|grep sendmail root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting connections (sendmail) root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail Sounds to me like your sendmail submit isn't running. Also attaching a valid submit.cf file Make sure your using both the sendmail.cf and submit files I'm sending you. On 11/21/05, Marc Dufresne wrote: > > My apologies for the private discussions. Didn't realize I posted to the > forum. > > Sendmail is running on port 25. Sendmail is acting as a Relay for my > domain. I have no problem sending/receiving internet e-mail. The two > problems I am having are: > > 1- MailScanner doesn't seem to be scanning inbound mail. > > 2- local mail sent to root and postmaster is not being delivered. The > /var/spool/clientmqueue is backing up with e-mails sent to root and > postmaster. > > Here's what /var/spool/maillog is saying > > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, > delay=10:33:28, > xdelay=00:00:00, mailer=relay, pri=1023910, relay=[127.0.0.1 > ], > dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1 > ] > > I issued the command sendmail -v root receiving. > > root....connecting to [127.0.0.1 ] via relay > root....Deferred: Connection refused by [127.0.0.1 ] > > I have modified my /etc/mail/access to reflect > > 127.0.0.1 RELAY > localhost.localdomain RELAY > localhost RELAY > > Issued a makemap hash /etc/mail/access.db < /etc/mail/access. Restarted > sendmail and still receive the Connection Refused error. > > Any ideas? > > I want to fix problem 2 first, eliminating the connection refused > errors. Then I want to move onto the MailScanner problem. > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> > Marc Dufresne wrote: > > Couldn't download any of your sample files. None of the links to > your > > files work. > > Looking a the links, I'm not surprised. > > The way you are quoting is making it very hard to follow. Please avoid > > having private discussions while using a public mailing list and don't > > top-post. > > > > > From the command line, if I issue sendmail -v root > I receive this error, > > > > root....connecting to [127.0.0.1 ] via relay > > root....Deferred: Connection refused by [127.0.0.1 ] > > Is sendmail running? > > On what port/IP is it running on? > > > > > What files do I need to modify under /etc/mail? > > > > Are you familiar with Sendmail or other MTAs? > > Regards, > > Ugo > > > > > Marc Dufresne, Corporate IT Officer > > St. Lawrence Parks Commission > > 13740 County Road 2 > > Morrisburg, ON K0C 1X0 > > > > E-mail: Marc.Dufresne@parks.on.ca > > Voice: 613-543-3704 Ext#2455 > > Fax: 613-543-2847 > > Corporate website: www.parks.on.ca > > > >>>> BB 11/20/2005 9:38 PM >>> > > Marc, > > > > I have attached working sendmail.mc < > http://sendmail.mc> and > > sendmail.cf files along with > /etc/rc.conf > startup. > > There are a number of things in the > > rc.conf that you don't need just use the sendmail portion for > examples. > > BTW > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf > does > > not > > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > > > The first thing is to get a working copy of sendmail running. Make > > your > > edits to /etc/rc.conf with the examples sent. > > > > Copy sendmail.cf /etc/mail > > > > Verify no sendmail processes are running and if they are kill the > pid > > of > > them. Verify again they are gone. > > > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > > sendmail. > > Send your self a test message from the MTA level - > > > > sendmail -v root > > > This should send a test mesage to root with no subject and > undisclosed > > recipients. Thats fine all we want to know is if sendmail is > running. > > Its > > also a good test to check the header files. > > > > If its working thats great, move on to MailScanner. I've included a > > working > > copy of a mailscanner.conf file. There are some things configured > that > > you > > might not be using, but all the directores are in place and are set > to > > defaults. > > > > Virus scanners set to none if not using (I'm using three) > > Spamassassin set to no if not using (I'm using 3.1.0_3) > > Uncomment the whitlist and blacklist file rules, I'm using > > SQLblacklist/whitelists > > > > I've included another file called directories.needed. Just run, it > > will > > create them if they don't exist > > > > This should be enough to get you going. Remember you need to get > > sendmail > > running first. I didn't or never have used the Makefile included > with > > the > > distribution. I use the m4 macro on the configuration file *.mc or > just > > use > > webmin. Its in the ports or can be downloaded from > > webmin.com > > . > > > > It does not make sense to me why sendmail is running if it is marked > > to > > "NONE". If that dosen't do it mark the first instance with NONE and > all > > the > > others with NO > > > > BTW: There is also a nice webmin modual for MailScanner. Once setup > > things > > don't change much other then whitelists/blacklists. The latest > version > > of > > mailwatch can do this hence > > > > Is Definitely Not Spam = &SQLWhitelist > > Is Definitely Spam = &SQLBlacklist > > > > > > Hang on for the ride... > > > > > > > > On 11/20/05, Marc Dufresne wrote: > >> I am going to explain my understanding of the MailScanner setup. > > Please > >> reveiw and let me know if I'm understanding this correctly? > >> > >> When MailScanner.conf is configured, the following parameters > should > > be > >> set if I'm using sendmail on FreeBSD 5.4: > >> > >> #MTA used for the Gateway > >> MTA=sendmail > >> > >> #Set how to invoke MTA when sending messages MailScanner has > created > >> (e.g. to sender/recipient saying "found a virus in your message"). > > This > >> can also be the filename of a ruleset. > >> sendmail=/usr/sbin/sendmail > >> > >> #Incoming mail queue directory for Sendmail > >> Incoming Queue Directory=/var/spool/mqueue > >> > >> #Outgoing mail queue directory for Sendmail > >> Outgoing Queue Directory=/var/spool/mqueue > >> > >> #Incoming Queue Directory for MailScanner > >> /var/spool/MailScanner/incoming > >> > >> #Quarantine Directory for MailScanner > >> /var/spool/MailScanner/quaratine > >> > >> System Startup should be as follows: > >> > >> 1) #Disable sendmail from loading at system startup > >> modify /etc/rc.conf to disable sendmail load > >> > >> > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > > > > >> > >> Section 23.4.2.3 FreeBSD 5.0-STABLEand Later > >> > >> /etc/rc.conf > >> > >> sendmail_enable="NO" > >> sendmail_submit_enable="NO" > >> sendmail_outbound_enable="NO" > >> sendmail_msp_queue_enable="NO" > >> > >> 2) #Load MailScanner at system startup. > >> #Make sure mailscanner.sh file is located under /usr/local/etc/rc.d > >> in order to load MailScannner process at startup. Mailscanner.sh > > should > >> invoke sendmail and mailscanner process to start > scanning/delivering > >> mail. > >> > >> /usr/local/etc/rc.d/mailscanner.sh > >> _________________________________ > >> > >> First Problem > >> > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > >> everything. Sendmail still loads at startup??????? > >> > >> Second Problem > >> > >> Once system is completly loaded and sitting at the login prompt, I > >> receive an error > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind > >> address already in use > >> > >> I login, and run ps -ax (This is what I see) > >> > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > >> /var/spool/client > >> > >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > >> /var/spool/mqueue > >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > >> /var/spool/client > >> > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl > >> -I/usr/local/lib/MailScanner /usr/local > >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> > >> Third Problem > >> > >> I run tail -f /var/log/maillog > >> > >> I will send test e-mails from the outside and watch sendmail > receive > >> and process incoming mail. Everyone receives e-mails from the > > outside, > >> but mailscanner does not scan any messages. > >> > >> I will issue a mailq to view /var/spool/mqueue directory. Directory > > is > >> always empty. > >> > >> I'm completely stumped here as to why Sendmail refuses to disable > at > >> startup and MailScanner refuses to scan e-mail messages!!!!! > >> > >> Any ideas???? > >> > >> > >> Marc Dufresne, Corporate IT Officer > >> St. Lawrence Parks Commission > >> 13740 County Road 2 > >> Morrisburg, ON K0C 1X0 > >> > >> E-mail: Marc.Dufresne@parks.on.ca > >> Voice: 613-543-3704 Ext#2455 > >> Fax: 613-543-2847 > >> Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > >> > >>>>> BB 11/19/2005 12:38 AM >>> > >> Don't know if they ever got the list fixed for my replies, so I'm > > doing > >> it > >> direct and through the list. > >> > >> Change /etc/rc.conf or /etc/defaults/rc.conf > >> sendmail_enable=NONE > >> > >> Verify mailscanner is starting up with > > /usr/local/etc/rc.d/mailscanner > >> .sh > >> > >> Think you need to manually create some of the directores. Verify > >> MailScanner.conf for directories. > >> > >> tail -f /var/log/maillog will show you the details > >> > >> The only reason to rebuild sendmail.cf < > http://sendmail.cf> > > >>> is to > >> remove > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good > >> choice to > >> use. > >> > >> # SMTP daemon options > >> > >> O DaemonPortOptions=Name=IPv4, Family=inet > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > >> O DaemonPortOptions=Port=587, Name=MSA, M=E > >> > >> > >> -- > >> ACK and you shall receive > >> > >> > >> > > > > > > -- > > ACK and you shall receive > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------------------------------------------------------ > > > > BEGIN:VCARD > > VERSION:2.1 > > X-GWTYPE:USER > > FN:Marc Dufresne > > TEL;WORK:613-543-3704 > > ORG:;Information Technology > > TEL;PREF;FAX:613-543-2847 > > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > > N:Dufresne;Marc > > TITLE:Corporate IT Officer > > END:VCARD > > > > > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From jwilliams at COURTESYMORTGAGE.COM Mon Nov 21 16:53:48 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:31:14 2006 Subject: Question on MailScanner book Message-ID: Just a quick question on the book: Does it cover items such as Spamassassin and how to configure and improve settings for SA? Maybe items like bayes? Also, is there a table of contents available to see? I’d like to see what it has. Thanks, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brent.bolin at GMAIL.COM Mon Nov 21 16:57:38 2005 From: brent.bolin at GMAIL.COM (BB) Date: Thu Jan 12 21:31:14 2006 Subject: MailScanner on freebsd Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Don't go there yet!. Is sendmail working ? sendmail -v root wrote: I found this doc http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml Sendmail.cf incoming QueueDirectory is setup to /var/spool/mqueue. Are these the right permissions? Here is the output from ls -l /var/spool drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in MailScanner.conf is setup as Incoming Queue Dir = /var/spool/mqueue Outgoing Queue Dir = /var/spool/mqueue # Set where to unpack incoming messages before scanning them Incoming Work Dir = /var/spool/MailScanner/incoming Here is output ls -l /var/spool/MailScanner drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming # Set where to store infected and message attachments Quarantine Dir = /var/spool/MailScanner/quarantine Here is output ls -l /var/spool/MailScanner drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> Don't care about private discussions. The list exiled me when I called someone a "Dipswitch". Pretty harsh words ya think ? Do you show this? # ps auxwww|grep sendmail root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting connections (sendmail) root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue runner@00:15:00 for /var/spool/mqueue (sendmail) smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue runner@00:15:00 for /var/spool/clientmqueue (sendmail) root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail Sounds to me like your sendmail submit isn't running. Also attaching a valid submit.cf file Make sure your using both the sendmail.cf < http://sendmail.cf> and submit files I'm sending you. On 11/21/05, Marc Dufresne wrote: > > My apologies for the private discussions. Didn't realize I posted to the > forum. > > Sendmail is running on port 25. Sendmail is acting as a Relay for my > domain. I have no problem sending/receiving internet e-mail. The two > problems I am having are: > > 1- MailScanner doesn't seem to be scanning inbound mail. > > 2- local mail sent to root and postmaster is not being delivered. The > /var/spool/clientmqueue is backing up with e-mails sent to root and > postmaster. > > Here's what /var/spool/maillog is saying > > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, > delay=10:33:28, > xdelay=00:00:00, mailer=relay, pri=1023910, relay=[numericlinkwarning 127.0.0.1 > ], > dsn=4.0.0, stat=Deferred: Connection refused by [numericlinkwarning 127.0.0.1< numericlinkwarning http://127.0.0.1> > ] > > I issued the command sendmail -v root receiving. > > root....connecting to [numericlinkwarning 127.0.0.1 ] via relay > root....Deferred: Connection refused by [numericlinkwarning 127.0.0.1 ] > > I have modified my /etc/mail/access to reflect > > numericlinkwarning 127.0.0.1 RELAY > localhost.localdomain RELAY > localhost RELAY > > Issued a makemap hash /etc/mail/access.db < /etc/mail/access. Restarted > sendmail and still receive the Connection Refused error. > > Any ideas? > > I want to fix problem 2 first, eliminating the connection refused > errors. Then I want to move onto the MailScanner problem. > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> > Marc Dufresne wrote: > > Couldn't download any of your sample files. None of the links to > your > > files work. > > Looking a the links, I'm not surprised. > > The way you are quoting is making it very hard to follow. Please avoid > > having private discussions while using a public mailing list and don't > > top-post. > > > > > From the command line, if I issue sendmail -v root > I receive this error, > > > > root....connecting to [numericlinkwarning 127.0.0.1 ] via relay > > root....Deferred: Connection refused by [numericlinkwarning 127.0.0.1 ] > > Is sendmail running? > > On what port/IP is it running on? > > > > > What files do I need to modify under /etc/mail? > > > > Are you familiar with Sendmail or other MTAs? > > Regards, > > Ugo > > > > > Marc Dufresne, Corporate IT Officer > > St. Lawrence Parks Commission > > 13740 County Road 2 > > Morrisburg, ON K0C 1X0 > > > > E-mail: Marc.Dufresne@parks.on.ca > > Voice: 613-543-3704 Ext#2455 > > Fax: 613-543-2847 > > Corporate website: www.parks.on.ca > > > >>>> BB 11/20/2005 9:38 PM >>> > > Marc, > > > > I have attached working sendmail.mc < > http://sendmail.mc > and > > sendmail.cf files along with > /etc/rc.conf > startup. > > There are a number of things in the > > rc.conf that you don't need just use the sendmail portion for > examples. > > BTW > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf > does > > not > > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > > > The first thing is to get a working copy of sendmail running. Make > > your > > edits to /etc/rc.conf with the examples sent. > > > > Copy sendmail.cf /etc/mail > > > > Verify no sendmail processes are running and if they are kill the > pid > > of > > them. Verify again they are gone. > > > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > > sendmail. > > Send your self a test message from the MTA level - > > > > sendmail -v root > > > This should send a test mesage to root with no subject and > undisclosed > > recipients. Thats fine all we want to know is if sendmail is > running. > > Its > > also a good test to check the header files. > > > > If its working thats great, move on to MailScanner. I've included a > > working > > copy of a mailscanner.conf file. There are some things configured > that > > you > > might not be using, but all the directores are in place and are set > to > > defaults. > > > > Virus scanners set to none if not using (I'm using three) > > Spamassassin set to no if not using (I'm using 3.1.0_3) > > Uncomment the whitlist and blacklist file rules, I'm using > > SQLblacklist/whitelists > > > > I've included another file called directories.needed. Just run, it > > will > > create them if they don't exist > > > > This should be enough to get you going. Remember you need to get > > sendmail > > running first. I didn't or never have used the Makefile included > with > > the > > distribution. I use the m4 macro on the configuration file *.mc or > just > > use > > webmin. Its in the ports or can be downloaded from > > webmin.com < http://webmin.com> > > . > > > > It does not make sense to me why sendmail is running if it is marked > > to > > "NONE". If that dosen't do it mark the first instance with NONE and > all > > the > > others with NO > > > > BTW: There is also a nice webmin modual for MailScanner. Once setup > > things > > don't change much other then whitelists/blacklists. The latest > version > > of > > mailwatch can do this hence > > > > Is Definitely Not Spam = &SQLWhitelist > > Is Definitely Spam = &SQLBlacklist > > > > > > Hang on for the ride... > > > > > > > > On 11/20/05, Marc Dufresne wrote: > >> I am going to explain my understanding of the MailScanner setup. > > Please > >> reveiw and let me know if I'm understanding this correctly? > >> > >> When MailScanner.conf is configured, the following parameters > should > > be > >> set if I'm using sendmail on FreeBSD 5.4: > >> > >> #MTA used for the Gateway > >> MTA=sendmail > >> > >> #Set how to invoke MTA when sending messages MailScanner has > created > >> (e.g. to sender/recipient saying "found a virus in your message"). > > This > >> can also be the filename of a ruleset. > >> sendmail=/usr/sbin/sendmail > >> > >> #Incoming mail queue directory for Sendmail > >> Incoming Queue Directory=/var/spool/mqueue > >> > >> #Outgoing mail queue directory for Sendmail > >> Outgoing Queue Directory=/var/spool/mqueue > >> > >> #Incoming Queue Directory for MailScanner > >> /var/spool/MailScanner/incoming > >> > >> #Quarantine Directory for MailScanner > >> /var/spool/MailScanner/quaratine > >> > >> System Startup should be as follows: > >> > >> 1) #Disable sendmail from loading at system startup > >> modify /etc/rc.conf to disable sendmail load > >> > >> > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > > > > >> > >> Section numericlinkwarning 23.4.2.3 FreeBSD 5.0-STABLEand Later > >> > >> /etc/rc.conf > >> > >> sendmail_enable="NO" > >> sendmail_submit_enable="NO" > >> sendmail_outbound_enable="NO" > >> sendmail_msp_queue_enable="NO" > >> > >> 2) #Load MailScanner at system startup. > >> #Make sure mailscanner.sh file is located under /usr/local/etc/rc.d > >> in order to load MailScannner process at startup. Mailscanner.sh > > should > >> invoke sendmail and mailscanner process to start > scanning/delivering > >> mail. > >> > >> /usr/local/etc/rc.d/mailscanner.sh > >> _________________________________ > >> > >> First Problem > >> > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > >> everything. Sendmail still loads at startup??????? > >> > >> Second Problem > >> > >> Once system is completly loaded and sitting at the login prompt, I > >> receive an error > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind > >> address already in use > >> > >> I login, and run ps -ax (This is what I see) > >> > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > >> /var/spool/client > >> > >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > >> /var/spool/mqueue > >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > >> /var/spool/client > >> > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl > >> -I/usr/local/lib/MailScanner /usr/local > >> 627 ?? S 0: 02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > >> /usr/local > >> > >> Third Problem > >> > >> I run tail -f /var/log/maillog > >> > >> I will send test e-mails from the outside and watch sendmail > receive > >> and process incoming mail. Everyone receives e-mails from the > > outside, > >> but mailscanner does not scan any messages. > >> > >> I will issue a mailq to view /var/spool/mqueue directory. Directory > > is > >> always empty. > >> > >> I'm completely stumped here as to why Sendmail refuses to disable > at > >> startup and MailScanner refuses to scan e-mail messages!!!!! > >> > >> Any ideas???? > >> > >> > >> Marc Dufresne, Corporate IT Officer > >> St. Lawrence Parks Commission > >> 13740 County Road 2 > >> Morrisburg, ON K0C 1X0 > >> > >> E-mail: Marc.Dufresne@parks.on.ca > >> Voice: 613-543-3704 Ext#2455 > >> Fax: 613-543-2847 > >> Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > >> > >>>>> BB 11/19/2005 12:38 AM >>> > >> Don't know if they ever got the list fixed for my replies, so I'm > > doing > >> it > >> direct and through the list. > >> > >> Change /etc/rc.conf or /etc/defaults/rc.conf > >> sendmail_enable=NONE > >> > >> Verify mailscanner is starting up with > > /usr/local/etc/rc.d/mailscanner > >> .sh > >> > >> Think you need to manually create some of the directores. Verify > >> MailScanner.conf for directories. > >> > >> tail -f /var/log/maillog will show you the details > >> > >> The only reason to rebuild sendmail.cf < > http://sendmail.cf> > > >>> is to > >> remove > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good > >> choice to > >> use. > >> > >> # SMTP daemon options > >> > >> O DaemonPortOptions=Name=IPv4, Family=inet > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > >> O DaemonPortOptions=Port=587, Name=MSA, M=E > >> > >> > >> -- > >> ACK and you shall receive > >> > >> > >> > > > > > > -- > > ACK and you shall receive > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ( http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------------------------------------------------------ > > > > BEGIN:VCARD > > VERSION:2.1 > > X-GWTYPE:USER > > FN:Marc Dufresne > > TEL;WORK:613-543-3704 > > ORG:;Information Technology > > TEL;PREF;FAX:613-543-2847 > > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > > N:Dufresne;Marc > > TITLE:Corporate IT Officer > > END:VCARD > > > > > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/ ) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Mon Nov 21 17:16:36 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:31:14 2006 Subject: MailScanner on freebsd Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > I found this doc > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > Sendmail.cf incoming QueueDirectory is setup to /var/spool/mqueue. > Are these the right permissions? > > Here is the output from ls -l /var/spool > > drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner > drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue > drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue > drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in > > MailScanner.conf is setup as > > Incoming Queue Dir = /var/spool/mqueue > Outgoing Queue Dir = /var/spool/mqueue Is the above a typo? This is the default: Incoming Queue Dir = /var/spool/mqueue.in Outgoing Queue Dir = /var/spool/mqueue > > # Set where to unpack incoming messages before scanning them > Incoming Work Dir = /var/spool/MailScanner/incoming > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming > > # Set where to store infected and message attachments > Quarantine Dir = /var/spool/MailScanner/quarantine > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > >>>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> > Don't care about private discussions. The list exiled me when I called > someone a "Dipswitch". > > Pretty harsh words ya think ? > > Do you show this? > > # ps auxwww|grep sendmail > root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting > connections (sendmail) > root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/mqueue (sendmail) > smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/clientmqueue (sendmail) > root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail > > Sounds to me like your sendmail submit isn't running. > > Also attaching a valid submit.cf file > > Make sure your using both the sendmail.cf and > submit > files I'm sending you. > > > On 11/21/05, Marc Dufresne wrote: >> >> My apologies for the private discussions. Didn't realize I posted to > the >> forum. >> >> Sendmail is running on port 25. Sendmail is acting as a Relay for my >> domain. I have no problem sending/receiving internet e-mail. The two >> problems I am having are: >> >> 1- MailScanner doesn't seem to be scanning inbound mail. >> >> 2- local mail sent to root and postmaster is not being delivered. > The >> /var/spool/clientmqueue is backing up with e-mails sent to root and >> postmaster. >> >> Here's what /var/spool/maillog is saying >> >> mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, >> delay=10:33:28, >> xdelay=00:00:00, mailer=relay, pri=1023910, > relay=[127.0.0.1 >> ], >> dsn=4.0.0, stat=Deferred: Connection refused by > [127.0.0.1 >> ] >> >> I issued the command sendmail -v root I'm >> receiving. >> >> root....connecting to [127.0.0.1 ] via relay >> root....Deferred: Connection refused by [127.0.0.1 > ] >> >> I have modified my /etc/mail/access to reflect >> >> 127.0.0.1 RELAY >> localhost.localdomain RELAY >> localhost RELAY >> >> Issued a makemap hash /etc/mail/access.db < /etc/mail/access. > Restarted >> sendmail and still receive the Connection Refused error. >> >> Any ideas? >> >> I want to fix problem 2 first, eliminating the connection refused >> errors. Then I want to move onto the MailScanner problem. >> >> >> Marc Dufresne, Corporate IT Officer >> St. Lawrence Parks Commission >> 13740 County Road 2 >> Morrisburg, ON K0C 1X0 >> >> E-mail: Marc.Dufresne@parks.on.ca >> Voice: 613-543-3704 Ext#2455 >> Fax: 613-543-2847 >> Corporate website: www.parks.on.ca >> >> >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> >> Marc Dufresne wrote: >> > Couldn't download any of your sample files. None of the links to >> your >> > files work. >> >> Looking a the links, I'm not surprised. >> >> The way you are quoting is making it very hard to follow. Please > avoid >> >> having private discussions while using a public mailing list and > don't >> >> top-post. >> >> > >> > From the command line, if I issue sendmail -v root > > I receive this error, >> > >> > root....connecting to [127.0.0.1 ] via relay >> > root....Deferred: Connection refused by [127.0.0.1 > ] >> >> Is sendmail running? >> >> On what port/IP is it running on? >> >> > >> > What files do I need to modify under /etc/mail? >> > >> >> Are you familiar with Sendmail or other MTAs? >> >> Regards, >> >> Ugo >> >> > >> > Marc Dufresne, Corporate IT Officer >> > St. Lawrence Parks Commission >> > 13740 County Road 2 >> > Morrisburg, ON K0C 1X0 >> > >> > E-mail: Marc.Dufresne@parks.on.ca >> > Voice: 613-543-3704 Ext#2455 >> > Fax: 613-543-2847 >> > Corporate website: www.parks.on.ca >> > >> >>>> BB 11/20/2005 9:38 PM >>> >> > Marc, >> > >> > I have attached working sendmail.mc < >> http://sendmail.mc> and >> > sendmail.cf files along > with >> /etc/rc.conf >> startup. >> > There are a number of things in the >> > rc.conf that you don't need just use the sendmail portion for >> examples. >> > BTW >> > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf >> does >> > not >> > exist. /etc/rc.conf will override /etc/defaults/rc.conf. >> > >> > The first thing is to get a working copy of sendmail running. Make >> > your >> > edits to /etc/rc.conf with the examples sent. >> > >> > Copy sendmail.cf > /etc/mail >> > >> > Verify no sendmail processes are running and if they are kill the >> pid >> > of >> > them. Verify again they are gone. >> > >> > Run "sh /etc/rc.sendmail start" . No quotes. This should start >> > sendmail. >> > Send your self a test message from the MTA level - >> > >> > sendmail -v root > > >> > This should send a test mesage to root with no subject and >> undisclosed >> > recipients. Thats fine all we want to know is if sendmail is >> running. >> > Its >> > also a good test to check the header files. >> > >> > If its working thats great, move on to MailScanner. I've included > a >> > working >> > copy of a mailscanner.conf file. There are some things configured >> that >> > you >> > might not be using, but all the directores are in place and are > set >> to >> > defaults. >> > >> > Virus scanners set to none if not using (I'm using three) >> > Spamassassin set to no if not using (I'm using 3.1.0_3) >> > Uncomment the whitlist and blacklist file rules, I'm using >> > SQLblacklist/whitelists >> > >> > I've included another file called directories.needed. Just run, it >> > will >> > create them if they don't exist >> > >> > This should be enough to get you going. Remember you need to get >> > sendmail >> > running first. I didn't or never have used the Makefile included >> with >> > the >> > distribution. I use the m4 macro on the configuration file *.mc or >> just >> > use >> > webmin. Its in the ports or can be downloaded from >> > webmin.com >> > . >> > >> > It does not make sense to me why sendmail is running if it is > marked >> > to >> > "NONE". If that dosen't do it mark the first instance with NONE > and >> all >> > the >> > others with NO >> > >> > BTW: There is also a nice webmin modual for MailScanner. Once > setup >> > things >> > don't change much other then whitelists/blacklists. The latest >> version >> > of >> > mailwatch can do this hence >> > >> > Is Definitely Not Spam = &SQLWhitelist >> > Is Definitely Spam = &SQLBlacklist >> > >> > >> > Hang on for the ride... >> > >> > >> > >> > On 11/20/05, Marc Dufresne wrote: >> >> I am going to explain my understanding of the MailScanner setup. >> > Please >> >> reveiw and let me know if I'm understanding this correctly? >> >> >> >> When MailScanner.conf is configured, the following parameters >> should >> > be >> >> set if I'm using sendmail on FreeBSD 5.4: >> >> >> >> #MTA used for the Gateway >> >> MTA=sendmail >> >> >> >> #Set how to invoke MTA when sending messages MailScanner has >> created >> >> (e.g. to sender/recipient saying "found a virus in your > message"). >> > This >> >> can also be the filename of a ruleset. >> >> sendmail=/usr/sbin/sendmail >> >> >> >> #Incoming mail queue directory for Sendmail >> >> Incoming Queue Directory=/var/spool/mqueue >> >> >> >> #Outgoing mail queue directory for Sendmail >> >> Outgoing Queue Directory=/var/spool/mqueue >> >> >> >> #Incoming Queue Directory for MailScanner >> >> /var/spool/MailScanner/incoming >> >> >> >> #Quarantine Directory for MailScanner >> >> /var/spool/MailScanner/quaratine >> >> >> >> System Startup should be as follows: >> >> >> >> 1) #Disable sendmail from loading at system startup >> >> modify /etc/rc.conf to disable sendmail load >> >> >> >> >> > >> >> > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > >> >> > >> >> >> >> Section 23.4.2.3 FreeBSD > 5.0-STABLEand Later >> >> >> >> /etc/rc.conf >> >> >> >> sendmail_enable="NO" >> >> sendmail_submit_enable="NO" >> >> sendmail_outbound_enable="NO" >> >> sendmail_msp_queue_enable="NO" >> >> >> >> 2) #Load MailScanner at system startup. >> >> #Make sure mailscanner.sh file is located under > /usr/local/etc/rc.d >> >> in order to load MailScannner process at startup. Mailscanner.sh >> > should >> >> invoke sendmail and mailscanner process to start >> scanning/delivering >> >> mail. >> >> >> >> /usr/local/etc/rc.d/mailscanner.sh >> >> _________________________________ >> >> >> >> First Problem >> >> >> >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried >> >> everything. Sendmail still loads at startup??????? >> >> >> >> Second Problem >> >> >> >> Once system is completly loaded and sitting at the login prompt, > I >> >> receive an error >> >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind >> >> address already in use >> >> >> >> I login, and run ps -ax (This is what I see) >> >> >> >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) >> >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for >> >> /var/spool/client >> >> >> >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> >> /var/spool/mqueue >> >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for >> >> /var/spool/client >> >> >> >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner >> >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl >> >> -I/usr/local/lib/MailScanner /usr/local >> >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner >> >> /usr/local >> >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner >> >> /usr/local >> >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner >> >> /usr/local >> >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner >> >> /usr/local >> >> >> >> Third Problem >> >> >> >> I run tail -f /var/log/maillog >> >> >> >> I will send test e-mails from the outside and watch sendmail >> receive >> >> and process incoming mail. Everyone receives e-mails from the >> > outside, >> >> but mailscanner does not scan any messages. >> >> >> >> I will issue a mailq to view /var/spool/mqueue directory. > Directory >> > is >> >> always empty. >> >> >> >> I'm completely stumped here as to why Sendmail refuses to disable >> at >> >> startup and MailScanner refuses to scan e-mail messages!!!!! >> >> >> >> Any ideas???? >> >> >> >> >> >> Marc Dufresne, Corporate IT Officer >> >> St. Lawrence Parks Commission >> >> 13740 County Road 2 >> >> Morrisburg, ON K0C 1X0 >> >> >> >> E-mail: Marc.Dufresne@parks.on.ca >> >> Voice: 613-543-3704 Ext#2455 >> >> Fax: 613-543-2847 >> >> Corporate website: www.parks.on.ca < >> http://www.parks.on.ca> >> >> >> >>>>> BB 11/19/2005 12:38 AM >>> >> >> Don't know if they ever got the list fixed for my replies, so I'm >> > doing >> >> it >> >> direct and through the list. >> >> >> >> Change /etc/rc.conf or /etc/defaults/rc.conf >> >> sendmail_enable=NONE >> >> >> >> Verify mailscanner is starting up with >> > /usr/local/etc/rc.d/mailscanner >> >> .sh >> >> >> >> Think you need to manually create some of the directores. Verify >> >> MailScanner.conf for directories. >> >> >> >> tail -f /var/log/maillog will show you the details >> >> >> >> The only reason to rebuild sendmail.cf < >> http://sendmail.cf> >> > > >>> is to >> >> remove >> >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good >> >> choice to >> >> use. >> >> >> >> # SMTP daemon options >> >> >> >> O DaemonPortOptions=Name=IPv4, Family=inet >> >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O >> >> O DaemonPortOptions=Port=587, Name=MSA, M=E >> >> >> >> >> >> -- >> >> ACK and you shall receive >> >> >> >> >> >> >> > >> > >> > -- >> > ACK and you shall receive >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> > >> > >> > ------------------------------------------------------------------------ >> > >> > BEGIN:VCARD >> > VERSION:2.1 >> > X-GWTYPE:USER >> > FN:Marc Dufresne >> > TEL;WORK:613-543-3704 >> > ORG:;Information Technology >> > TEL;PREF;FAX:613-543-2847 >> > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca >> > N:Dufresne;Marc >> > TITLE:Corporate IT Officer >> > END:VCARD >> > >> >> >> -- >> Ugo >> >> -> Please don't send a copy of your reply by e-mail. I read the > list. >> -> Please avoid top-posting, long signatures and HTML, and cut the >> irrelevant parts in your replies. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Mon Nov 21 17:18:27 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:14 2006 Subject: MailScanner on freebsd Message-ID: No sendmail -v root >> brent.bolin@GMAIL.COM 11/21/2005 11:57 AM >>> Don't go there yet!. Is sendmail working ? sendmail -v root wrote: > > I found this doc > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > Sendmail.cf incoming QueueDirectory is setup to > /var/spool/mqueue. > Are these the right permissions? > > Here is the output from ls -l /var/spool > > drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner > drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue > drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue > drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in > > MailScanner.conf is setup as > > Incoming Queue Dir = /var/spool/mqueue > Outgoing Queue Dir = /var/spool/mqueue > > # Set where to unpack incoming messages before scanning them > Incoming Work Dir = /var/spool/MailScanner/incoming > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming > > # Set where to store infected and message attachments > Quarantine Dir = /var/spool/MailScanner/quarantine > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> > Don't care about private discussions. The list exiled me when I called > someone a "Dipswitch". > > Pretty harsh words ya think ? > > Do you show this? > > # ps auxwww|grep sendmail > root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting > connections (sendmail) > root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/mqueue (sendmail) > smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/clientmqueue (sendmail) > root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail > > Sounds to me like your sendmail submit isn't running. > > Also attaching a valid submit.cf > file > > Make sure your using both the sendmail.cf < > http://sendmail.cf> and > submit > files I'm sending you. > > > On 11/21/05, Marc Dufresne wrote: > > > > My apologies for the private discussions. Didn't realize I posted to > the > > forum. > > > > Sendmail is running on port 25. Sendmail is acting as a Relay for my > > domain. I have no problem sending/receiving internet e-mail. The two > > problems I am having are: > > > > 1- MailScanner doesn't seem to be scanning inbound mail. > > > > 2- local mail sent to root and postmaster is not being delivered. > The > > /var/spool/clientmqueue is backing up with e-mails sent to root and > > postmaster. > > > > Here's what /var/spool/maillog is saying > > > > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, > > delay=10:33:28, > > xdelay=00:00:00, mailer=relay, pri=1023910, > relay=[127.0.0.1 > > ], > > dsn=4.0.0, stat=Deferred: Connection refused by > [127.0.0.1 > > ] > > > > I issued the command sendmail -v root I'm > > receiving. > > > > root....connecting to [127.0.0.1 ] > via relay > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > I have modified my /etc/mail/access to reflect > > > > 127.0.0.1 RELAY > > localhost.localdomain RELAY > > localhost RELAY > > > > Issued a makemap hash /etc/mail/access.db < /etc/mail/access. > Restarted > > sendmail and still receive the Connection Refused error. > > > > Any ideas? > > > > I want to fix problem 2 first, eliminating the connection refused > > errors. Then I want to move onto the MailScanner problem. > > > > > > Marc Dufresne, Corporate IT Officer > > St. Lawrence Parks Commission > > 13740 County Road 2 > > Morrisburg, ON K0C 1X0 > > > > E-mail: Marc.Dufresne@parks.on.ca > > Voice: 613-543-3704 Ext#2455 > > Fax: 613-543-2847 > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> > > Marc Dufresne wrote: > > > Couldn't download any of your sample files. None of the links to > > your > > > files work. > > > > Looking a the links, I'm not surprised. > > > > The way you are quoting is making it very hard to follow. Please > avoid > > > > having private discussions while using a public mailing list and > don't > > > > top-post. > > > > > > > > From the command line, if I issue sendmail -v root > > I receive this error, > > > > > > root....connecting to [127.0.0.1 ] > via relay > > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > Is sendmail running? > > > > On what port/IP is it running on? > > > > > > > > What files do I need to modify under /etc/mail? > > > > > > > Are you familiar with Sendmail or other MTAs? > > > > Regards, > > > > Ugo > > > > > > > > Marc Dufresne, Corporate IT Officer > > > St. Lawrence Parks Commission > > > 13740 County Road 2 > > > Morrisburg, ON K0C 1X0 > > > > > > E-mail: Marc.Dufresne@parks.on.ca > > > Voice: 613-543-3704 Ext#2455 > > > Fax: 613-543-2847 > > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > > >>>> BB 11/20/2005 9:38 PM >>> > > > Marc, > > > > > > I have attached working sendmail.mc < > http://sendmail.mc> < > > http://sendmail.mc> and > > > sendmail.cf < > http://sendmail.cf>files along > with > > /etc/rc.conf > > startup. > > > There are a number of things in the > > > rc.conf that you don't need just use the sendmail portion for > > examples. > > > BTW > > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf > > does > > > not > > > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > > > > > The first thing is to get a working copy of sendmail running. Make > > > your > > > edits to /etc/rc.conf with the examples sent. > > > > > > Copy sendmail.cf < > http://sendmail.cf> > /etc/mail > > > > > > Verify no sendmail processes are running and if they are kill the > > pid > > > of > > > them. Verify again they are gone. > > > > > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > > > sendmail. > > > Send your self a test message from the MTA level - > > > > > > sendmail -v root > > > > > This should send a test mesage to root with no subject and > > undisclosed > > > recipients. Thats fine all we want to know is if sendmail is > > running. > > > Its > > > also a good test to check the header files. > > > > > > If its working thats great, move on to MailScanner. I've included > a > > > working > > > copy of a mailscanner.conf file. There are some things configured > > that > > > you > > > might not be using, but all the directores are in place and are > set > > to > > > defaults. > > > > > > Virus scanners set to none if not using (I'm using three) > > > Spamassassin set to no if not using (I'm using 3.1.0_3) > > > Uncomment the whitlist and blacklist file rules, I'm using > > > SQLblacklist/whitelists > > > > > > I've included another file called directories.needed. Just run, it > > > will > > > create them if they don't exist > > > > > > This should be enough to get you going. Remember you need to get > > > sendmail > > > running first. I didn't or never have used the Makefile included > > with > > > the > > > distribution. I use the m4 macro on the configuration file *.mc or > > just > > > use > > > webmin. Its in the ports or can be downloaded from > > > webmin.com > > > . > > > > > > It does not make sense to me why sendmail is running if it is > marked > > > to > > > "NONE". If that dosen't do it mark the first instance with NONE > and > > all > > > the > > > others with NO > > > > > > BTW: There is also a nice webmin modual for MailScanner. Once > setup > > > things > > > don't change much other then whitelists/blacklists. The latest > > version > > > of > > > mailwatch can do this hence > > > > > > Is Definitely Not Spam = &SQLWhitelist > > > Is Definitely Spam = &SQLBlacklist > > > > > > > > > Hang on for the ride... > > > > > > > > > > > > On 11/20/05, Marc Dufresne wrote: > > >> I am going to explain my understanding of the MailScanner setup. > > > Please > > >> reveiw and let me know if I'm understanding this correctly? > > >> > > >> When MailScanner.conf is configured, the following parameters > > should > > > be > > >> set if I'm using sendmail on FreeBSD 5.4: > > >> > > >> #MTA used for the Gateway > > >> MTA=sendmail > > >> > > >> #Set how to invoke MTA when sending messages MailScanner has > > created > > >> (e.g. to sender/recipient saying "found a virus in your > message"). > > > This > > >> can also be the filename of a ruleset. > > >> sendmail=/usr/sbin/sendmail > > >> > > >> #Incoming mail queue directory for Sendmail > > >> Incoming Queue Directory=/var/spool/mqueue > > >> > > >> #Outgoing mail queue directory for Sendmail > > >> Outgoing Queue Directory=/var/spool/mqueue > > >> > > >> #Incoming Queue Directory for MailScanner > > >> /var/spool/MailScanner/incoming > > >> > > >> #Quarantine Directory for MailScanner > > >> /var/spool/MailScanner/quaratine > > >> > > >> System Startup should be as follows: > > >> > > >> 1) #Disable sendmail from loading at system startup > > >> modify /etc/rc.conf to disable sendmail load > > >> > > >> > > > > > > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > > > > > > > > >> > > >> Section 23.4.2.3 > FreeBSD > 5.0-STABLEand Later > > >> > > >> /etc/rc.conf > > >> > > >> sendmail_enable="NO" > > >> sendmail_submit_enable="NO" > > >> sendmail_outbound_enable="NO" > > >> sendmail_msp_queue_enable="NO" > > >> > > >> 2) #Load MailScanner at system startup. > > >> #Make sure mailscanner.sh file is located under > /usr/local/etc/rc.d > > >> in order to load MailScannner process at startup. Mailscanner.sh > > > should > > >> invoke sendmail and mailscanner process to start > > scanning/delivering > > >> mail. > > >> > > >> /usr/local/etc/rc.d/mailscanner.sh > > >> _________________________________ > > >> > > >> First Problem > > >> > > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > > >> everything. Sendmail still loads at startup??????? > > >> > > >> Second Problem > > >> > > >> Once system is completly loaded and sitting at the login prompt, > I > > >> receive an error > > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind > > >> address already in use > > >> > > >> I login, and run ps -ax (This is what I see) > > >> > > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > > >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > > >> /var/spool/client > > >> > > >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/mqueue > > >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/client > > >> > > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl > > >> -I/usr/local/lib/MailScanner /usr/local > > >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> > > >> Third Problem > > >> > > >> I run tail -f /var/log/maillog > > >> > > >> I will send test e-mails from the outside and watch sendmail > > receive > > >> and process incoming mail. Everyone receives e-mails from the > > > outside, > > >> but mailscanner does not scan any messages. > > >> > > >> I will issue a mailq to view /var/spool/mqueue directory. > Directory > > > is > > >> always empty. > > >> > > >> I'm completely stumped here as to why Sendmail refuses to disable > > at > > >> startup and MailScanner refuses to scan e-mail messages!!!!! > > >> > > >> Any ideas???? > > >> > > >> > > >> Marc Dufresne, Corporate IT Officer > > >> St. Lawrence Parks Commission > > >> 13740 County Road 2 > > >> Morrisburg, ON K0C 1X0 > > >> > > >> E-mail: Marc.Dufresne@parks.on.ca > > >> Voice: 613-543-3704 Ext#2455 > > >> Fax: 613-543-2847 > > >> Corporate website: www.parks.on.ca < > http://www.parks.on.ca> < > > http://www.parks.on.ca> > > >> > > >>>>> BB 11/19/2005 12:38 AM >>> > > >> Don't know if they ever got the list fixed for my replies, so I'm > > > doing > > >> it > > >> direct and through the list. > > >> > > >> Change /etc/rc.conf or /etc/defaults/rc.conf > > >> sendmail_enable=NONE > > >> > > >> Verify mailscanner is starting up with > > > /usr/local/etc/rc.d/mailscanner > > >> .sh > > >> > > >> Think you need to manually create some of the directores. Verify > > >> MailScanner.conf for directories. > > >> > > >> tail -f /var/log/maillog will show you the details > > >> > > >> The only reason to rebuild sendmail.cf < > http://sendmail.cf> < > > http://sendmail.cf> > > > > >>> is to > > >> remove > > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good > > >> choice to > > >> use. > > >> > > >> # SMTP daemon options > > >> > > >> O DaemonPortOptions=Name=IPv4, Family=inet > > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > > >> O DaemonPortOptions=Port=587, Name=MSA, M=E > > >> > > >> > > >> -- > > >> ACK and you shall receive > > >> > > >> > > >> > > > > > > > > > -- > > > ACK and you shall receive > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > BEGIN:VCARD > > > VERSION:2.1 > > > X-GWTYPE:USER > > > FN:Marc Dufresne > > > TEL;WORK:613-543-3704 > > > ORG:;Information Technology > > > TEL;PREF;FAX:613-543-2847 > > > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > > > N:Dufresne;Marc > > > TITLE:Corporate IT Officer > > > END:VCARD > > > > > > > > > -- > > Ugo > > > > -> Please don't send a copy of your reply by e-mail. I read the > list. > > -> Please avoid top-posting, long signatures and HTML, and cut the > > irrelevant parts in your replies. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From rcooper at DWFORD.COM Mon Nov 21 17:23:39 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:14 2006 Subject: Clever Spammers, Anything to catch this? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Glenn Steen > Sent: Monday, November 21, 2005 3:59 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Clever Spammers, Anything to catch this? > > > On 20/11/05, Rick Cooper wrote: > (snip) > > I attached a copy of the changes I made to Matt's rules and it > also includes > > my own rule. My own rule doesn't care about the words just the > methodology > > used. I didn't get any FPs with the latest SA public Corpus BTW. > > > Thanks, will drop them into place and see what happens... (If they > work out well, at least my PHB will be ecstatic... Probably me too:-). > Try the attached. It matches on a grid bounded by DIV tags so something like: abcde fghij klmno pqrst uvwxy would require 's' to exist. but it would also catch A
ra
(I have gotten one like that) I ran against the full public SA corpus and the messages I had already captured. Caught all of my captured messages, no FPs. the freqs report is in the header of the attachment. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "RcDIVObs.cf") 2.1KB. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Mon Nov 21 17:49:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Okay, I understand that I shouldn't be putting site-wide settings in spam.assassin.prefs.conf as it stands. Is there any way of (a) telling SpamAssassin to use spam.assassin.prefs.conf as a site-wide settings file, or (b) working out automatically exactly where the site-wide settings should go on any given installation. On things like Solaris the correct location is damn near impossible to find. Telling people to go and edit their site-wide SpamAssassin settings file is not much use. I need to be able to work out the precise location of the best file to use, and do the necessary editing for them in the install script. That's why I have always done it the way I have. It pretty much worked okay, and the file was in an easy-to-find location that (1) I could work out and (2) users would be able to find it again later if they needed to change something 6 months later when they had forgotten what the install script told them. An ideal solution would be a soft-link in the MailScanner/etc directory to the real location of the file. But I still have to find the real file. All constructive ideas are most welcome. Anthony Peacock wrote: >Hi Matt, > > > >>Richard Edge wrote: >> >> >>>Thanks Matt. As mentioned in another message I am using 3.1 not >>>3.01. It was a typo on my part. I have removed antidrug.cf. The >>>spam.assassin.prefs.conf suggested renaming the local.cf file so >>>that it wouldn't be used. Are you suggesting then that it be used to >>>disable certain SpamAssassin functions/tests? >>> >>> >>> >>I'm suggesting, that the advice in spam.assassin.prefs.conf is >>dangerous. I have no idea why Julian suggests this, as it's a BAD >>IDEA. >> >> >>Among other things, spam.assassin.prefs.conf should not contain any >>privileged or administrator options. >> >>These options work in this file on some versions of SA, but this is >>largely accidental because currently only the spamd code strictly >>enforces all aspects of the privilege parsing rules. >> >>According to the documentation of spamassassin, many of the options >>that Julian has in spam.assassin.prefs.conf should be ignored, and may >>well be ignored in a future version. >> >>In particular, use_auto_whitelist has proven unreliable if declared in >>spam.assassin.prefs.conf under 3.0.x. It only seems to work if >>declared in the place the docs for 3.0.x tell you it needs to be. At >>the site config level i >> >> >>IMNSHO, spam.assassin.prefs.conf should _ONLY_ contain options that >>you want to use under MailScanner, but not when using the command >>line. Fundamentally this is a user_prefs file, and should be treated >>as such. It is NOT a local.cf replacement. >> >>Using your local.cf for your site-wide settings guarantees that these >>settings will properly apply to sa-learn, and spamassassin --lint, >>without requiring you to remember to use -p >>/etc/MailScanner/spam.assassin.prefs.conf every time. >> >>Very often people add bayes_path statements to >>spam.assassin.prefs.conf, but fail to pass -p to sa-learn. In this >>case, all their manual training becomes useless, as it goes to the >>wrong place. >> >>Currently I've reduced my spam.assassin.prefs.conf to be empty except >>for timeout adjustments. >> >>I'd strongly suggest mailscanner users think long and hard about their >>options placement, and avoid using spam.assassin.prefs.conf for >>settings which really belong in local.cf. Treat this file not as a >>"master config" but as a way of customizing SA's behavior for >>MailScanner. >> >> > >Thanks for eloquently expressing something that I have been meaning >to write for a little while now. I got bitten by the advice in the >MailScanner spam.assassin.prefs file, until I realised that it should >be considered a user prefs file, and not a replacement for local.cf. > >I am all for making life easy and not having commands in lots of >different places, but instructing people to delete local.cf is an >oversimplification. I now have a basically empty spam.assassin.prefs >file, as I want most of the SA configurations to be applied site >wide, whilst running the SA command line tools as well as running >from MailScanner. And some of the configuration commands are not >valid in a user prefs file anyway. > >I think it is a very good idea that Julian has created installs that >can install and configure a complete MailScanner, SA, ClamAV and MTA >setup 'out of the box'. This makes life very easy for people >starting from scratch, who may not have the knowledge and experience >to stitch this all together. However, this does cause confusion when >somone wants to implement a feature of SA that cannot be configured >in a user prefs file. (There was something recently, but I can't find >it in the archives right now.) > >Please do not take this as a pop at Julian or any of the other >contributors. I just think it would be better to make the >distinction between SA's different config files, rather than glossing >over them. > > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 21 17:59:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Jules 'normally' the local.cf is in /etc/mail/spamassassin. BUT a lot of package builders (as you say in the Solaris case) pop it into different places. I guess you could say where-ever the init.pre or v.pre are located, but trying to find that programmatically could be 'interesting', esp in the latter case. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 21 November 2005 17:49 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] ending the spam.assassin.prefs.conf madness. > > Okay, I understand that I shouldn't be putting site-wide settings in > spam.assassin.prefs.conf as it stands. Is there any way of > (a) telling SpamAssassin to use spam.assassin.prefs.conf as a site-wide > settings file, > or > (b) working out automatically exactly where the site-wide settings > should go on any given installation. On things like Solaris the correct > location is damn near impossible to find. Telling people to go and edit > their site-wide SpamAssassin settings file is not much use. I need to be > able to work out the precise location of the best file to use, and do > the necessary editing for them in the install script. That's why I have > always done it the way I have. It pretty much worked okay, and the file > was in an easy-to-find location that (1) I could work out and (2) users > would be able to find it again later if they needed to change something > 6 months later when they had forgotten what the install script told them. > > An ideal solution would be a soft-link in the MailScanner/etc directory > to the real location of the file. But I still have to find the real file. > > All constructive ideas are most welcome. > > Anthony Peacock wrote: > > >Hi Matt, > > > > > > > >>Richard Edge wrote: > >> > >> > >>>Thanks Matt. As mentioned in another message I am using 3.1 not > >>>3.01. It was a typo on my part. I have removed antidrug.cf. The > >>>spam.assassin.prefs.conf suggested renaming the local.cf file so > >>>that it wouldn't be used. Are you suggesting then that it be used to > >>>disable certain SpamAssassin functions/tests? > >>> > >>> > >>> > >>I'm suggesting, that the advice in spam.assassin.prefs.conf is > >>dangerous. I have no idea why Julian suggests this, as it's a BAD > >>IDEA. > >> > >> > >>Among other things, spam.assassin.prefs.conf should not contain any > >>privileged or administrator options. > >> > >>These options work in this file on some versions of SA, but this is > >>largely accidental because currently only the spamd code strictly > >>enforces all aspects of the privilege parsing rules. > >> > >>According to the documentation of spamassassin, many of the options > >>that Julian has in spam.assassin.prefs.conf should be ignored, and may > >>well be ignored in a future version. > >> > >>In particular, use_auto_whitelist has proven unreliable if declared in > >>spam.assassin.prefs.conf under 3.0.x. It only seems to work if > >>declared in the place the docs for 3.0.x tell you it needs to be. At > >>the site config level i > >> > >> > >>IMNSHO, spam.assassin.prefs.conf should _ONLY_ contain options that > >>you want to use under MailScanner, but not when using the command > >>line. Fundamentally this is a user_prefs file, and should be treated > >>as such. It is NOT a local.cf replacement. > >> > >>Using your local.cf for your site-wide settings guarantees that these > >>settings will properly apply to sa-learn, and spamassassin --lint, > >>without requiring you to remember to use -p > >>/etc/MailScanner/spam.assassin.prefs.conf every time. > >> > >>Very often people add bayes_path statements to > >>spam.assassin.prefs.conf, but fail to pass -p to sa-learn. In this > >>case, all their manual training becomes useless, as it goes to the > >>wrong place. > >> > >>Currently I've reduced my spam.assassin.prefs.conf to be empty except > >>for timeout adjustments. > >> > >>I'd strongly suggest mailscanner users think long and hard about their > >>options placement, and avoid using spam.assassin.prefs.conf for > >>settings which really belong in local.cf. Treat this file not as a > >>"master config" but as a way of customizing SA's behavior for > >>MailScanner. > >> > >> > > > >Thanks for eloquently expressing something that I have been meaning > >to write for a little while now. I got bitten by the advice in the > >MailScanner spam.assassin.prefs file, until I realised that it should > >be considered a user prefs file, and not a replacement for local.cf. > > > >I am all for making life easy and not having commands in lots of > >different places, but instructing people to delete local.cf is an > >oversimplification. I now have a basically empty spam.assassin.prefs > >file, as I want most of the SA configurations to be applied site > >wide, whilst running the SA command line tools as well as running > >from MailScanner. And some of the configuration commands are not > >valid in a user prefs file anyway. > > > >I think it is a very good idea that Julian has created installs that > >can install and configure a complete MailScanner, SA, ClamAV and MTA > >setup 'out of the box'. This makes life very easy for people > >starting from scratch, who may not have the knowledge and experience > >to stitch this all together. However, this does cause confusion when > >somone wants to implement a feature of SA that cannot be configured > >in a user prefs file. (There was something recently, but I can't find > >it in the archives right now.) > > > >Please do not take this as a pop at Julian or any of the other > >contributors. I just think it would be better to make the > >distinction between SA's different config files, rather than glossing > >over them. > > > > > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 21 18:01:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:14 2006 Subject: Question on MailScanner book Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Just a quick question on the book: > > Does it cover items such as Spamassassin and how to configure and > improve settings for SA? Maybe items like bayes? > The administration manual portion of it covers this to a reasonable extent. > Also, is there a table of contents available to see? I^Òd like to see > what it has. > The Preface is also included, what you are looking for is at http://www.sng.ecs.soton.ac.uk/mailscanner/files/ContentsPages12i.pdf > Thanks, > > Jason > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 21 18:10:35 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Therein lies the problem. I could run the "spamassassin" or "sa-learn" script to try to find out, but I equally well won't know where they are, they may not be on the $PATH (e.g. Solaris). But if we say I can find the "spamassassin" script (I'll work on that), then which of these lines is the one that states the directory I should be using? And what should the file be called? Is it local.cf or something else? I need to get this right this time. [26354] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [26354] dbg: config: read file /etc/mail/spamassassin/init.pre [26354] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [26354] dbg: config: using "/usr/share/spamassassin" for default rules dir Martin Hepworth wrote: >'normally' the local.cf is in /etc/mail/spamassassin. BUT a lot of package >builders (as you say in the Solaris case) pop it into different places. > >I guess you could say where-ever the init.pre or v.pre are >located, but trying to find that programmatically could be 'interesting', >esp in the latter case. > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: 21 November 2005 17:49 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: [MAILSCANNER] ending the spam.assassin.prefs.conf madness. >> >>Okay, I understand that I shouldn't be putting site-wide settings in >>spam.assassin.prefs.conf as it stands. Is there any way of >>(a) telling SpamAssassin to use spam.assassin.prefs.conf as a site-wide >>settings file, >>or >>(b) working out automatically exactly where the site-wide settings >>should go on any given installation. On things like Solaris the correct >>location is damn near impossible to find. Telling people to go and edit >>their site-wide SpamAssassin settings file is not much use. I need to be >>able to work out the precise location of the best file to use, and do >>the necessary editing for them in the install script. That's why I have >>always done it the way I have. It pretty much worked okay, and the file >>was in an easy-to-find location that (1) I could work out and (2) users >>would be able to find it again later if they needed to change something >>6 months later when they had forgotten what the install script told them. >> >>An ideal solution would be a soft-link in the MailScanner/etc directory >>to the real location of the file. But I still have to find the real file. >> >>All constructive ideas are most welcome. >> >>Anthony Peacock wrote: >> >> >> >>>Hi Matt, >>> >>> >>> >>> >>> >>>>Richard Edge wrote: >>>> >>>> >>>> >>>> >>>>>Thanks Matt. As mentioned in another message I am using 3.1 not >>>>>3.01. It was a typo on my part. I have removed antidrug.cf. The >>>>>spam.assassin.prefs.conf suggested renaming the local.cf file so >>>>>that it wouldn't be used. Are you suggesting then that it be used to >>>>>disable certain SpamAssassin functions/tests? >>>>> >>>>> >>>>> >>>>> >>>>> >>>>I'm suggesting, that the advice in spam.assassin.prefs.conf is >>>>dangerous. I have no idea why Julian suggests this, as it's a BAD >>>>IDEA. >>>> >>>> >>>>Among other things, spam.assassin.prefs.conf should not contain any >>>>privileged or administrator options. >>>> >>>>These options work in this file on some versions of SA, but this is >>>>largely accidental because currently only the spamd code strictly >>>>enforces all aspects of the privilege parsing rules. >>>> >>>>According to the documentation of spamassassin, many of the options >>>>that Julian has in spam.assassin.prefs.conf should be ignored, and may >>>>well be ignored in a future version. >>>> >>>>In particular, use_auto_whitelist has proven unreliable if declared in >>>>spam.assassin.prefs.conf under 3.0.x. It only seems to work if >>>>declared in the place the docs for 3.0.x tell you it needs to be. At >>>>the site config level i >>>> >>>> >>>>IMNSHO, spam.assassin.prefs.conf should _ONLY_ contain options that >>>>you want to use under MailScanner, but not when using the command >>>>line. Fundamentally this is a user_prefs file, and should be treated >>>>as such. It is NOT a local.cf replacement. >>>> >>>>Using your local.cf for your site-wide settings guarantees that these >>>>settings will properly apply to sa-learn, and spamassassin --lint, >>>>without requiring you to remember to use -p >>>>/etc/MailScanner/spam.assassin.prefs.conf every time. >>>> >>>>Very often people add bayes_path statements to >>>>spam.assassin.prefs.conf, but fail to pass -p to sa-learn. In this >>>>case, all their manual training becomes useless, as it goes to the >>>>wrong place. >>>> >>>>Currently I've reduced my spam.assassin.prefs.conf to be empty except >>>>for timeout adjustments. >>>> >>>>I'd strongly suggest mailscanner users think long and hard about their >>>>options placement, and avoid using spam.assassin.prefs.conf for >>>>settings which really belong in local.cf. Treat this file not as a >>>>"master config" but as a way of customizing SA's behavior for >>>>MailScanner. >>>> >>>> >>>> >>>> >>>Thanks for eloquently expressing something that I have been meaning >>>to write for a little while now. I got bitten by the advice in the >>>MailScanner spam.assassin.prefs file, until I realised that it should >>>be considered a user prefs file, and not a replacement for local.cf. >>> >>>I am all for making life easy and not having commands in lots of >>>different places, but instructing people to delete local.cf is an >>>oversimplification. I now have a basically empty spam.assassin.prefs >>>file, as I want most of the SA configurations to be applied site >>>wide, whilst running the SA command line tools as well as running >>> >>> >>>from MailScanner. And some of the configuration commands are not >> >> >>>valid in a user prefs file anyway. >>> >>>I think it is a very good idea that Julian has created installs that >>>can install and configure a complete MailScanner, SA, ClamAV and MTA >>>setup 'out of the box'. This makes life very easy for people >>>starting from scratch, who may not have the knowledge and experience >>>to stitch this all together. However, this does cause confusion when >>>somone wants to implement a feature of SA that cannot be configured >>>in a user prefs file. (There was something recently, but I can't find >>>it in the archives right now.) >>> >>>Please do not take this as a pop at Julian or any of the other >>>contributors. I just think it would be better to make the >>>distinction between SA's different config files, rather than glossing >>>over them. >>> >>> >>> >>> >>> >>-- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > > >********************************************************************** > >This email and any files transmitted with it are confidential and >intended solely for the use of the individual or entity to whom they >are addressed. If you have received this email in error please notify >the system manager. > >This footnote confirms that this email message has been swept >for the presence of computer viruses and is believed to be clean. > >********************************************************************** > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 21 18:40:43 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Okay, I understand that I shouldn't be putting site-wide settings in > spam.assassin.prefs.conf as it stands. Julian.. Here's another point to consider... Why should MailScanner's installation be modifying the site options AT ALL? For example, you're specifying "lock_method flock" in spam.assassin.prefs.conf. But in doing so, you're assuming the user has no NFS shares. Many of these options aren't really mailscanner specific, but site implementation specific. It might be nice to provide a "suggested" mailscanner.cf file for people to use, but I largely don't see the point of MailScanner's installation specifying bayes_paths, lock_method, dcc_path, etc as it does now. In general, many of these have done me more harm than good. The only major option I see of as having any value is the "use_auto_whitelist" However, that's largely moot now. 1) the AWL was fixed to avoid some of the problems I cited in it long ago, so I feel much less strongly about the problems of site-wide AWL usage. 2) the AWL is a plugin as of 3.1.0, so this option isn't the preferred way of disabling the AWL. It's preferred to not load the module at all, saving memory. And, for anyone who has done it the preferred way, this option will cause parse errors. > Is there any way of > (a) telling SpamAssassin to use spam.assassin.prefs.conf as a site-wide > settings file, > or > (b) working out automatically exactly where the site-wide settings > should go on any given installation. On things like Solaris the correct > location is damn near impossible to find. Can you access the $siterules member of Mail::SpamAssassin? I don't know enough perl to tell the difference between public and private, but this is where Mail::SpamAssassin stores what site rules directory it's actively using. Telling people to go and edit > their site-wide SpamAssassin settings file is not much use. I need to be > able to work out the precise location of the best file to use, and do > the necessary editing for them in the install script. That's why I have > always done it the way I have. It pretty much worked okay, and the file > was in an easy-to-find location that (1) I could work out and (2) users > would be able to find it again later if they needed to change something > 6 months later when they had forgotten what the install script told them. IMHO, you're doing a bit too much for the user, and running into problems you shouldn't be having in the first place. > > An ideal solution would be a soft-link in the MailScanner/etc directory > to the real location of the file. But I still have to find the real file. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at YAHOO.COM Mon Nov 21 19:31:22 2005 From: micoots at YAHOO.COM (Michael Mansour) Date: Thu Jan 12 21:31:14 2006 Subject: Archive Mail - how do ppl do it? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I'm just wondering how many of you handle this Archive Mail option for people/clients that want it from you? I've just set it up as follows: Archive Mail = %rules-dir%/archive.mail.rules and for my archive.mail.fules file: To: *@domain.com yes forward /var/spool/MailScanner/archive/domain FromOrTo: default As expected, I get the mail archived (copied) in that directory/_DATE_ now like: /var/spool/MailScanner/archive/domain/20051122/..... with it containing: -rw------- 1 root root 531 Nov 22 01:33 dfjALEX5qc006601 -rw------- 1 root root 153 Nov 22 02:50 dfjALFoYqc015004 -rw------- 1 root root 401 Nov 22 02:51 dfjALFpWqc015122 -rw------- 1 root root 233 Nov 22 04:07 dfjALH7cqc023368 -rw------- 1 root root 228 Nov 22 04:41 dfjALHfTqc028248 -rw------- 1 root root 131 Nov 22 04:53 dfjALHrpqc029700 -rw------- 1 root root 2352 Nov 22 05:38 dfjALIchqc019695 -rw------- 1 root root 1598 Nov 22 01:33 qfjALEX5qc006601 -rw------- 1 root root 1651 Nov 22 02:50 qfjALFoYqc015004 -rw------- 1 root root 1552 Nov 22 02:51 qfjALFpWqc015122 -rw------- 1 root root 1551 Nov 22 04:07 qfjALH7cqc023368 -rw------- 1 root root 1483 Nov 22 04:41 qfjALHfTqc028248 -rw------- 1 root root 1591 Nov 22 04:53 qfjALHrpqc029700 -rw------- 1 root root 1337 Nov 22 05:38 qfjALIchqc019695 If i wanted to restore this type of mail for the user, how would I go about doing that with the files kept like mqueue-type files above? (not knowing which messages they'd want etc). I've also looked at the mbox facility provided by MailScanner, but without auto-creating the mbox files for me I couldn't find it of much use in a "dated" directory structure (it would be good if MailScanner did create the mbox files automatically because I could then use something like archive_DATE_.mbox as the filename for the domain and MailScanner would just create the files ont he fly). Thanks. Michael. ____________________________________________________ Do you Yahoo!? Find a local business fast with Yahoo! Local Search http://au.local.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Nov 21 20:36:41 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Monday, November 21, 2005 1:11 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > Therein lies the problem. I could run the "spamassassin" or "sa-learn" > script to try to find out, but I equally well won't know where they are, > they may not be on the $PATH (e.g. Solaris). > > But if we say I can find the "spamassassin" script (I'll work on that), > then which of these lines is the one that states the directory I should > be using? And what should the file be called? Is it local.cf or > something else? I need to get this right this time. > > [26354] dbg: config: using "/etc/mail/spamassassin" for site > rules pre files > [26354] dbg: config: read file /etc/mail/spamassassin/init.pre > [26354] dbg: config: using "/usr/share/spamassassin" for sys > rules pre files > [26354] dbg: config: using "/usr/share/spamassassin" for default rules dir > [...] I have a sample shell script attached that might answer both questions Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "FindSaLocalCf.sh") 3.1KB. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Mon Nov 21 20:44:43 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Therein lies the problem. I could run the "spamassassin" or "sa-learn" > script to try to find out, but I equally well won't know where they are, > they may not be on the $PATH (e.g. Solaris). > > But if we say I can find the "spamassassin" script (I'll work on that), > then which of these lines is the one that states the directory I should > be using? And what should the file be called? Is it local.cf or > something else? I need to get this right this time. I would suggest using mailscanner.cf as a filename. This way you are unlikely to muck-up a user's already existing local.cf file. (SA will automatically parse *.cf in the site rules dir, so both will get parsed. Since parsing is in alphabetic order, and last-parsed wins, options in mailscanner.cf will over-ride options in local.cf) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 21 20:57:22 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Julian Field wrote: > > >>Okay, I understand that I shouldn't be putting site-wide settings in >>spam.assassin.prefs.conf as it stands. >> >> > >Julian.. Here's another point to consider... Why should MailScanner's >installation be modifying the site options AT ALL? > > To make it easier/automatic for 90-something % of users. >For example, you're specifying "lock_method flock" in spam.assassin.prefs.conf. >But in doing so, you're assuming the user has no NFS shares. > > Which is true in virtually all novice-user cases. Users like you can easily undo anything I've done that you don't like. I'm trying to make it easier for the vast bulk of MailScanner users who don't know much about Unix and like having everything done for them. How many MailScanner admins don't even know what NFS is? I suspect the answer is at least "most". >Many of these options aren't really mailscanner specific, but site >implementation specific. > > Agreed, but that's not the point. >It might be nice to provide a "suggested" mailscanner.cf file for people to use, >but I largely don't see the point of MailScanner's installation specifying >bayes_paths, lock_method, dcc_path, etc as it does now. In general, many of >these have done me more harm than good. > > You're not the type of user I need to worry about, you know enough to easily fix anything I have done that you don't like. >The only major option I see of as having any value is the "use_auto_whitelist" >However, that's largely moot now. > >1) the AWL was fixed to avoid some of the problems I cited in it long ago, so I >feel much less strongly about the problems of site-wide AWL usage. > >2) the AWL is a plugin as of 3.1.0, so this option isn't the preferred way of >disabling the AWL. It's preferred to not load the module at all, saving memory. >And, for anyone who has done it the preferred way, this option will cause parse >errors. > > Fair enough. > > > > >>Is there any way of >>(a) telling SpamAssassin to use spam.assassin.prefs.conf as a site-wide >>settings file, >>or >>(b) working out automatically exactly where the site-wide settings >>should go on any given installation. On things like Solaris the correct >>location is damn near impossible to find. >> >> > >Can you access the $siterules member of Mail::SpamAssassin? I don't know enough >perl to tell the difference between public and private, but this is where >Mail::SpamAssassin stores what site rules directory it's actively using. > > Can you double check that please? use Mail::SpamAssassin; $a = new Mail::SpamAssassin; print "site rules is \"" . $a->{siterules} . "\"\n"; produces site rules is "" so it's not called "siterules". Please can you provide me a code snippet (requiring no external configs) that produces the text you are looking for. > >Telling people to go and edit > > >>their site-wide SpamAssassin settings file is not much use. I need to be >>able to work out the precise location of the best file to use, and do >>the necessary editing for them in the install script. That's why I have >>always done it the way I have. It pretty much worked okay, and the file >>was in an easy-to-find location that (1) I could work out and (2) users >>would be able to find it again later if they needed to change something >>6 months later when they had forgotten what the install script told them. >> >> > >IMHO, you're doing a bit too much for the user, and running into problems you >shouldn't be having in the first place. > > In my book, doing too much for user is pretty much impossible. Anything else, and you are expecting too much from the user. Assume they don't know how to use a keyboard and you won't go far wrong. >>An ideal solution would be a soft-link in the MailScanner/etc directory >>to the real location of the file. But I still have to find the real file. >> -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 21 21:39:18 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: >> Julian.. Here's another point to consider... Why should MailScanner's >> installation be modifying the site options AT ALL? >> >> > To make it easier/automatic for 90-something % of user Julian, the SA defaults already do that. I'm all for changes that actually help, but by-and-large you're just force-choosing a different set of defaults for them, which aren't necessarily better or more accurate. Many of the options in spam.assassin.prefs.conf aren't about making SA work better with MailScanner, they're about your personal preferences. Case in point: dns_available yes Here you've disabled SA's inherent DNS test, without reason to believe DNS is actually working. Case in point: bayes_file_mode 0770. Why? You've weakened security for no express purpose I can see. This might make sense with bayes_path, but without it I see no purpose. (And I definitely view forcing bayes_path as "user unfriendly" since it breaks sa-learn. Glad to see that's been commented out) Case in point: ok_locales en Now you've forced users to start spam scoring non-English mail, without any reason to believe the end-user is even primarily English. I know *I* receive many valid non-English mails at this site. I have users who regularly exchange email in at least 3 different non-English languages. And from the looks of it, MailScanner has a lot of German users... Case in point: lock_method flock Most users might not be on NFS, but the default of nfssafe will work for any filesystem type, albeit with more overhead. Is tweaking speed with the possible expense of causing bayes corruption making things easier for the naive user? Admittedly the naive user shouldn't have NFS, but the naive user also shouldn't be administering a mailserver. Who knows what the previous, more competent, admin set up for them. There are some options here which ARE about making SA work better with MailScanner, but they are a minority. i.e: envelope_sender_header, bayes_ignore_header. > Which is true in virtually all novice-user cases. > Users like you can easily undo anything I've done that you don't like. I'm trying to make it easier for the vast bulk of MailScanner users who don't know much about Unix and like having everything done for them. How many MailScanner admins don't even know what NFS is? I suspect the answer is at least "most". True, but why force-choose the less-safe option for them? SA already defaults to the safest option. It does so for a reason. It makes it work for more users "out of the box" with fewer problems. > Matt Kettler wrote: >> >> IMHO, you're doing a bit too much for the user, and running into >> problems you >> shouldn't be having in the first place. >> >> > In my book, doing too much for user is pretty much impossible. Anything > else, and you are expecting too much from the user. Assume they don't > know how to use a keyboard and you won't go far wrong. Ouch.. since when did you start working for Microsoft? :) Seriously though, it is VERY easy to do too much for the user. There are definitely some cases where doing things for the user is just leading them into deep water without them knowing about it. Case in point, IE's "show friendly URLs", which simplifies information presented to the user, at the expense of making phishing impossible for the user to detect because only the hostname is shown. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 21 21:58:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Admittedly the naive user shouldn't have NFS, but the naive user also > shouldn't > >be administering a mailserver. > Sorry for laying a trap, but you fell straight into that one. What do you mean "the naive user also shouldn't be administering a mailserver"? I ran into exactly this on the SpamAssassin newsgroup once, when someone was saying something similar in reference to amavis (whichever fork). I reacted violently then, and I seem no reason not to do the same here. Sorry, but I completely disagree with this statement. A large amount of MailScanner users are naive or novice users. I make special effort to cater for them and it is much appreciated by them. If you aim towards them, you don't aim too high. People who are caught out by you aiming too low are always capable of correcting whatever you have done that they don't like. You can never aim too low. Anyone (excluding present company, of course) thinking otherwise is being a tad thoughtless for those with less experience. I aim to configure MailScanner for those 90% of users who know little of what they are doing. Those who know more can easily correct a configuration file they don't like. I appreciate that is a different outlook from that taken by most open-source authors. But I think my approach is better for my users. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 21 21:59:43 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My question still stands: what is the following code supposed to say? Julian Field wrote: > Can you double check that please? > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > print "site rules is \"" . $a->{siterules} . "\"\n"; > produces > site rules is "" > so it's not called "siterules". Please can you provide me a code > snippet (requiring no external configs) that produces the text you are > looking for. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Mon Nov 21 22:23:09 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:31:14 2006 Subject: windows/php from problems? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi This might be off topic J Im running a windows server, IIS6 and PHP. When sending mails from PHP on windows it seams to ignore the From header information set? Or is it something in mailscanner? Looking at the mail in the mailscanner log I get the bellow. As you can se I do set a â^À^ÜFrom: â^À^Ü in the header, but still mailwatch displays the from-part as empty? This is from the table in the detail-display of a message: Message Headers: Return-Path: <�g> Received: from echo.csite.com ([213.150.56.221]) by scanner1.mailwall.dk (8.13.1/8.13.1) with ESMTP id jALMFv0L003745 for ; Mon, 21 Nov 2005 23:15:57 +0100 Received: from echo ([127.0.0.1]) by echo.csite.com (ConviatorMailServer) with SMTP id FFM74443 for ; Mon, 21 Nov 2005 23:09:17 +0100 Date: Mon, 21 Nov 2005 23:09:17 +0100 Subject: Tilmelding til database - udviklet af edventure To: mediconnect@edventure.dk From: jan@agermose.com Return-Path: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Message-ID: <1132610957jan@agermose.com> From: To: mediconnect@edventure.dk Subject: Tilmelding til Mediconnects database - udviklet af edventure ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ja at CONVIATOR.COM Mon Nov 21 22:25:33 2005 From: ja at CONVIATOR.COM (Jan Agermose) Date: Thu Jan 12 21:31:14 2006 Subject: forward to host:port? Message-ID: Hi Running MXdefender – is it possible to forward to a host running SMTP on port 366 not 25? Regards Jan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 21 22:26:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Matt Kettler wrote: > >> Admittedly the naive user shouldn't have NFS, but the naive user also >> shouldn't >> >> be administering a mailserver. >> > Sorry for laying a trap, but you fell straight into that one. No, I did not. You are looking for me to fall into it, thus mis-read my message and ignored it's content to focus on the one piece you were looking for. Please do me the service of reading my messages with a clear mind Julian. I have no hate for the naive, nor wish them any lack of service. What do > you mean "the naive user also shouldn't be administering a mailserver"? I never used this as support for my arguments. It was merely a side comment on the stat of the universe. Re-read my message, closely this time Julian. I am not arguing they should be ignored, or that they shouldn't be considered, helped or catered to. I am merely stating, as a side comment, that they are in fact already over their heads. Period. I did not ever say this option should be eliminated or changed because it only helps the naive. In fact, if you read my email, all of my arguments are based on LACK of service to the naive user. So, rather than focus on a side-comment, what about the rest of my email? The part that actually has to do with MailScanner. Why are you intentionally making it harder for naive users, but claim that you're doing all this just to cater to them? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 21 22:28:32 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > My question still stands: what is the following code supposed to say? > > Julian Field wrote: > >> Can you double check that please? >> >> use Mail::SpamAssassin; >> $a = new Mail::SpamAssassin; >> print "site rules is \"" . $a->{siterules} . "\"\n"; >> produces >> site rules is "" >> so it's not called "siterules". Please can you provide me a code >> snippet (requiring no external configs) that produces the text you are >> looking for. Well, I did say I knew little of perl. I was merely wondering if it was accessible. Apparently not. The code that's relevant from SpamAssassin.pm is: my $siterules = $self->{site_rules_filename}; $siterules ||= $self->first_existing_path (@site_rules_path); I have no idea what the perl word "my" does. Does this declare an item as a local to the function? or export it to the module? Or something else? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Tue Nov 22 00:08:18 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:14 2006 Subject: MailScanner on freebsd Message-ID: Sendmail is working!!!! I had to modify the DAEMON_OPTIONS in my mc file in order to have sendmail listen on any address (0.0.0.0) instead of just my public address. Recompiled sendmail, then it worked. Issuing a sendmail -v root >> Marc.Dufresne@PARKS.ON.CA 11/21/2005 12:18 pm >>> No sendmail -v root >> brent.bolin@GMAIL.COM 11/21/2005 11:57 AM >>> Don't go there yet!. Is sendmail working ? sendmail -v root wrote: > > I found this doc > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > Sendmail.cf incoming QueueDirectory is setup to > /var/spool/mqueue. > Are these the right permissions? > > Here is the output from ls -l /var/spool > > drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner > drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue > drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue > drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in > > MailScanner.conf is setup as > > Incoming Queue Dir = /var/spool/mqueue > Outgoing Queue Dir = /var/spool/mqueue > > # Set where to unpack incoming messages before scanning them > Incoming Work Dir = /var/spool/MailScanner/incoming > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming > > # Set where to store infected and message attachments > Quarantine Dir = /var/spool/MailScanner/quarantine > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> > Don't care about private discussions. The list exiled me when I called > someone a "Dipswitch". > > Pretty harsh words ya think ? > > Do you show this? > > # ps auxwww|grep sendmail > root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting > connections (sendmail) > root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/mqueue (sendmail) > smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/clientmqueue (sendmail) > root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail > > Sounds to me like your sendmail submit isn't running. > > Also attaching a valid submit.cf > file > > Make sure your using both the sendmail.cf < > http://sendmail.cf> and > submit > files I'm sending you. > > > On 11/21/05, Marc Dufresne wrote: > > > > My apologies for the private discussions. Didn't realize I posted to > the > > forum. > > > > Sendmail is running on port 25. Sendmail is acting as a Relay for my > > domain. I have no problem sending/receiving internet e-mail. The two > > problems I am having are: > > > > 1- MailScanner doesn't seem to be scanning inbound mail. > > > > 2- local mail sent to root and postmaster is not being delivered. > The > > /var/spool/clientmqueue is backing up with e-mails sent to root and > > postmaster. > > > > Here's what /var/spool/maillog is saying > > > > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, > > delay=10:33:28, > > xdelay=00:00:00, mailer=relay, pri=1023910, > relay=[127.0.0.1 > > ], > > dsn=4.0.0, stat=Deferred: Connection refused by > [127.0.0.1 > > ] > > > > I issued the command sendmail -v root I'm > > receiving. > > > > root....connecting to [127.0.0.1 ] > via relay > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > I have modified my /etc/mail/access to reflect > > > > 127.0.0.1 RELAY > > localhost.localdomain RELAY > > localhost RELAY > > > > Issued a makemap hash /etc/mail/access.db < /etc/mail/access. > Restarted > > sendmail and still receive the Connection Refused error. > > > > Any ideas? > > > > I want to fix problem 2 first, eliminating the connection refused > > errors. Then I want to move onto the MailScanner problem. > > > > > > Marc Dufresne, Corporate IT Officer > > St. Lawrence Parks Commission > > 13740 County Road 2 > > Morrisburg, ON K0C 1X0 > > > > E-mail: Marc.Dufresne@parks.on.ca > > Voice: 613-543-3704 Ext#2455 > > Fax: 613-543-2847 > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> > > Marc Dufresne wrote: > > > Couldn't download any of your sample files. None of the links to > > your > > > files work. > > > > Looking a the links, I'm not surprised. > > > > The way you are quoting is making it very hard to follow. Please > avoid > > > > having private discussions while using a public mailing list and > don't > > > > top-post. > > > > > > > > From the command line, if I issue sendmail -v root > > I receive this error, > > > > > > root....connecting to [127.0.0.1 ] > via relay > > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > Is sendmail running? > > > > On what port/IP is it running on? > > > > > > > > What files do I need to modify under /etc/mail? > > > > > > > Are you familiar with Sendmail or other MTAs? > > > > Regards, > > > > Ugo > > > > > > > > Marc Dufresne, Corporate IT Officer > > > St. Lawrence Parks Commission > > > 13740 County Road 2 > > > Morrisburg, ON K0C 1X0 > > > > > > E-mail: Marc.Dufresne@parks.on.ca > > > Voice: 613-543-3704 Ext#2455 > > > Fax: 613-543-2847 > > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > > >>>> BB 11/20/2005 9:38 PM >>> > > > Marc, > > > > > > I have attached working sendmail.mc < > http://sendmail.mc> < > > http://sendmail.mc> and > > > sendmail.cf < > http://sendmail.cf>files along > with > > /etc/rc.conf > > startup. > > > There are a number of things in the > > > rc.conf that you don't need just use the sendmail portion for > > examples. > > > BTW > > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf > > does > > > not > > > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > > > > > The first thing is to get a working copy of sendmail running. Make > > > your > > > edits to /etc/rc.conf with the examples sent. > > > > > > Copy sendmail.cf < > http://sendmail.cf> > /etc/mail > > > > > > Verify no sendmail processes are running and if they are kill the > > pid > > > of > > > them. Verify again they are gone. > > > > > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > > > sendmail. > > > Send your self a test message from the MTA level - > > > > > > sendmail -v root > > > > > This should send a test mesage to root with no subject and > > undisclosed > > > recipients. Thats fine all we want to know is if sendmail is > > running. > > > Its > > > also a good test to check the header files. > > > > > > If its working thats great, move on to MailScanner. I've included > a > > > working > > > copy of a mailscanner.conf file. There are some things configured > > that > > > you > > > might not be using, but all the directores are in place and are > set > > to > > > defaults. > > > > > > Virus scanners set to none if not using (I'm using three) > > > Spamassassin set to no if not using (I'm using 3.1.0_3) > > > Uncomment the whitlist and blacklist file rules, I'm using > > > SQLblacklist/whitelists > > > > > > I've included another file called directories.needed. Just run, it > > > will > > > create them if they don't exist > > > > > > This should be enough to get you going. Remember you need to get > > > sendmail > > > running first. I didn't or never have used the Makefile included > > with > > > the > > > distribution. I use the m4 macro on the configuration file *.mc or > > just > > > use > > > webmin. Its in the ports or can be downloaded from > > > webmin.com > > > . > > > > > > It does not make sense to me why sendmail is running if it is > marked > > > to > > > "NONE". If that dosen't do it mark the first instance with NONE > and > > all > > > the > > > others with NO > > > > > > BTW: There is also a nice webmin modual for MailScanner. Once > setup > > > things > > > don't change much other then whitelists/blacklists. The latest > > version > > > of > > > mailwatch can do this hence > > > > > > Is Definitely Not Spam = &SQLWhitelist > > > Is Definitely Spam = &SQLBlacklist > > > > > > > > > Hang on for the ride... > > > > > > > > > > > > On 11/20/05, Marc Dufresne wrote: > > >> I am going to explain my understanding of the MailScanner setup. > > > Please > > >> reveiw and let me know if I'm understanding this correctly? > > >> > > >> When MailScanner.conf is configured, the following parameters > > should > > > be > > >> set if I'm using sendmail on FreeBSD 5.4: > > >> > > >> #MTA used for the Gateway > > >> MTA=sendmail > > >> > > >> #Set how to invoke MTA when sending messages MailScanner has > > created > > >> (e.g. to sender/recipient saying "found a virus in your > message"). > > > This > > >> can also be the filename of a ruleset. > > >> sendmail=/usr/sbin/sendmail > > >> > > >> #Incoming mail queue directory for Sendmail > > >> Incoming Queue Directory=/var/spool/mqueue > > >> > > >> #Outgoing mail queue directory for Sendmail > > >> Outgoing Queue Directory=/var/spool/mqueue > > >> > > >> #Incoming Queue Directory for MailScanner > > >> /var/spool/MailScanner/incoming > > >> > > >> #Quarantine Directory for MailScanner > > >> /var/spool/MailScanner/quaratine > > >> > > >> System Startup should be as follows: > > >> > > >> 1) #Disable sendmail from loading at system startup > > >> modify /etc/rc.conf to disable sendmail load > > >> > > >> > > > > > > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > > > > > > > > >> > > >> Section 23.4.2.3 > FreeBSD > 5.0-STABLEand Later > > >> > > >> /etc/rc.conf > > >> > > >> sendmail_enable="NO" > > >> sendmail_submit_enable="NO" > > >> sendmail_outbound_enable="NO" > > >> sendmail_msp_queue_enable="NO" > > >> > > >> 2) #Load MailScanner at system startup. > > >> #Make sure mailscanner.sh file is located under > /usr/local/etc/rc.d > > >> in order to load MailScannner process at startup. Mailscanner.sh > > > should > > >> invoke sendmail and mailscanner process to start > > scanning/delivering > > >> mail. > > >> > > >> /usr/local/etc/rc.d/mailscanner.sh > > >> _________________________________ > > >> > > >> First Problem > > >> > > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > > >> everything. Sendmail still loads at startup??????? > > >> > > >> Second Problem > > >> > > >> Once system is completly loaded and sitting at the login prompt, > I > > >> receive an error > > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind > > >> address already in use > > >> > > >> I login, and run ps -ax (This is what I see) > > >> > > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > > >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > > >> /var/spool/client > > >> > > >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/mqueue > > >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/client > > >> > > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl > > >> -I/usr/local/lib/MailScanner /usr/local > > >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> > > >> Third Problem > > >> > > >> I run tail -f /var/log/maillog > > >> > > >> I will send test e-mails from the outside and watch sendmail > > receive > > >> and process incoming mail. Everyone receives e-mails from the > > > outside, > > >> but mailscanner does not scan any messages. > > >> > > >> I will issue a mailq to view /var/spool/mqueue directory. > Directory > > > is > > >> always empty. > > >> > > >> I'm completely stumped here as to why Sendmail refuses to disable > > at > > >> startup and MailScanner refuses to scan e-mail messages!!!!! > > >> > > >> Any ideas???? > > >> > > >> > > >> Marc Dufresne, Corporate IT Officer > > >> St. Lawrence Parks Commission > > >> 13740 County Road 2 > > >> Morrisburg, ON K0C 1X0 > > >> > > >> E-mail: Marc.Dufresne@parks.on.ca > > >> Voice: 613-543-3704 Ext#2455 > > >> Fax: 613-543-2847 > > >> Corporate website: www.parks.on.ca < > http://www.parks.on.ca> < > > http://www.parks.on.ca> > > >> > > >>>>> BB 11/19/2005 12:38 AM >>> > > >> Don't know if they ever got the list fixed for my replies, so I'm > > > doing > > >> it > > >> direct and through the list. > > >> > > >> Change /etc/rc.conf or /etc/defaults/rc.conf > > >> sendmail_enable=NONE > > >> > > >> Verify mailscanner is starting up with > > > /usr/local/etc/rc.d/mailscanner > > >> .sh > > >> > > >> Think you need to manually create some of the directores. Verify > > >> MailScanner.conf for directories. > > >> > > >> tail -f /var/log/maillog will show you the details > > >> > > >> The only reason to rebuild sendmail.cf < > http://sendmail.cf> < > > http://sendmail.cf> > > > > >>> is to > > >> remove > > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good > > >> choice to > > >> use. > > >> > > >> # SMTP daemon options > > >> > > >> O DaemonPortOptions=Name=IPv4, Family=inet > > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > > >> O DaemonPortOptions=Port=587, Name=MSA, M=E > > >> > > >> > > >> -- > > >> ACK and you shall receive > > >> > > >> > > >> > > > > > > > > > -- > > > ACK and you shall receive > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > BEGIN:VCARD > > > VERSION:2.1 > > > X-GWTYPE:USER > > > FN:Marc Dufresne > > > TEL;WORK:613-543-3704 > > > ORG:;Information Technology > > > TEL;PREF;FAX:613-543-2847 > > > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > > > N:Dufresne;Marc > > > TITLE:Corporate IT Officer > > > END:VCARD > > > > > > > > > -- > > Ugo > > > > -> Please don't send a copy of your reply by e-mail. I read the > list. > > -> Please avoid top-posting, long signatures and HTML, and cut the > > irrelevant parts in your replies. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From rcooper at DWFORD.COM Tue Nov 22 00:49:21 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Matt Kettler > Sent: Monday, November 21, 2005 5:29 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > Julian Field wrote: > > My question still stands: what is the following code supposed to say? > > > > Julian Field wrote: > > > >> Can you double check that please? > >> > >> use Mail::SpamAssassin; > >> $a = new Mail::SpamAssassin; > >> print "site rules is \"" . $a->{siterules} . "\"\n"; > >> produces > >> site rules is "" > >> so it's not called "siterules". Please can you provide me a code > >> snippet (requiring no external configs) that produces the text you are > >> looking for. > > > Well, I did say I knew little of perl. I was merely wondering if it was > accessible. Apparently not. > > The code that's relevant from SpamAssassin.pm is: > > my $siterules = $self->{site_rules_filename}; > $siterules ||= $self->first_existing_path (@site_rules_path); > > That says set the site rules path to site_rules_filename, if provided by the calling program, and if $siterules doesn't have a value the use the sub first_exiting_path to return the first path that exists. It looks at the paths below # first 3 are BSDish, latter 2 Linuxish @site_rules_path = ( '__local_rules_dir__', '__prefix__/etc/mail/spamassassin', '__prefix__/etc/spamassassin', '/usr/local/etc/spamassassin', '/usr/pkg/etc/spamassassin', '/usr/etc/spamassassin', '/etc/mail/spamassassin', '/etc/spamassassin', ); A look at http://www.cpan.org/modules/by-module/Mail/Mail-SpamAssassin-3.1.0.readme Says the __*__ stuff is set thusly: They are set on install time and can be overridden with the Makefile.PL command line options DATADIR (for __def_rules_dir__) and CONFDIR (for __local_rules_dir__). If none of these options were given, FHS-compliant locations based on the PREFIX (which becomes __prefix__) are chosen. These are: __prefix__ __def_rules_dir__ __local_rules_dir__ ------------------------------------------------------------------------- /usr /usr/share/spamassassin /etc/mail/spamassassin /usr/local /usr/local/share/spamassassin /etc/mail/spamassassin /opt/$DIR /opt/$DIR/share/spamassassin /etc/opt/mail/spamassassin $DIR $DIR/share/spamassassin $DIR/etc/mail/spamassassin Now if someone us using $DIR then they should know where they told the installer to put it. So if you were to use the attached revision of the script I posted earlier it will look in all the possible dirs except /opt/$DIR or $DIR (no way to tell what $DIR is). If it finds the local.cf, great, if not it will try and find spamassassin and ask it, if it can't find spamassassin then it will ask the user where spamassassin is and ask it again. BTW: I did it as a shell script because I believe Julian's installer is a shell script. My two cents on the whole issue is, sure there are some things that could be changed in the spamassassin.prefs.conf file to bring things up to date, however I use a link in /etc/mail/spamassassin to spamassassin.prefs.conf -> local.cf. I also force no DNS tests because, and I haven't checked 3.1.0, SA's DNS tests suck. I had to shells running side by side, one shell looping through host checks on the hosts SA check and one running --lint. SA failed the DNS tests at least 3 out of 5 times but host never missed. I never bothered to try and find why since the SA authors were well aware of this problem and added the config var to disable tests and force use. Perhaps the best thing is get a consensus as to what should be in a spamassassin.prefs.conf file for the wide masses of novice admins and allow those who know what they are doing modify as they desire. Kind of like the basic exim.conf, it is safe and functional out of the box without having to know technical details to get the mail system up and running. Novices will *always* try and run mail systems without learning what they are doing first and it's best to default to least knowledge required to operate, IMHO Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "testsafind-new.sh") 4KB. ] [ Unable to print this part. ] From rcooper at DWFORD.COM Tue Nov 22 00:54:56 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rick Cooper > Sent: Monday, November 21, 2005 7:49 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > [...] > So if you were to use the attached revision of the script I posted earlier [...] Oops, I attached a purposly broken copy of the shell script, I fogot to change /etc/maill back to /etc/mail from testing the fall through portion of the script, sorry. See attached Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "testsafind-new.sh") 4KB. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Tue Nov 22 01:34:38 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rick Cooper wrote: >>The code that's relevant from SpamAssassin.pm is: >> >> my $siterules = $self->{site_rules_filename}; >> $siterules ||= $self->first_existing_path (@site_rules_path); >> >> > > > That says set the site rules path to site_rules_filename, if provided by the > calling program, > and if $siterules doesn't have a value the use the sub first_exiting_path to > return the first path that exists. It looks at the paths below That much I understand.. the part I did not understand is if this code is in Mail::SpamAssassin::init() does siterules become an accessible member of a Mail::SpamAssassin object or not. I've never got the hang of figuring out how to tell what variables are externally accessible and which are not in perl code. As a C++ programmer it all looks rather haphazard with no clear way of identifying interfaces, except that which is documented separately in man pages. But then again, I don't know the language, so that appearance my just come from lack of good understanding. For example, as said previously, I have no clue why the "my" does. I assume it has something to do with scope, but does it make it the equivalent of "private" (ie: my = mine and mine alone) or "public" (my = my exported member)? > So if you were to use the attached revision of the script I posted earlier > it will look in all the possible dirs except /opt/$DIR or $DIR (no way to > tell what $DIR is). That much I understand too. I was hoping to find a good way to extract this information directly from a small perl script invoking a Mail::SpamAssassin object. This way you'd be able to identify it with 100% accuracy, and would keep abreast of changes in the SA code. Unfortunately, it doesn't work that way. > Perhaps the best thing is get a consensus as to what should be in a > spamassassin.prefs.conf file for the wide masses of novice admins and allow > those who know what they are doing modify as they desire. Kind of like the > basic exim.conf, it is safe and functional out of the box without having to > know technical details to get the mail system up and running. Novices will > *always* try and run mail systems without learning what they are doing first > and it's best to default to least knowledge required to operate, IMHO I agree wholeheartedly. My actual complaint is that the existing spam.assassin.pref.conf creates several pitfalls for novice users to fall in. Something which is clearly bad for novices if we want to help them. I'm a relatively knowing user and have fallen into many of these traps myself. This implies very bad things are ahead for the novice. In general there are several general classes of settings in the existing spam.assassin.prefs.conf. Some should stay, some are questionable, some should probably be commented out, and some need proper warnings. 1) settings which make SA aware of mailscanner's behaviors or improve SA's behavior under mailscanner. These are undoubtedly good. envelope_sender_header bayes_ignore_header rbl_timeout razor_timeout pyzor_timeout (note: the rbl_timeout setting in spam.assassin.prefs.conf is 20, which LARGER than the SA default of 15 in 3.0+. I think this is contrary to its original purpose of trying to shorten the RBL timeout from its old default of 30.) 2) settings which fix broken rules in SA by disabling them. Sorta good, but they cause problem when SA catches up and removes the rule. score RCVD_IN_RSL 0 3) added rules distributed for convenience: IE_VULN FRIEND_GREETINGS FRIEND_GREETINGS2 3) settings which make assumptions about the system setup to tune performance. While these may help, in some cases they over-ride the safer SA defaults and may create pitfalls for novice users. dns_available lock_method pyzor_path dcc_path 4) settings which over-ride the defaults on matters of site preference. ok_locales 5) settings which are set for no apparent reason. bayes_file_mode 6) settings which are commented out, but could cause problems for the unwary if used here. bayes_file_mode (need to make sure sa-learn sees this option too, but no mention of that!) bayes_auto_expire (Not all SA versions reliably honor this here. I have seen this fail on 2.64 until moved to local.cf.) 7) settings which work, but the docs say shouldn't. use_auto_whitelist 0 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 03:52:57 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Matt Kettler > Sent: Monday, November 21, 2005 8:35 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > [..] > That much I understand.. the part I did not understand is if this > code is in > Mail::SpamAssassin::init() does siterules become an accessible member of a > Mail::SpamAssassin object or not. > > I've never got the hang of figuring out how to tell what variables are > externally accessible and which are not in perl code. As a C++ > programmer it all > looks rather haphazard with no clear way of identifying > interfaces, except that > which is documented separately in man pages. But then again, I > don't know the > language, so that appearance my just come from lack of good understanding. > > For example, as said previously, I have no clue why the "my" > does. I assume it > has something to do with scope, but does it make it the > equivalent of "private" > (ie: my = mine and mine alone) or "public" (my = my exported member)? Well it has been said that perl is write a write only language. I have been bit by the "my" critter more than once. "my" does set the scope depending on where it is. It can be as local as a loop/control structure. The thing I hate about perl is the method of passing variables to a sub, and of course the "magic" undeclared default var with no name. "my" is local to the structure it's declared within. Make the mistake of declaring a var with "my" inside a looping structure and drive your self crazy trying to figure out why the variable is empty when you exit the loop. I suppose one could parse through the code to figure out where the $self referenced in the code fragment you posted came from. It would seem, at first glance my $siterules = $self->{site_rules_filename}; $siterules ||= $self->first_existing_path (@site_rules_path); that the same method of access would probably work. If the site_rules_filename property of the object is empty (and that would be a value passed by MailScanner in the first place) then $object->first_existing_path(@site_rules_path); should return the path... IIRC @site_rules_path is global. If it's not it could certainly be created with the same information that I posted from the SpamAssassin.pm code defining @site_rules_path, in fact I believe that information was in the readme also. > > > > So if you were to use the attached revision of the script I > posted earlier > > it will look in all the possible dirs except /opt/$DIR or $DIR > (no way to > > tell what $DIR is). > > That much I understand too. I was hoping to find a good way to > extract this > information directly from a small perl script invoking a > Mail::SpamAssassin > object. This way you'd be able to identify it with 100% accuracy, > and would keep > abreast of changes in the SA code. If I get the time tomorrow I will try the method I mentioned above. > I agree wholeheartedly. My actual complaint is that the existing > spam.assassin.pref.conf creates several pitfalls for novice users > to fall in. > Something which is clearly bad for novices if we want to help them. > > I'm a relatively knowing user and have fallen into many of these > traps myself. > This implies very bad things are ahead for the novice. This part I will bow out on this part. I have nothing like a stock spamassassin.prefs.conf and when I build the MailScanner installations for my various servers I have my own install script because of site specific items that have to be changed depending on the server it installing on, my own patches to MailScanner and such that the standard installation methods are useless to me. I think it's great, however, for most/many admins and certainly for novices. [..] Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From edalb1979 at GMAIL.COM Tue Nov 22 07:32:03 2005 From: edalb1979 at GMAIL.COM (edalB) Date: Thu Jan 12 21:31:14 2006 Subject: Spam Assassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all I have a big problem with spam. MailScanner seas that it cheking for spam. But there is still a huge ammount of spam comming through my mailserver. I have redone the spamasassin twise now but still no luck. When I run the debug from the Wiki I just dont get any results. Please can someone give me some advice. Thank you Eugene ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Tue Nov 22 09:41:21 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:14 2006 Subject: windows/php from problems? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 21/11/05, Jan Agermose wrote: > > > > Hi > > > > This might be off topic J Im running a windows server, IIS6 and PHP. When > sending mails from PHP on windows it seams to ignore the From header > information set? Or is it something in mailscanner? > > > > Looking at the mail in the mailscanner log I get the bellow. As you can se I > do set a "From: " in the header, but still mailwatch displays the from-part > as empty? This is from the table in the detail-display of a message: > > > > > > Message Headers: > > > > Return-Path: <�g> > Received: from echo.csite.com ([213.150.56.221]) > by scanner1.mailwall.dk (8.13.1/8.13.1) with ESMTP id jALMFv0L003745 > for ; Mon, 21 Nov 2005 23:15:57 +0100 > Received: from echo ([127.0.0.1]) > by echo.csite.com (ConviatorMailServer) with SMTP id FFM74443 > for ; Mon, 21 Nov 2005 23:09:17 +0100 > Date: Mon, 21 Nov 2005 23:09:17 +0100 > Subject: Tilmelding til database - udviklet af edventure > To: mediconnect@edventure.dk > From: jan@agermose.com > Return-Path: > Content-Type: text/plain; charset=iso-8859-1 > Content-Transfer-Encoding: 8bit > Message-ID: <1132610957jan@agermose.com> > > > > From: > > To: mediconnect@edventure.dk > > Subject: Tilmelding til Mediconnects database - udviklet af edventure This would've fitted better on the MailWatch list (find it via http://mailwatch.sf.net), but basically what you've missed doing is to set an "envelope sender" (used for the "MAIL FROM: ..." in smtp)... I suppose you've used the PEAR mail factory class? Then you can have a look at the php code for mailwatch to see how that is set up to get these things right (grep for QUARANTINE_FROM_ADDR, and you'll see it pretty well). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From edalb1979 at GMAIL.COM Tue Nov 22 09:57:03 2005 From: edalb1979 at GMAIL.COM (edalB) Date: Thu Jan 12 21:31:14 2006 Subject: Spam Assassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yea I am using SpamAssassin Here is the output ------------------------------------------------------------------------------------ [15959] dbg: logger: adding facilities: all [15959] dbg: logger: logging level is DBG [15959] dbg: generic: SpamAssassin version 3.1.0 [15959] dbg: config: score set 0 chosen. [15959] dbg: util: running in taint mode? yes [15959] dbg: util: taint mode: deleting unsafe environment variables, resetting PATH [15959] dbg: util: PATH included '/usr/kerberos/sbin', keeping [15959] dbg: util: PATH included '/usr/kerberos/bin', keeping [15959] dbg: util: PATH included '/usr/lib/courier-imap/sbin', keeping [15959] dbg: util: PATH included '/usr/lib/courier-imap/bin', keeping [15959] dbg: util: PATH included '/usr/local/sbin', keeping [15959] dbg: util: PATH included '/usr/local/bin', keeping [15959] dbg: util: PATH included '/sbin', keeping [15959] dbg: util: PATH included '/bin', keeping [15959] dbg: util: PATH included '/usr/sbin', keeping [15959] dbg: util: PATH included '/usr/bin', keeping [15959] dbg: util: PATH included '/usr/X11R6/bin', keeping [15959] dbg: util: PATH included '/root/bin', which doesn't exist, dropping [15959] dbg: util: final PATH set to: /usr/kerberos/sbin:/usr/kerberos/bin:/usr/lib/courier-imap/sbin:/usr/lib/courier-imap/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin [15959] dbg: dns: is Net::DNS::Resolver available? yes [15959] dbg: dns: Net::DNS version: 0.48 [15959] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0 [15959] dbg: diag: perl platform: 5.008005 linux [15959] dbg: diag: module installed: Digest::SHA1, version 2.10 [15959] dbg: diag: module installed: Net::SMTP, version 2.29 [15959] dbg: diag: module installed: Mail::SPF::Query, version 1.997 [15959] dbg: diag: module installed: IP::Country::Fast, version 309.002 [15959] dbg: diag: module not installed: Razor2::Client::Agent ('require' failed) [15959] dbg: diag: module not installed: Net::Ident ('require' failed) [15959] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [15959] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) [15959] dbg: diag: module installed: Time::HiRes, version 1.55 [15959] dbg: diag: module installed: DBI, version 1.40 [15959] dbg: diag: module installed: Getopt::Long, version 2.34 [15959] dbg: diag: module installed: LWP::UserAgent, version 2.031 [15959] dbg: diag: module installed: HTTP::Date, version 1.46 [15959] dbg: diag: module installed: Archive::Tar, version 1.26 [15959] dbg: diag: module installed: IO::Zlib, version 1.04 [15959] dbg: diag: module installed: DB_File, version 1.810 [15959] dbg: diag: module installed: HTML::Parser, version 3.45 [15959] dbg: diag: module installed: MIME::Base64, version 3.01 [15959] dbg: diag: module installed: Net::DNS, version 0.48 [15959] dbg: ignore: using a test message to lint rules [15959] dbg: config: using "/etc/mail/spamassassin" for site rules pre files [15959] dbg: config: read file /etc/mail/spamassassin/init.pre [15959] dbg: config: read file /etc/mail/spamassassin/v310.pre [15959] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [15959] dbg: config: using "/usr/share/spamassassin" for default rules dir [15959] dbg: config: read file /usr/share/spamassassin/10_misc.cf [15959] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf [15959] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf [15959] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/20_compensate.cf [15959] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/20_drugs.cf [15959] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/20_phrases.cf [15959] dbg: config: read file /usr/share/spamassassin/20_porn.cf [15959] dbg: config: read file /usr/share/spamassassin/20_ratware.cf [15959] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf [15959] dbg: config: read file /usr/share/spamassassin/23_bayes.cf [15959] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf [15959] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf [15959] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf [15959] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf [15959] dbg: config: read file /usr/share/spamassassin/25_dcc.cf [15959] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf [15959] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf [15959] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf [15959] dbg: config: read file /usr/share/spamassassin/25_razor2.cf [15959] dbg: config: read file /usr/share/spamassassin/25_replace.cf [15959] dbg: config: read file /usr/share/spamassassin/25_spf.cf [15959] dbg: config: read file /usr/share/spamassassin/25_textcat.cf [15959] dbg: config: read file /usr/share/spamassassin/25_uribl.cf [15959] dbg: config: read file /usr/share/spamassassin/30_text_de.cf [15959] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf [15959] dbg: config: read file /usr/share/spamassassin/30_text_it.cf [15959] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf [15959] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf [15959] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf [15959] dbg: config: read file /usr/share/spamassassin/50_scores.cf [15959] dbg: config: read file /usr/share/spamassassin/60_awl.cf [15959] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf [15959] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf [15959] dbg: config: read file /usr/share/spamassassin/60_whitelist_subject.cf [15959] dbg: config: using "/etc/mail/spamassassin" for site rules dir [15959] dbg: config: read file /etc/mail/spamassassin/local.cf [15959] dbg: config: using "/root/.spamassassin" for user state dir [15959] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file [15959] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC [15959] dbg: pyzor: network tests on, attempting Pyzor [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::Pyzor=HASH(0x937d418) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC [15959] dbg: reporter: network tests on, attempting SpamCop [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::SpamCop=HASH(0x933e008) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::AWL=HASH(0x9340b34) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x93b9668) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x93e1014) [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from @INC [15959] dbg: plugin: registered Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93eebf0) [15959] dbg: config: adding redirector regex: /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i [15959] dbg: config: adding redirector regex: /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i [15959] dbg: config: adding redirector regex: /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i [15959] dbg: config: adding redirector regex: /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i [15959] dbg: config: adding redirector regex: /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i [15959] dbg: config: adding redirector regex: m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i [15959] dbg: config: adding redirector regex: m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i [15959] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [15959] warn: config: failed to parse line, skipping: razor_timeout 10 [15959] warn: config: warning: score set for non-existent rule RCVD_IN_RSL [15959] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93eebf0) implements 'finish_parsing_end' [15959] dbg: replacetags: replacing tags [15959] dbg: replacetags: done replacing tags [15959] dbg: config: using "/root/.spamassassin" for user state dir [15959] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [15959] dbg: config: score set 1 chosen. [15959] dbg: message: ---- MIME PARSER START ---- [15959] dbg: message: main message type: text/plain [15959] dbg: message: parsing normal part [15959] dbg: message: added part, type: text/plain [15959] dbg: message: ---- MIME PARSER END ---- [15959] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [15959] dbg: dns: dns_available set to yes in config file, skipping test [15959] dbg: metadata: X-Spam-Relays-Trusted: [15959] dbg: metadata: X-Spam-Relays-Untrusted: [15959] dbg: message: no encoding detected [15959] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements 'parsed_metadata' [15959] dbg: uridnsbl: domains to query: [15959] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop [15959] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas-firsttrusted [15959] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl [15959] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted [15959] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop [15959] dbg: dns: checking RBL combined.njabl.org., set njabl [15959] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois [15959] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop [15959] dbg: dns: checking RBL bl.spamcop.net., set spamcop [15959] dbg: dns: checking RBL sa-trusted.bondedsender.org., set bsp-firsttrusted [15959] dbg: dns: checking RBL combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop [15959] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop [15959] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs [15959] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted [15959] dbg: check: running tests for priority: 0 [15959] dbg: rules: running header regexp tests; score so far=0 [15959] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [15959] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1132651979@lint_rules> [15959] dbg: rules: " [15959] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [15959] dbg: rules: " [15959] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [15959] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1132651979" [15959] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50)) [15959] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: spf: message was delivered entirely via trusted relays, not required [15959] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [15959] dbg: plugin: registering glue method for check_subject_in_blacklist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150)) [15959] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50)) [15959] dbg: eval: all '*To' addrs: [15959] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: spf: message was delivered entirely via trusted relays, not required [15959] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: rules: ran eval rule NO_RELAYS ======> got hit [15959] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: spf: cannot get Envelope-From, cannot use SPF [15959] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [15959] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [15959] dbg: plugin: registering glue method for check_subject_in_whitelist (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150)) [15959] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit [15959] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) [15959] dbg: spf: spf_whitelist_from: could not find useable envelope sender [15959] dbg: rules: running body-text per-line regexp tests; score so far=0.738 [15959] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [15959] dbg: uri: running uri tests; score so far=0.738 [15959] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [15959] dbg: bayes: not scoring message, returning undef [15959] dbg: bayes: opportunistic call attempt failed, DB not readable [15959] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4)) [15959] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 [15959] dbg: rules: running full-text regexp tests; score so far=0.738 [15959] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x937d418)) [15959] dbg: pyzor: pyzor is not available: no pyzor executable found [15959] dbg: pyzor: no pyzor found, disabling Pyzor [15959] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements 'check_tick' [15959] dbg: check: running tests for priority: 500 [15959] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements 'check_post_dnsbl' [15959] dbg: rules: running meta tests; score so far=0.738 [15959] dbg: rules: running header regexp tests; score so far=2.216 [15959] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [15959] dbg: uri: running uri tests; score so far=2.216 [15959] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 [15959] dbg: rules: running full-text regexp tests; score so far=2.216 [15959] dbg: check: running tests for priority: 1000 [15959] dbg: rules: running meta tests; score so far=2.216 [15959] dbg: rules: running header regexp tests; score so far=2.216 [15959] dbg: plugin: registering glue method for check_from_in_auto_whitelist (Mail::SpamAssassin::Plugin::AWL=HASH(0x9340b34)) [15959] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [15959] dbg: uri: running uri tests; score so far=2.216 [15959] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 [15959] dbg: rules: running full-text regexp tests; score so far=2.216 [15959] dbg: check: is spam? score=2.216 required=5 [15959] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [15959] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [15959] warn: lint: 3 issues detected, please rerun with debug enabled for more information On 11/22/05, Martin Hepworth wrote: > Hi > > What extra rules are you running for SpamAssassin? > > Whats the results of > > spamassassin -p /spam.assassin.prefs.conf -D --lint > > > (replace with the correct directory) > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of edalB > > Sent: 22 November 2005 07:32 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: [MAILSCANNER] Spam Assassin > > > > Hi all I have a big problem with spam. > > > > MailScanner seas that it cheking for spam. But there is still a huge > > ammount of spam comming through my mailserver. > > > > I have redone the spamasassin twise now but still no luck. > > > > When I run the debug from the Wiki I just dont get any results. > > > > Please can someone give me some advice. > > > > Thank you > > Eugene > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 22 09:48:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:14 2006 Subject: Spam Assassin Message-ID: Hi What extra rules are you running for SpamAssassin? Whats the results of spamassassin -p /spam.assassin.prefs.conf -D --lint (replace with the correct directory) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of edalB > Sent: 22 November 2005 07:32 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Spam Assassin > > Hi all I have a big problem with spam. > > MailScanner seas that it cheking for spam. But there is still a huge > ammount of spam comming through my mailserver. > > I have redone the spamasassin twise now but still no luck. > > When I run the debug from the Wiki I just dont get any results. > > Please can someone give me some advice. > > Thank you > Eugene > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 10:16:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Please accept my sincere apologies for anything I said yesterday. My only excuse is that I was awaiting some very important information from my consultant. In the end it didn't go the way I would have preferred. So I was more than a little edgy. My apologies again. On 21 Nov 2005, at 22:28, Matt Kettler wrote: > Julian Field wrote: >> My question still stands: what is the following code supposed to say? >> >> Julian Field wrote: >> >>> Can you double check that please? >>> >>> use Mail::SpamAssassin; >>> $a = new Mail::SpamAssassin; >>> print "site rules is \"" . $a->{siterules} . "\"\n"; >>> produces >>> site rules is "" >>> so it's not called "siterules". Please can you provide me a code >>> snippet (requiring no external configs) that produces the text >>> you are >>> looking for. > > > Well, I did say I knew little of perl. I was merely wondering if it > was > accessible. Apparently not. > > The code that's relevant from SpamAssassin.pm is: > > my $siterules = $self->{site_rules_filename}; > $siterules ||= $self->first_existing_path (@site_rules_path); > > > I have no idea what the perl word "my" does. Does this declare an > item as a > local to the function? or export it to the module? Or something else? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4Lv7vw32o+k+q+hAQEDVwf/SEqkyGMEiKLfxtTNKRbYzPWthXV9Q5M7 LwOzp32kZtENsRfiwiQKsS8ntUvFyq3bMYQCJMxc+pzS8XVQw8S6sleuITwe906H hIdvTYEj0sACmFGSF341bXTNCW0oPwkzDkJ85TEj4k9TGu+pBht949cWD4fNODDg ZdOSmW4FZ8EXdCG80QgdmF6vun59v+uCUZ6MOLTj6avwAruR+JvEf32vG1k9Bikz dM3yov9dtv0fLyoyhVr+XzthJdlIghPHg/pY5JsnRVGNci2F/gVr/63MjVJGl7fI h4Y0kIdoVbFV1lQt4zHeOyNqE+ggSiznioY/St0pqCBw8YJHhHJjjw== =9ufH -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wmcdonald at GMAIL.COM Tue Nov 22 10:18:19 2005 From: wmcdonald at GMAIL.COM (Will McDonald) Date: Thu Jan 12 21:31:14 2006 Subject: Slightly OT: Using ISP's DNS server as forwarder with local caching dns server Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 18/11/05, Ugo Bellavance wrote: > I was reading Sendmail's bat book and it was saying that it was better > to use a "busy" DNS server, to make sure the entries don't time out. > > I run a caching name server (redhat's package, using bind) and I was > wondering if I could get a benefit of having my ISP's DNS server as a > forwarder. From what I can understand, the forwarder will be used if my > local server does not have the answer in the cache. If my ISP has the > entry in cache, it would be faster to retrieve it this way than doing > the whole query by my local server. > > Any opinions? Is that actually possible with the redhat package+edits > or I'd need to configure bind manually to set the caching+forwarders to > avoid conflicts? We have 2 dedicated local name servers (used by internal client systems and servers) and then caching nameservers on each MailScanner system pointing to those dedicated nameservers as their forwarders. The busy nameservers in this scenario with the rich cache being the dedicated ones. You need to be wary of the caching-nameserver package in that any updates to the package will overwrite any changes you make to named.conf. As opposed to the more usual RPM behaviour of creating an .rpmnew file. http://lists.centos.org/pipermail/centos/2005-November/014973.html Will. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 10:17:55 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:14 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi, > Julian Field wrote: > > Therein lies the problem. I could run the "spamassassin" or > > "sa-learn" script to try to find out, but I equally well won't know > > where they are, they may not be on the $PATH (e.g. Solaris). > > > > But if we say I can find the "spamassassin" script (I'll work on > > that), then which of these lines is the one that states the > > directory I should be using? And what should the file be called? Is > > it local.cf or something else? I need to get this right this time. > > I would suggest using mailscanner.cf as a filename. This way you are > unlikely to muck-up a user's already existing local.cf file. > > (SA will automatically parse *.cf in the site rules dir, so both will > get parsed. Since parsing is in alphabetic order, and last-parsed > wins, options in mailscanner.cf will over-ride options in local.cf) I would agree with this as a suggestion. It would also mean that the MailScanner sitewide config options would be picked up by the command line SpamAssassin utilities. That way when someone wanted to test a email against SpamAssassin they would be using the same configuration. The same goes for using sa-learn. As well as doing this the comments at the top of the spam.assassin.prefs file should make it clear that a new sitewide .cf file has been created so that admins can check that it is not overiding anything that is already set up and working. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 22 10:29:21 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:15 2006 Subject: Spam Assassin Message-ID: Eugene OK, Nothing nasty there.. I'd look at putting some of the SARE rules from www.rulesemporium.com/rules.htm into /etc/mail/spamassassin. Drip feed a couple in at a time and see how well they work. You can keep these rules updated with a script called RulesDuJour which you can run once a day or so, I'll leave this as an exercise for you to find ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of edalB > Sent: 22 November 2005 09:57 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Spam Assassin > > Yea I am using SpamAssassin > > Here is the output > > -------------------------------------------------------------------------- > ---------- > > [15959] dbg: logger: adding facilities: all > [15959] dbg: logger: logging level is DBG > [15959] dbg: generic: SpamAssassin version 3.1.0 > [15959] dbg: config: score set 0 chosen. > [15959] dbg: util: running in taint mode? yes > [15959] dbg: util: taint mode: deleting unsafe environment variables, > resetting PATH > [15959] dbg: util: PATH included '/usr/kerberos/sbin', keeping > [15959] dbg: util: PATH included '/usr/kerberos/bin', keeping > [15959] dbg: util: PATH included '/usr/lib/courier-imap/sbin', keeping > [15959] dbg: util: PATH included '/usr/lib/courier-imap/bin', keeping > [15959] dbg: util: PATH included '/usr/local/sbin', keeping > [15959] dbg: util: PATH included '/usr/local/bin', keeping > [15959] dbg: util: PATH included '/sbin', keeping > [15959] dbg: util: PATH included '/bin', keeping > [15959] dbg: util: PATH included '/usr/sbin', keeping > [15959] dbg: util: PATH included '/usr/bin', keeping > [15959] dbg: util: PATH included '/usr/X11R6/bin', keeping > [15959] dbg: util: PATH included '/root/bin', which doesn't exist, > dropping > [15959] dbg: util: final PATH set to: > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/lib/courier- > imap/sbin:/usr/lib/courier- > imap/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr > /X11R6/bin > [15959] dbg: dns: is Net::DNS::Resolver available? yes > [15959] dbg: dns: Net::DNS version: 0.48 > [15959] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0 > [15959] dbg: diag: perl platform: 5.008005 linux > [15959] dbg: diag: module installed: Digest::SHA1, version 2.10 > [15959] dbg: diag: module installed: Net::SMTP, version 2.29 > [15959] dbg: diag: module installed: Mail::SPF::Query, version 1.997 > [15959] dbg: diag: module installed: IP::Country::Fast, version 309.002 > [15959] dbg: diag: module not installed: Razor2::Client::Agent > ('require' failed) > [15959] dbg: diag: module not installed: Net::Ident ('require' failed) > [15959] dbg: diag: module not installed: IO::Socket::INET6 ('require' > failed) > [15959] dbg: diag: module not installed: IO::Socket::SSL ('require' > failed) > [15959] dbg: diag: module installed: Time::HiRes, version 1.55 > [15959] dbg: diag: module installed: DBI, version 1.40 > [15959] dbg: diag: module installed: Getopt::Long, version 2.34 > [15959] dbg: diag: module installed: LWP::UserAgent, version 2.031 > [15959] dbg: diag: module installed: HTTP::Date, version 1.46 > [15959] dbg: diag: module installed: Archive::Tar, version 1.26 > [15959] dbg: diag: module installed: IO::Zlib, version 1.04 > [15959] dbg: diag: module installed: DB_File, version 1.810 > [15959] dbg: diag: module installed: HTML::Parser, version 3.45 > [15959] dbg: diag: module installed: MIME::Base64, version 3.01 > [15959] dbg: diag: module installed: Net::DNS, version 0.48 > [15959] dbg: ignore: using a test message to lint rules > [15959] dbg: config: using "/etc/mail/spamassassin" for site rules pre > files > [15959] dbg: config: read file /etc/mail/spamassassin/init.pre > [15959] dbg: config: read file /etc/mail/spamassassin/v310.pre > [15959] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [15959] dbg: config: using "/usr/share/spamassassin" for default rules dir > [15959] dbg: config: read file /usr/share/spamassassin/10_misc.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > [15959] dbg: config: read file > /usr/share/spamassassin/20_fake_helo_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_porn.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > [15959] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > [15959] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_replace.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_spf.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > [15959] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > [15959] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > [15959] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > [15959] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > [15959] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > [15959] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > [15959] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > [15959] dbg: config: read file /usr/share/spamassassin/50_scores.cf > [15959] dbg: config: read file /usr/share/spamassassin/60_awl.cf > [15959] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > [15959] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf > [15959] dbg: config: read file > /usr/share/spamassassin/60_whitelist_subject.cf > [15959] dbg: config: using "/etc/mail/spamassassin" for site rules dir > [15959] dbg: config: read file /etc/mail/spamassassin/local.cf > [15959] dbg: config: using "/root/.spamassassin" for user state dir > [15959] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" > for user prefs file > [15959] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from > @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from > @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50) > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410) > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > [15959] dbg: pyzor: network tests on, attempting Pyzor > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x937d418) > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC > [15959] dbg: reporter: network tests on, attempting SpamCop > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x933e008) > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AWL=HASH(0x9340b34) > [15959] dbg: plugin: loading > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x93b9668) > [15959] dbg: plugin: loading > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150) > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from > @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x93e1014) > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from > @INC > [15959] dbg: plugin: registered > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93eebf0) > [15959] dbg: config: adding redirector regex: > /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i > [15959] dbg: config: adding redirector regex: > /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i > [15959] dbg: config: adding redirector regex: > /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i > [15959] dbg: config: adding redirector regex: > /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i > [15959] dbg: config: adding redirector regex: > /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i > [15959] dbg: config: adding redirector regex: > m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i > [15959] dbg: config: adding redirector regex: > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i > [15959] warn: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dccproc > [15959] warn: config: failed to parse line, skipping: razor_timeout 10 > [15959] warn: config: warning: score set for non-existent rule RCVD_IN_RSL > [15959] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93eebf0) implements > 'finish_parsing_end' > [15959] dbg: replacetags: replacing tags > [15959] dbg: replacetags: done replacing tags > [15959] dbg: config: using "/root/.spamassassin" for user state dir > [15959] dbg: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > [15959] dbg: config: score set 1 chosen. > [15959] dbg: message: ---- MIME PARSER START ---- > [15959] dbg: message: main message type: text/plain > [15959] dbg: message: parsing normal part > [15959] dbg: message: added part, type: text/plain > [15959] dbg: message: ---- MIME PARSER END ---- > [15959] dbg: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > [15959] dbg: dns: dns_available set to yes in config file, skipping test > [15959] dbg: metadata: X-Spam-Relays-Trusted: > [15959] dbg: metadata: X-Spam-Relays-Untrusted: > [15959] dbg: message: no encoding detected > [15959] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements > 'parsed_metadata' > [15959] dbg: uridnsbl: domains to query: > [15959] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl- > notfirsthop > [15959] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas- > firsttrusted > [15959] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl > [15959] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp- > untrusted > [15959] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop > [15959] dbg: dns: checking RBL combined.njabl.org., set njabl > [15959] dbg: dns: checking RBL > combined-HIB.dnsiplists.completewhois.com., set whois > [15959] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop > [15959] dbg: dns: checking RBL bl.spamcop.net., set spamcop > [15959] dbg: dns: checking RBL sa-trusted.bondedsender.org., set > bsp-firsttrusted > [15959] dbg: dns: checking RBL > combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop > [15959] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop > [15959] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs > [15959] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted > [15959] dbg: check: running tests for priority: 0 > [15959] dbg: rules: running header regexp tests; score so far=0 > [15959] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" > [15959] dbg: rules: ran header rule __SANE_MSGID ======> got hit: > "<1132651979@lint_rules> > [15959] dbg: rules: " > [15959] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: > "ignore@compiling.spamassassin.taint.org > [15959] dbg: rules: " > [15959] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: > "@lint_rules>" > [15959] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: > "1132651979" > [15959] dbg: plugin: registering glue method for > check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50)) > [15959] dbg: plugin: registering glue method for > check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: spf: message was delivered entirely via trusted relays, > not required > [15959] dbg: eval: all '*From' addrs: > ignore@compiling.spamassassin.taint.org > [15959] dbg: plugin: registering glue method for > check_subject_in_blacklist > (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150)) > [15959] dbg: plugin: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50)) > [15959] dbg: eval: all '*To' addrs: > [15959] dbg: plugin: registering glue method for check_for_spf_neutral > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: spf: message was delivered entirely via trusted relays, > not required > [15959] dbg: plugin: registering glue method for > check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: rules: ran eval rule NO_RELAYS ======> got hit > [15959] dbg: plugin: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: plugin: registering glue method for > check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: plugin: registering glue method for > check_for_def_spf_whitelist_from > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: spf: cannot get Envelope-From, cannot use SPF > [15959] dbg: spf: def_spf_whitelist_from: could not find useable envelope > sender > [15959] dbg: plugin: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit > [15959] dbg: plugin: registering glue method for > check_subject_in_whitelist > (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150)) > [15959] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit > [15959] dbg: plugin: registering glue method for > check_for_spf_whitelist_from > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > [15959] dbg: spf: spf_whitelist_from: could not find useable envelope > sender > [15959] dbg: rules: running body-text per-line regexp tests; score so > far=0.738 > [15959] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" > [15959] dbg: uri: running uri tests; score so far=0.738 > [15959] dbg: bayes: no dbs present, cannot tie DB R/O: > /root/.spamassassin/bayes_toks > [15959] dbg: bayes: not scoring message, returning undef > [15959] dbg: bayes: opportunistic call attempt failed, DB not readable > [15959] dbg: plugin: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4)) > [15959] dbg: rules: running raw-body-text per-line regexp tests; score > so far=0.738 > [15959] dbg: rules: running full-text regexp tests; score so far=0.738 > [15959] dbg: plugin: registering glue method for check_pyzor > (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x937d418)) > [15959] dbg: pyzor: pyzor is not available: no pyzor executable found > [15959] dbg: pyzor: no pyzor found, disabling Pyzor > [15959] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements > 'check_tick' > [15959] dbg: check: running tests for priority: 500 > [15959] dbg: plugin: > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements > 'check_post_dnsbl' > [15959] dbg: rules: running meta tests; score so far=0.738 > [15959] dbg: rules: running header regexp tests; score so far=2.216 > [15959] dbg: rules: running body-text per-line regexp tests; score so > far=2.216 > [15959] dbg: uri: running uri tests; score so far=2.216 > [15959] dbg: rules: running raw-body-text per-line regexp tests; score > so far=2.216 > [15959] dbg: rules: running full-text regexp tests; score so far=2.216 > [15959] dbg: check: running tests for priority: 1000 > [15959] dbg: rules: running meta tests; score so far=2.216 > [15959] dbg: rules: running header regexp tests; score so far=2.216 > [15959] dbg: plugin: registering glue method for > check_from_in_auto_whitelist > (Mail::SpamAssassin::Plugin::AWL=HASH(0x9340b34)) > [15959] dbg: rules: running body-text per-line regexp tests; score so > far=2.216 > [15959] dbg: uri: running uri tests; score so far=2.216 > [15959] dbg: rules: running raw-body-text per-line regexp tests; score > so far=2.216 > [15959] dbg: rules: running full-text regexp tests; score so far=2.216 > [15959] dbg: check: is spam? score=2.216 required=5 > [15959] dbg: check: > tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,T > O_CC_NONE > [15959] dbg: check: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__S > ANE_MSGID,__UNUSABLE_MSGID > [15959] warn: lint: 3 issues detected, please rerun with debug enabled > for more information > > On 11/22/05, Martin Hepworth wrote: > > Hi > > > > What extra rules are you running for SpamAssassin? > > > > Whats the results of > > > > spamassassin -p /spam.assassin.prefs.conf -D --lint > > > > > > (replace with the correct directory) > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of edalB > > > Sent: 22 November 2005 07:32 > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: [MAILSCANNER] Spam Assassin > > > > > > Hi all I have a big problem with spam. > > > > > > MailScanner seas that it cheking for spam. But there is still a huge > > > ammount of spam comming through my mailserver. > > > > > > I have redone the spamasassin twise now but still no luck. > > > > > > When I run the debug from the Wiki I just dont get any results. > > > > > > Please can someone give me some advice. > > > > > > Thank you > > > Eugene > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 22 11:20:31 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:15 2006 Subject: Archive Mail - how do ppl do it? Message-ID: Michael I'd have a look at how MailWatch does this. That way people can be domain admins and release/forward etc email they are allowed to. You'll need to look at stripping multiple recipients into single ones, but I think the docs cover this. If not ask where and someone will give you the details on how to setup Sendmail to do this. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Mansour > Sent: 21 November 2005 19:31 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Archive Mail - how do ppl do it? > > Hi, > > I'm just wondering how many of you handle this Archive > Mail option for people/clients that want it from you? > > I've just set it up as follows: > > Archive Mail = %rules-dir%/archive.mail.rules > > and for my archive.mail.fules file: > > To: *@domain.com yes forward > /var/spool/MailScanner/archive/domain > FromOrTo: default > > As expected, I get the mail archived (copied) in that > directory/_DATE_ now like: > > /var/spool/MailScanner/archive/domain/20051122/..... > > with it containing: > > -rw------- 1 root root 531 Nov 22 01:33 > dfjALEX5qc006601 > -rw------- 1 root root 153 Nov 22 02:50 > dfjALFoYqc015004 > -rw------- 1 root root 401 Nov 22 02:51 > dfjALFpWqc015122 > -rw------- 1 root root 233 Nov 22 04:07 > dfjALH7cqc023368 > -rw------- 1 root root 228 Nov 22 04:41 > dfjALHfTqc028248 > -rw------- 1 root root 131 Nov 22 04:53 > dfjALHrpqc029700 > -rw------- 1 root root 2352 Nov 22 05:38 > dfjALIchqc019695 > -rw------- 1 root root 1598 Nov 22 01:33 > qfjALEX5qc006601 > -rw------- 1 root root 1651 Nov 22 02:50 > qfjALFoYqc015004 > -rw------- 1 root root 1552 Nov 22 02:51 > qfjALFpWqc015122 > -rw------- 1 root root 1551 Nov 22 04:07 > qfjALH7cqc023368 > -rw------- 1 root root 1483 Nov 22 04:41 > qfjALHfTqc028248 > -rw------- 1 root root 1591 Nov 22 04:53 > qfjALHrpqc029700 > -rw------- 1 root root 1337 Nov 22 05:38 > qfjALIchqc019695 > > If i wanted to restore this type of mail for the user, > how would I go about doing that with the files kept > like mqueue-type files above? (not knowing which > messages they'd want etc). > > I've also looked at the mbox facility provided by > MailScanner, but without auto-creating the mbox files > for me I couldn't find it of much use in a "dated" > directory structure (it would be good if MailScanner > did create the mbox files automatically because I > could then use something like archive_DATE_.mbox as > the filename for the domain and MailScanner would just > create the files ont he fly). > > Thanks. > > Michael. > > > > > ____________________________________________________ > Do you Yahoo!? > Find a local business fast with Yahoo! Local Search > http://au.local.yahoo.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 11:20:46 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Julian, > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > > > Hi, > > > >> Julian Field wrote: > >>> Therein lies the problem. I could run the "spamassassin" or > >>> "sa-learn" script to try to find out, but I equally well won't > >>> know where they are, they may not be on the $PATH (e.g. Solaris). > >>> > >>> But if we say I can find the "spamassassin" script (I'll work on > >>> that), then which of these lines is the one that states the > >>> directory I should be using? And what should the file be called? > >>> Is it local.cf or something else? I need to get this right this > >>> time. > >> > >> I would suggest using mailscanner.cf as a filename. This way you > >> are unlikely to muck-up a user's already existing local.cf file. > >> > >> (SA will automatically parse *.cf in the site rules dir, so both > >> will get parsed. Since parsing is in alphabetic order, and > >> last-parsed wins, options in mailscanner.cf will over-ride options > >> in local.cf) > > > > I would agree with this as a suggestion. It would also mean that > > the MailScanner sitewide config options would be picked up by the > > command line SpamAssassin utilities. That way when someone wanted > > to test a email against SpamAssassin they would be using the same > > configuration. The same goes for using sa-learn. > > > > As well as doing this the comments at the top of the > > spam.assassin.prefs file should make it clear that a new sitewide > > .cf file has been created so that admins can check that it is not > > overiding anything that is already set up and working. > > I entirely agree. One request though: I have been trying to dig > through the SA data structures to work out how to get at the > properties mentioned to calculate the directory path names so I know > where to put the mailscanner.cf file. I can't figure it out. > > Can someone (Matt perhaps?) please try and work it out for me? Can't > get my head around it today. I did have a look at this briefly this morning, but had to move on to more pressing work matters. I will have another look later. The one thing I did find in the documentation is the definition of the search list that SpamAssassin itself uses: http://spamassassin.apache.org/full/3.1.x/dist/doc/spamassassin.html#c onfiguration_files (Excuse the wrapping). I haven't seen an easy way of getting out of the code the directory that SpamAssassin has decided to use. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Screens are sometimes called displays because they display stuff ..." - UNIX for Dummies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 11:13:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > Hi, > >> Julian Field wrote: >>> Therein lies the problem. I could run the "spamassassin" or >>> "sa-learn" script to try to find out, but I equally well won't know >>> where they are, they may not be on the $PATH (e.g. Solaris). >>> >>> But if we say I can find the "spamassassin" script (I'll work on >>> that), then which of these lines is the one that states the >>> directory I should be using? And what should the file be called? Is >>> it local.cf or something else? I need to get this right this time. >> >> I would suggest using mailscanner.cf as a filename. This way you are >> unlikely to muck-up a user's already existing local.cf file. >> >> (SA will automatically parse *.cf in the site rules dir, so both will >> get parsed. Since parsing is in alphabetic order, and last-parsed >> wins, options in mailscanner.cf will over-ride options in local.cf) > > I would agree with this as a suggestion. It would also mean that the > MailScanner sitewide config options would be picked up by the command > line SpamAssassin utilities. That way when someone wanted to test a > email against SpamAssassin they would be using the same > configuration. The same goes for using sa-learn. > > As well as doing this the comments at the top of the > spam.assassin.prefs file should make it clear that a new sitewide .cf > file has been created so that admins can check that it is not > overiding anything that is already set up and working. I entirely agree. One request though: I have been trying to dig through the SA data structures to work out how to get at the properties mentioned to calculate the directory path names so I know where to put the mailscanner.cf file. I can't figure it out. Can someone (Matt perhaps?) please try and work it out for me? Can't get my head around it today. Thanks. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4L9bfw32o+k+q+hAQF3Nwf6AnA+TGN+ImYX710mod2tGgJAP7iNKe9z Jp4mTxKlp0bFyV8/RTj1cHQoL2+aZ31Yp7rL8mUROWlZEuKybA75bHr/EdO0tUBY T0M2rx/Axhxjy/LprnEjG9XJBJnyPvdOPQxQotrEAlZpGkEMPbmXOKq4eQ8GqRtE kQ2UNS2HXCnQ2a2mKU2aPY8O5GESLblGiLXkyFHeTXbGWn21GaS+zhRAlabit69z 0n2MJ3jnjO3kK6lcV4qJAZKbWW2auf4Yo6+LzYy77RGdbz78CVLri5QIbW5XT9pk HEQIFSj/iKsFbb7z1VrEmm0J+5nXqYBm8zUNIk5wMIB+ZH4RlZ3pKA== =4x55 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 11:41:15 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Julian, > Hi Julian, > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > > I entirely agree. One request though: I have been trying to dig > > through the SA data structures to work out how to get at the > > properties mentioned to calculate the directory path names so I know > > where to put the mailscanner.cf file. I can't figure it out. > > > > Can someone (Matt perhaps?) please try and work it out for me? Can't > > get my head around it today. This works on my system (extra print statements are there purely to get around line wrapping): #!/usr/local/bin/perl use Mail::SpamAssassin; $a = new Mail::SpamAssassin; print "site rules is \""; print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); print "\"\n"; I would be graetful if people could check this, and try it on other systems. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Screens are sometimes called displays because they display stuff ..." - UNIX for Dummies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at dwford.com Tue Nov 22 12:15:24 2005 From: rcooper at dwford.com (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 6:14 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > > > Hi, > > > >> Julian Field wrote: > >>> Therein lies the problem. I could run the "spamassassin" or > >>> "sa-learn" script to try to find out, but I equally well won't know > >>> where they are, they may not be on the $PATH (e.g. Solaris). > >>> > >>> But if we say I can find the "spamassassin" script (I'll work on > >>> that), then which of these lines is the one that states the > >>> directory I should be using? And what should the file be called? Is > >>> it local.cf or something else? I need to get this right this time. > >> > >> I would suggest using mailscanner.cf as a filename. This way you are > >> unlikely to muck-up a user's already existing local.cf file. > >> > >> (SA will automatically parse *.cf in the site rules dir, so both will > >> get parsed. Since parsing is in alphabetic order, and last-parsed > >> wins, options in mailscanner.cf will over-ride options in local.cf) > > > > I would agree with this as a suggestion. It would also mean that the > > MailScanner sitewide config options would be picked up by the command > > line SpamAssassin utilities. That way when someone wanted to test a > > email against SpamAssassin they would be using the same > > configuration. The same goes for using sa-learn. > > > > As well as doing this the comments at the top of the > > spam.assassin.prefs file should make it clear that a new sitewide .cf > > file has been created so that admins can check that it is not > > overiding anything that is already set up and working. > > I entirely agree. One request though: I have been trying to dig > through the SA data structures to work out how to get at the > properties mentioned to calculate the directory path names so I know > where to put the mailscanner.cf file. I can't figure it out. This will get all relevent paths and version, #!/usr/bin/perl use Mail::SpamAssassin ; my $test = Mail::SpamAssassin->new(); my $SAVersion = $Mail::SpamAssassin::VERSION; my $siterules = $test->{site_rules_filename}; $siterules ||= $test->first_existing_path (@Mail::SpamAssassin::site_rules_path); my $defaultrules = $test->{default_rules_path}; $defaultrules ||= $test->first_existing_path (@Mail::SpamAssassin::default_rules_path); my $defaultprefs = $test->{default_prefs_path}; $defaultprefs ||= $test->first_existing_path (@Mail::SpamAssassin::default_prefs_path); my $defaultuserprefs = $test->{default_userprefs_path}; $defaultuserprefs ||= $test->first_existing_path (@Mail::SpamAssassin::default_userprefs_path); my $defaultuserstate = $test->{default_userstate_dir}; $defaultuserstate ||= $test->first_existing_path (@Mail::SpamAssassin::default_userstate_dir); print "SpamAssassin Version\t: $SAVersion\n"; print "Site Rules Path\t\t: $siterules\n"; print "Default Rules Path\t: $defaultrules\n"; print "Default Prefs Path\t: $defaultprefs\n"; print "Default User Prefs\t: $defaultuserprefs\n"; print "Default User State\t: $defaultuserstate\n"; Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. From martelm at QUARK.VSC.EDU Tue Nov 22 12:12:39 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: --On November 22, 2005 11:41:15 AM +0000 Anthony Peacock wrote: Anthony, > I would be graetful if people could check this, and try it on other > systems. This seems to work on my RedHat 7.3 boxes with SA 3.10 #./t1 site rules is "/etc/mail/spamassassin" # ># !/usr/local/bin/perl > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yan at NEVERNEVERLAND.F9.CO.UK Tue Nov 22 12:22:48 2005 From: yan at NEVERNEVERLAND.F9.CO.UK (YAN) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Anthony Peacock wrote: > This works on my system (extra print statements are there purely to > get around line wrapping): > > #!/usr/local/bin/perl > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; > > > I would be graetful if people could check this, and try it on other > systems. > On my Freebsd 4.10-RELEASE system with SA 3.10 this gives the following output site rules is "/etc/mail/spamassassin" Regards yan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wietse at BOUDISQUE.NL Tue Nov 22 11:52:25 2005 From: wietse at BOUDISQUE.NL (Wietse Muizelaar) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, On Tuesday, November 22, 2005 12:41 PM, Anthony Peacock wrote: > Hi Julian, > > This works on my system (extra print statements are there purely to > get around line wrapping): > > #!/usr/local/bin/perl > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; > > I would be graetful if people could check this, and try it on other > systems. Changed the perl-path (to /usr/bin/perl); and worked on my system also (Debian Sarge; but using mailscanner/spammassassin/clamav from Julian's tar.gz's). -- Met vriendelijke groet, Wietse Muizelaar ------------------------------------------- W.G. Muizelaar Boudisque Webmaster / ICT Drieharingstraat 5-31, 3511 BH Utrecht Telefoon: +31 (0)30 - 2394030 E-mail: wietse@boudisque.nl Website: www.boudisque.nl ------------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Tue Nov 22 12:34:41 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 22/11/05, Anthony Peacock wrote: > Hi Julian, > (snip) > > This works on my system (extra print statements are there purely to > get around line wrapping): > > #!/usr/local/bin/perl > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; > > > I would be graetful if people could check this, and try it on other > systems. > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "Screens are sometimes called displays because they > display stuff ..." - UNIX for Dummies. > Hi Anthony, That snippet works nicely for me (well, apart from the /usr/local/bin path:-). Prints the correct path on a Mandrake 10.1 (LE 2005) running SA 3.0.4 (perl 5.8.5) and a Mandriva 10.2 (2006) running SA 3.1.0 (perl 5.8.6). Now, if some of our sunny friends (not to mention the *bsd ones) would check too...:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 12:00:21 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 5:16 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > -----BEGIN PGP SIGNED MESSAGE----- > > Please accept my sincere apologies for anything I said yesterday. My > only excuse is that I was awaiting some very important information > from my consultant. In the end it didn't go the way I would have > preferred. So I was more than a little edgy. > My apologies again. > [...] Julian, this code works : #!/usr/bin/perl use Mail::SpamAssassin ; my $test = Mail::SpamAssassin->new(); my $siterules = $test->{site_rules_filename}; $siterules ||= $test->first_existing_path (@Mail::SpamAssassin::site_rules_path); print "Site Rules Path : $siterules\n"; Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 12:15:24 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 6:14 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > > > Hi, > > > >> Julian Field wrote: > >>> Therein lies the problem. I could run the "spamassassin" or > >>> "sa-learn" script to try to find out, but I equally well won't know > >>> where they are, they may not be on the $PATH (e.g. Solaris). > >>> > >>> But if we say I can find the "spamassassin" script (I'll work on > >>> that), then which of these lines is the one that states the > >>> directory I should be using? And what should the file be called? Is > >>> it local.cf or something else? I need to get this right this time. > >> > >> I would suggest using mailscanner.cf as a filename. This way you are > >> unlikely to muck-up a user's already existing local.cf file. > >> > >> (SA will automatically parse *.cf in the site rules dir, so both will > >> get parsed. Since parsing is in alphabetic order, and last-parsed > >> wins, options in mailscanner.cf will over-ride options in local.cf) > > > > I would agree with this as a suggestion. It would also mean that the > > MailScanner sitewide config options would be picked up by the command > > line SpamAssassin utilities. That way when someone wanted to test a > > email against SpamAssassin they would be using the same > > configuration. The same goes for using sa-learn. > > > > As well as doing this the comments at the top of the > > spam.assassin.prefs file should make it clear that a new sitewide .cf > > file has been created so that admins can check that it is not > > overiding anything that is already set up and working. > > I entirely agree. One request though: I have been trying to dig > through the SA data structures to work out how to get at the > properties mentioned to calculate the directory path names so I know > where to put the mailscanner.cf file. I can't figure it out. This will get all relevent paths and version, #!/usr/bin/perl use Mail::SpamAssassin ; my $test = Mail::SpamAssassin->new(); my $SAVersion = $Mail::SpamAssassin::VERSION; my $siterules = $test->{site_rules_filename}; $siterules ||= $test->first_existing_path (@Mail::SpamAssassin::site_rules_path); my $defaultrules = $test->{default_rules_path}; $defaultrules ||= $test->first_existing_path (@Mail::SpamAssassin::default_rules_path); my $defaultprefs = $test->{default_prefs_path}; $defaultprefs ||= $test->first_existing_path (@Mail::SpamAssassin::default_prefs_path); my $defaultuserprefs = $test->{default_userprefs_path}; $defaultuserprefs ||= $test->first_existing_path (@Mail::SpamAssassin::default_userprefs_path); my $defaultuserstate = $test->{default_userstate_dir}; $defaultuserstate ||= $test->first_existing_path (@Mail::SpamAssassin::default_userstate_dir); print "SpamAssassin Version\t: $SAVersion\n"; print "Site Rules Path\t\t: $siterules\n"; print "Default Rules Path\t: $defaultrules\n"; print "Default Prefs Path\t: $defaultprefs\n"; print "Default User Prefs\t: $defaultuserprefs\n"; print "Default User State\t: $defaultuserstate\n"; Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 12:42:38 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi, > On 22/11/05, Anthony Peacock wrote: > > Hi Julian, > > > (snip) > > > > This works on my system (extra print statements are there purely to > > get around line wrapping): > > > > #!/usr/local/bin/perl > > > > use Mail::SpamAssassin; > > $a = new Mail::SpamAssassin; > > > > print "site rules is \""; > > print $a->first_existing_path > > (@Mail::SpamAssassin::site_rules_path); print "\"\n"; > > > > > > I would be graetful if people could check this, and try it on other > > systems. > > > > -- > > Anthony Peacock > > CHIME, Royal Free & University College Medical School > > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > > "Screens are sometimes called displays because they > > display stuff ..." - UNIX for Dummies. > > > > Hi Anthony, > > That snippet works nicely for me (well, apart from the /usr/local/bin > path:-). Yeah! Sorry about the shebang line... On my system /usr/bin/perl and /usr/local/bin/perl are the same thing. > Prints the correct path on a Mandrake 10.1 (LE 2005) running > SA 3.0.4 (perl 5.8.5) and a Mandriva 10.2 (2006) running SA 3.1.0 > (perl 5.8.6). > > Now, if some of our sunny friends (not to mention the *bsd ones) would > check too...:-) Ooh! I forgot to say I ran this on Solaris 8, with SA 3.1. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Whoever said nothing is impossible never tried slamming a revolving door." - Melissa O'Brien ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Nov 22 11:50:57 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote: > Hi Julian, > >>>I entirely agree. One request though: I have been trying to dig >>>through the SA data structures to work out how to get at the >>>properties mentioned to calculate the directory path names so I know >>>where to put the mailscanner.cf file. I can't figure it out. >>> >>>Can someone (Matt perhaps?) please try and work it out for me? Can't >>>get my head around it today. > > > This works on my system (extra print statements are there purely to > get around line wrapping): > > #!/usr/local/bin/perl > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; > > I would be graetful if people could check this, and try it on other > systems. Works well on centos 4.0 (now 4.2), printed site rules is "/etc/mail/spamassassin" - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Tue Nov 22 13:02:47 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 22/11/05, Anthony Peacock wrote: > Hi, > (snip) > > > > Now, if some of our sunny friends (not to mention the *bsd ones) would > > check too...:-) > > Ooh! I forgot to say I ran this on Solaris 8, with SA 3.1. > > Perfect! Seems we've pretty much covered it then, since YAN reported on a freebsd one. I just love OSS... Now for Jules to make the changes...:-) BTW, I tested Ricks extended script (the usual Rick on steroids:-) and that works very well to get the details too, although the user parts aren't that useful ... ran the script as root, run MS as postfix... Not that that matters any. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner-user at NELAND.DK Tue Nov 22 13:05:02 2005 From: mailscanner-user at NELAND.DK (Leif Neland) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] FreeBSD 7.0-CURRENT: site rules is "/usr/local/etc/mail/spamassassin" Leif ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 13:17:59 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Glenn Steen > Sent: Tuesday, November 22, 2005 8:03 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > On 22/11/05, Anthony Peacock wrote: > > Hi, > > > (snip) > > > > > > Now, if some of our sunny friends (not to mention the *bsd ones) would > > > check too...:-) > > > > Ooh! I forgot to say I ran this on Solaris 8, with SA 3.1. > > > > > > Perfect! > Seems we've pretty much covered it then, since YAN reported on a > freebsd one. > I just love OSS... Now for Jules to make the changes...:-) > > BTW, I tested Ricks extended script (the usual Rick on steroids:-) and > that works very well to get the details too, although the user parts > aren't that useful ... ran the script as root, run MS as postfix... > Not that that matters any. > Actually I sent that early this morning and it took a loooong time to get to the list for some reason. I added the user parts in case whatever Julian is planning for it might be/should be run with the MS user. Also if he looks at the current, default user stuff and it's not the right path for the MS user, he can set the, for example, {default_userprefs_path} attribute to the proper value, or use the ->signal_user_changed( [ { opt => val, ... } ] ) function to notify SA of the correct user information (Name, StateDir, UserDir) and re-pull the information... seemed like Matt had mentioned something earlier about a user problem with some ancillary task being run as root and not the MS user, or visa-versa? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 13:28:19 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Rick, > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Julian Field Sent: Tuesday, November 22, 2005 6:14 AM To: > > MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ending the > > spam.assassin.prefs.conf madness. > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > > > > > Hi, > This will get all relevent paths and version, > > #!/usr/bin/perl > use Mail::SpamAssassin ; > my $test = Mail::SpamAssassin->new(); > > my $SAVersion = $Mail::SpamAssassin::VERSION; > my $siterules = $test->{site_rules_filename}; I don't think you strictly need the above line. In the SpamAssassin code this checks to see if the site_rules_filename config has been set by a parameter passed to the new method. As you don't pass this to the new method, you know it will be undef. Same for the other code sections below. > $siterules ||= $test->first_existing_path > (@Mail::SpamAssassin::site_rules_path); > > my $defaultrules = $test->{default_rules_path}; > $defaultrules ||= $test->first_existing_path > (@Mail::SpamAssassin::default_rules_path); > > my $defaultprefs = $test->{default_prefs_path}; > $defaultprefs ||= $test->first_existing_path > (@Mail::SpamAssassin::default_prefs_path); > > my $defaultuserprefs = $test->{default_userprefs_path}; > $defaultuserprefs ||= $test->first_existing_path > (@Mail::SpamAssassin::default_userprefs_path); > > my $defaultuserstate = $test->{default_userstate_dir}; > $defaultuserstate ||= $test->first_existing_path > (@Mail::SpamAssassin::default_userstate_dir); > > print "SpamAssassin Version\t: $SAVersion\n"; > print "Site Rules Path\t\t: $siterules\n"; > print "Default Rules Path\t: $defaultrules\n"; > print "Default Prefs Path\t: $defaultprefs\n"; > print "Default User Prefs\t: $defaultuserprefs\n"; > print "Default User State\t: $defaultuserstate\n"; > > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 22 13:45:21 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:15 2006 Subject: windows/php from problems? Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 21/11/05, Jan Agermose wrote: >> >> >> Hi >> >> >> >> This might be off topic J Im running a windows server, IIS6 and PHP. When >> sending mails from PHP on windows it seams to ignore the From header >> information set? Or is it something in mailscanner? >> >> >> >> Looking at the mail in the mailscanner log I get the bellow. As you can se I >> do set a "From: " in the header, but still mailwatch displays the from-part >> as empty? This is from the table in the detail-display of a message: >> >> >> >> >> >> Message Headers: >> >> >> >> Return-Path: <�g> >> Received: from echo.csite.com ([213.150.56.221]) >> by scanner1.mailwall.dk (8.13.1/8.13.1) with ESMTP id jALMFv0L003745 >> for ; Mon, 21 Nov 2005 23:15:57 +0100 >> Received: from echo ([127.0.0.1]) >> by echo.csite.com (ConviatorMailServer) with SMTP id FFM74443 >> for ; Mon, 21 Nov 2005 23:09:17 +0100 >> Date: Mon, 21 Nov 2005 23:09:17 +0100 >> Subject: Tilmelding til database - udviklet af edventure >> To: mediconnect@edventure.dk >> From: jan@agermose.com >> Return-Path: >> Content-Type: text/plain; charset=iso-8859-1 >> Content-Transfer-Encoding: 8bit >> Message-ID: <1132610957jan@agermose.com> >> >> >> >> From: >> >> To: mediconnect@edventure.dk >> >> Subject: Tilmelding til Mediconnects database - udviklet af edventure > > This would've fitted better on the MailWatch list (find it via > http://mailwatch.sf.net), but basically what you've missed doing is to > set an "envelope sender" (used for the "MAIL FROM: ..." in smtp)... I > suppose you've used the PEAR mail factory class? Then you can have a > look at the php code for mailwatch to see how that is set up to get > these things right (grep for QUARANTINE_FROM_ADDR, and you'll see it > pretty well). > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se Check in your php.ini for ; For Win32 only. ;sendmail_from = me@example.com You can also override this at runtime with a ini_set() Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Nov 22 13:59:05 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Anthony Peacock > Sent: Tuesday, November 22, 2005 6:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > Hi Julian, > > > > > Hi Julian, > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > > > > > I entirely agree. One request though: I have been trying to dig > > > through the SA data structures to work out how to get at the > > > properties mentioned to calculate the directory path names so I know > > > where to put the mailscanner.cf file. I can't figure it out. > > > > > > Can someone (Matt perhaps?) please try and work it out for me? Can't > > > get my head around it today. > > This works on my system (extra print statements are there purely to > get around line wrapping): > > #!/usr/local/bin/perl > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; > > > I would be graetful if people could check this, and try it on other > systems. > Works fine. It gives the same results on all of our standard MailScanner installed sites tested: # ./sa_prefs.pl site rules is "/etc/mail/spamassassin" Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 14:06:39 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Anthony Peacock > Sent: Tuesday, November 22, 2005 8:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > Hi Rick, > > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > > Behalf Of Julian Field Sent: Tuesday, November 22, 2005 6:14 AM To: > > > MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ending the > > > spam.assassin.prefs.conf madness. > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > On 22 Nov 2005, at 10:17, Anthony Peacock wrote: > > > > > > > Hi, > > > > > This will get all relevent paths and version, > > > > #!/usr/bin/perl > > use Mail::SpamAssassin ; > > my $test = Mail::SpamAssassin->new(); > > > > my $SAVersion = $Mail::SpamAssassin::VERSION; > > my $siterules = $test->{site_rules_filename}; > > I don't think you strictly need the above line. In the SpamAssassin > code this checks to see if the site_rules_filename config has been > set by a parameter passed to the new method. As you don't pass this > to the new method, you know it will be undef. > [...] I agree except I don't know if Julian passes the information somewhere, I mentioned that last night. I admit I haven't really looked at Julian's SA.pm code. One would think that if he set it then SA.pm would already know what is was, and if he set the values availible in the new method he could control exactly where SA looked for each item from the MS configuration. Just a safety valve in case one of the *_*_ paths is already set. Rick > Same for the other code sections below. > > > > $siterules ||= $test->first_existing_path > > (@Mail::SpamAssassin::site_rules_path); > > > > my $defaultrules = $test->{default_rules_path}; > > $defaultrules ||= $test->first_existing_path > > (@Mail::SpamAssassin::default_rules_path); > > > > my $defaultprefs = $test->{default_prefs_path}; > > $defaultprefs ||= $test->first_existing_path > > (@Mail::SpamAssassin::default_prefs_path); > > > > my $defaultuserprefs = $test->{default_userprefs_path}; > > $defaultuserprefs ||= $test->first_existing_path > > (@Mail::SpamAssassin::default_userprefs_path); > > > > my $defaultuserstate = $test->{default_userstate_dir}; > > $defaultuserstate ||= $test->first_existing_path > > (@Mail::SpamAssassin::default_userstate_dir); > > > > print "SpamAssassin Version\t: $SAVersion\n"; > > print "Site Rules Path\t\t: $siterules\n"; > > print "Default Rules Path\t: $defaultrules\n"; > > print "Default Prefs Path\t: $defaultprefs\n"; > > print "Default User Prefs\t: $defaultuserprefs\n"; > > print "Default User State\t: $defaultuserstate\n"; > > > > > > Rick > > > > > > -- > > This message has been scanned for viruses and > > dangerous content by MailScanner, and is > > believed to be clean. > > > > ------------------------ MailScanner list ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > > mailscanner' in the body of the email. Before posting, read the Wiki > > (http://wiki.mailscanner.info/) and the archives > > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > -- > Anthony Peacock > CHIME, Royal Free & University College Medical School > WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ > "In the beginning of a change, the patriot is a brave and > scarce man, hated and scorned. When the cause succeeds, however, > the timid join him...for then it costs nothing to be a > patriot." -Mark Twain > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From edalb1979 at GMAIL.COM Tue Nov 22 14:56:34 2005 From: edalb1979 at GMAIL.COM (edalB) Date: Thu Jan 12 21:31:15 2006 Subject: Spam Assassin Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok I have done this but how would I beable add more rules into it? Thank you On 11/22/05, Martin Hepworth wrote: > Eugene > > OK, Nothing nasty there.. > > I'd look at putting some of the SARE rules from > www.rulesemporium.com/rules.htm into /etc/mail/spamassassin. > > Drip feed a couple in at a time and see how well they work. > > You can keep these rules updated with a script called RulesDuJour which you > can run once a day or so, I'll leave this as an exercise for you to find ;-) > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of edalB > > Sent: 22 November 2005 09:57 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] Spam Assassin > > > > Yea I am using SpamAssassin > > > > Here is the output > > > > -------------------------------------------------------------------------- > > ---------- > > > > [15959] dbg: logger: adding facilities: all > > [15959] dbg: logger: logging level is DBG > > [15959] dbg: generic: SpamAssassin version 3.1.0 > > [15959] dbg: config: score set 0 chosen. > > [15959] dbg: util: running in taint mode? yes > > [15959] dbg: util: taint mode: deleting unsafe environment variables, > > resetting PATH > > [15959] dbg: util: PATH included '/usr/kerberos/sbin', keeping > > [15959] dbg: util: PATH included '/usr/kerberos/bin', keeping > > [15959] dbg: util: PATH included '/usr/lib/courier-imap/sbin', keeping > > [15959] dbg: util: PATH included '/usr/lib/courier-imap/bin', keeping > > [15959] dbg: util: PATH included '/usr/local/sbin', keeping > > [15959] dbg: util: PATH included '/usr/local/bin', keeping > > [15959] dbg: util: PATH included '/sbin', keeping > > [15959] dbg: util: PATH included '/bin', keeping > > [15959] dbg: util: PATH included '/usr/sbin', keeping > > [15959] dbg: util: PATH included '/usr/bin', keeping > > [15959] dbg: util: PATH included '/usr/X11R6/bin', keeping > > [15959] dbg: util: PATH included '/root/bin', which doesn't exist, > > dropping > > [15959] dbg: util: final PATH set to: > > /usr/kerberos/sbin:/usr/kerberos/bin:/usr/lib/courier- > > imap/sbin:/usr/lib/courier- > > imap/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr > > /X11R6/bin > > [15959] dbg: dns: is Net::DNS::Resolver available? yes > > [15959] dbg: dns: Net::DNS version: 0.48 > > [15959] dbg: dns: name server: 127.0.0.1, family: 2, ipv6: 0 > > [15959] dbg: diag: perl platform: 5.008005 linux > > [15959] dbg: diag: module installed: Digest::SHA1, version 2.10 > > [15959] dbg: diag: module installed: Net::SMTP, version 2.29 > > [15959] dbg: diag: module installed: Mail::SPF::Query, version 1.997 > > [15959] dbg: diag: module installed: IP::Country::Fast, version 309.002 > > [15959] dbg: diag: module not installed: Razor2::Client::Agent > > ('require' failed) > > [15959] dbg: diag: module not installed: Net::Ident ('require' failed) > > [15959] dbg: diag: module not installed: IO::Socket::INET6 ('require' > > failed) > > [15959] dbg: diag: module not installed: IO::Socket::SSL ('require' > > failed) > > [15959] dbg: diag: module installed: Time::HiRes, version 1.55 > > [15959] dbg: diag: module installed: DBI, version 1.40 > > [15959] dbg: diag: module installed: Getopt::Long, version 2.34 > > [15959] dbg: diag: module installed: LWP::UserAgent, version 2.031 > > [15959] dbg: diag: module installed: HTTP::Date, version 1.46 > > [15959] dbg: diag: module installed: Archive::Tar, version 1.26 > > [15959] dbg: diag: module installed: IO::Zlib, version 1.04 > > [15959] dbg: diag: module installed: DB_File, version 1.810 > > [15959] dbg: diag: module installed: HTML::Parser, version 3.45 > > [15959] dbg: diag: module installed: MIME::Base64, version 3.01 > > [15959] dbg: diag: module installed: Net::DNS, version 0.48 > > [15959] dbg: ignore: using a test message to lint rules > > [15959] dbg: config: using "/etc/mail/spamassassin" for site rules pre > > files > > [15959] dbg: config: read file /etc/mail/spamassassin/init.pre > > [15959] dbg: config: read file /etc/mail/spamassassin/v310.pre > > [15959] dbg: config: using "/usr/share/spamassassin" for sys rules pre > > files > > [15959] dbg: config: using "/usr/share/spamassassin" for default rules dir > > [15959] dbg: config: read file /usr/share/spamassassin/10_misc.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_compensate.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_drugs.cf > > [15959] dbg: config: read file > > /usr/share/spamassassin/20_fake_helo_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_phrases.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_porn.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_ratware.cf > > [15959] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf > > [15959] dbg: config: read file /usr/share/spamassassin/23_bayes.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_dcc.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_razor2.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_replace.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_spf.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_textcat.cf > > [15959] dbg: config: read file /usr/share/spamassassin/25_uribl.cf > > [15959] dbg: config: read file /usr/share/spamassassin/30_text_de.cf > > [15959] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf > > [15959] dbg: config: read file /usr/share/spamassassin/30_text_it.cf > > [15959] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf > > [15959] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf > > [15959] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf > > [15959] dbg: config: read file /usr/share/spamassassin/50_scores.cf > > [15959] dbg: config: read file /usr/share/spamassassin/60_awl.cf > > [15959] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf > > [15959] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf > > [15959] dbg: config: read file > > /usr/share/spamassassin/60_whitelist_subject.cf > > [15959] dbg: config: using "/etc/mail/spamassassin" for site rules dir > > [15959] dbg: config: read file /etc/mail/spamassassin/local.cf > > [15959] dbg: config: using "/root/.spamassassin" for user state dir > > [15959] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" > > for user prefs file > > [15959] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from > > @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from > > @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50) > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410) > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC > > [15959] dbg: pyzor: network tests on, attempting Pyzor > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::Pyzor=HASH(0x937d418) > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC > > [15959] dbg: reporter: network tests on, attempting SpamCop > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::SpamCop=HASH(0x933e008) > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::AWL=HASH(0x9340b34) > > [15959] dbg: plugin: loading > > Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x93b9668) > > [15959] dbg: plugin: loading > > Mail::SpamAssassin::Plugin::WhiteListSubject from @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150) > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from > > @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x93e1014) > > [15959] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from > > @INC > > [15959] dbg: plugin: registered > > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93eebf0) > > [15959] dbg: config: adding redirector regex: > > /^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i > > [15959] dbg: config: adding redirector regex: > > /^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i > > [15959] dbg: config: adding redirector regex: > > /^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i > > [15959] dbg: config: adding redirector regex: > > /^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i > > [15959] dbg: config: adding redirector regex: > > /^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i > > [15959] dbg: config: adding redirector regex: > > m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i > > [15959] dbg: config: adding redirector regex: > > m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i > > [15959] warn: config: failed to parse line, skipping: dcc_path > > /usr/local/bin/dccproc > > [15959] warn: config: failed to parse line, skipping: razor_timeout 10 > > [15959] warn: config: warning: score set for non-existent rule RCVD_IN_RSL > > [15959] dbg: plugin: > > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x93eebf0) implements > > 'finish_parsing_end' > > [15959] dbg: replacetags: replacing tags > > [15959] dbg: replacetags: done replacing tags > > [15959] dbg: config: using "/root/.spamassassin" for user state dir > > [15959] dbg: bayes: no dbs present, cannot tie DB R/O: > > /root/.spamassassin/bayes_toks > > [15959] dbg: config: score set 1 chosen. > > [15959] dbg: message: ---- MIME PARSER START ---- > > [15959] dbg: message: main message type: text/plain > > [15959] dbg: message: parsing normal part > > [15959] dbg: message: added part, type: text/plain > > [15959] dbg: message: ---- MIME PARSER END ---- > > [15959] dbg: bayes: no dbs present, cannot tie DB R/O: > > /root/.spamassassin/bayes_toks > > [15959] dbg: dns: dns_available set to yes in config file, skipping test > > [15959] dbg: metadata: X-Spam-Relays-Trusted: > > [15959] dbg: metadata: X-Spam-Relays-Untrusted: > > [15959] dbg: message: no encoding detected > > [15959] dbg: plugin: > > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements > > 'parsed_metadata' > > [15959] dbg: uridnsbl: domains to query: > > [15959] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl- > > notfirsthop > > [15959] dbg: dns: checking RBL sa-accredit.habeas.com., set habeas- > > firsttrusted > > [15959] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl > > [15959] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp- > > untrusted > > [15959] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop > > [15959] dbg: dns: checking RBL combined.njabl.org., set njabl > > [15959] dbg: dns: checking RBL > > combined-HIB.dnsiplists.completewhois.com., set whois > > [15959] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop > > [15959] dbg: dns: checking RBL bl.spamcop.net., set spamcop > > [15959] dbg: dns: checking RBL sa-trusted.bondedsender.org., set > > bsp-firsttrusted > > [15959] dbg: dns: checking RBL > > combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop > > [15959] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop > > [15959] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs > > [15959] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted > > [15959] dbg: check: running tests for priority: 0 > > [15959] dbg: rules: running header regexp tests; score so far=0 > > [15959] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" > > [15959] dbg: rules: ran header rule __SANE_MSGID ======> got hit: > > "<1132651979@lint_rules> > > [15959] dbg: rules: " > > [15959] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: > > "ignore@compiling.spamassassin.taint.org > > [15959] dbg: rules: " > > [15959] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: > > "@lint_rules>" > > [15959] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: > > "1132651979" > > [15959] dbg: plugin: registering glue method for > > check_hashcash_double_spend > > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50)) > > [15959] dbg: plugin: registering glue method for > > check_for_spf_helo_pass > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: spf: message was delivered entirely via trusted relays, > > not required > > [15959] dbg: eval: all '*From' addrs: > > ignore@compiling.spamassassin.taint.org > > [15959] dbg: plugin: registering glue method for > > check_subject_in_blacklist > > (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150)) > > [15959] dbg: plugin: registering glue method for check_hashcash_value > > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x933cb50)) > > [15959] dbg: eval: all '*To' addrs: > > [15959] dbg: plugin: registering glue method for check_for_spf_neutral > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: spf: message was delivered entirely via trusted relays, > > not required > > [15959] dbg: plugin: registering glue method for > > check_for_spf_softfail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: rules: ran eval rule NO_RELAYS ======> got hit > > [15959] dbg: plugin: registering glue method for check_for_spf_pass > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: plugin: registering glue method for > > check_for_spf_helo_softfail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: plugin: registering glue method for > > check_for_def_spf_whitelist_from > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: spf: cannot get Envelope-From, cannot use SPF > > [15959] dbg: spf: def_spf_whitelist_from: could not find useable envelope > > sender > > [15959] dbg: plugin: registering glue method for check_for_spf_fail > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit > > [15959] dbg: plugin: registering glue method for > > check_subject_in_whitelist > > (Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x93d7150)) > > [15959] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit > > [15959] dbg: plugin: registering glue method for > > check_for_spf_whitelist_from > > (Mail::SpamAssassin::Plugin::SPF=HASH(0x935b410)) > > [15959] dbg: spf: spf_whitelist_from: could not find useable envelope > > sender > > [15959] dbg: rules: running body-text per-line regexp tests; score so > > far=0.738 > > [15959] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" > > [15959] dbg: uri: running uri tests; score so far=0.738 > > [15959] dbg: bayes: no dbs present, cannot tie DB R/O: > > /root/.spamassassin/bayes_toks > > [15959] dbg: bayes: not scoring message, returning undef > > [15959] dbg: bayes: opportunistic call attempt failed, DB not readable > > [15959] dbg: plugin: registering glue method for check_uridnsbl > > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4)) > > [15959] dbg: rules: running raw-body-text per-line regexp tests; score > > so far=0.738 > > [15959] dbg: rules: running full-text regexp tests; score so far=0.738 > > [15959] dbg: plugin: registering glue method for check_pyzor > > (Mail::SpamAssassin::Plugin::Pyzor=HASH(0x937d418)) > > [15959] dbg: pyzor: pyzor is not available: no pyzor executable found > > [15959] dbg: pyzor: no pyzor found, disabling Pyzor > > [15959] dbg: plugin: > > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements > > 'check_tick' > > [15959] dbg: check: running tests for priority: 500 > > [15959] dbg: plugin: > > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x93266e4) implements > > 'check_post_dnsbl' > > [15959] dbg: rules: running meta tests; score so far=0.738 > > [15959] dbg: rules: running header regexp tests; score so far=2.216 > > [15959] dbg: rules: running body-text per-line regexp tests; score so > > far=2.216 > > [15959] dbg: uri: running uri tests; score so far=2.216 > > [15959] dbg: rules: running raw-body-text per-line regexp tests; score > > so far=2.216 > > [15959] dbg: rules: running full-text regexp tests; score so far=2.216 > > [15959] dbg: check: running tests for priority: 1000 > > [15959] dbg: rules: running meta tests; score so far=2.216 > > [15959] dbg: rules: running header regexp tests; score so far=2.216 > > [15959] dbg: plugin: registering glue method for > > check_from_in_auto_whitelist > > (Mail::SpamAssassin::Plugin::AWL=HASH(0x9340b34)) > > [15959] dbg: rules: running body-text per-line regexp tests; score so > > far=2.216 > > [15959] dbg: uri: running uri tests; score so far=2.216 > > [15959] dbg: rules: running raw-body-text per-line regexp tests; score > > so far=2.216 > > [15959] dbg: rules: running full-text regexp tests; score so far=2.216 > > [15959] dbg: check: is spam? score=2.216 required=5 > > [15959] dbg: check: > > tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,T > > O_CC_NONE > > [15959] dbg: check: > > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__S > > ANE_MSGID,__UNUSABLE_MSGID > > [15959] warn: lint: 3 issues detected, please rerun with debug enabled > > for more information > > > > On 11/22/05, Martin Hepworth wrote: > > > Hi > > > > > > What extra rules are you running for SpamAssassin? > > > > > > Whats the results of > > > > > > spamassassin -p /spam.assassin.prefs.conf -D --lint > > > > > > > > > (replace with the correct directory) > > > > > > -- > > > Martin Hepworth > > > Snr Systems Administrator > > > Solid State Logic > > > Tel: +44 (0)1865 842300 > > > > > > > -----Original Message----- > > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > > Behalf Of edalB > > > > Sent: 22 November 2005 07:32 > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: [MAILSCANNER] Spam Assassin > > > > > > > > Hi all I have a big problem with spam. > > > > > > > > MailScanner seas that it cheking for spam. But there is still a huge > > > > ammount of spam comming through my mailserver. > > > > > > > > I have redone the spamasassin twise now but still no luck. > > > > > > > > When I run the debug from the Wiki I just dont get any results. > > > > > > > > Please can someone give me some advice. > > > > > > > > Thank you > > > > Eugene > > > > > > > > ------------------------ MailScanner list ------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > ********************************************************************** > > > > > > This email and any files transmitted with it are confidential and > > > intended solely for the use of the individual or entity to whom they > > > are addressed. If you have received this email in error please notify > > > the system manager. > > > > > > This footnote confirms that this email message has been swept > > > for the presence of computer viruses and is believed to be clean. > > > > > > ********************************************************************** > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 14:58:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 12:00, Rick Cooper wrote: > > Julian, this code works : > > #!/usr/bin/perl > use Mail::SpamAssassin ; > my $test = Mail::SpamAssassin->new(); > my $siterules = $test->{site_rules_filename}; > $siterules ||= $test->first_existing_path > (@Mail::SpamAssassin::site_rules_path); > print "Site Rules Path : $siterules\n"; Presumably, as I need a directory, I don't want to do the site_rules_filename bit. So I end up with just use Mail::SpamAssassin; $a = new Mail::SpamAssassin; print "site rules is \""; print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); print "\"\n"; If I create a mailscanner.cf in there, and put everything from spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? So people expecting to find spam.assassin.prefs.conf will still have it, but the real file will be in mailscanner.cf in the site_rules_path directory. When they upgrade by RPM, what should I do? Once they have the mailscanner.cf in place, it's easy. It's the first upgrade to the new structure that I have to handle carefully. Any ideas? Is *everyone* happy with this? If not, what would be better and why? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4MyCfw32o+k+q+hAQF2WQf+NRv/LZ8dfcFazXNgCBAXD/+CI1lAFu+8 w0xwGB2qDx4S6X90aCD04fMktxHVhsm8Hf1R28+rVTsVeruIJDHaJ4EYiQG91vGM j9YWfgDjppEw09rJyt+VkYAcej594yVTiZD4NzNRpdmhiOR2TNCMbDG6rHIZWMG9 MO6xCytqdMFLjU9MT1Sz8as+gNXcaZvlgsbJEMduZ251Owe4EQFqqXSkR/IgOVZg /j6hXdvuWSuEkSiHq4bVYPQMSes8rIQCVEauaKhy4V9y4ucr9EAfgmqfl7HBNiAk CMR7VeDffuYOXw5rciw7cZfjBrhvxAPujEfeIQe7rBwI30Ct2V8QSw== =fHlY -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 15:09:34 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Julian, > -----BEGIN PGP SIGNED MESSAGE----- > > > On 22 Nov 2005, at 12:00, Rick Cooper wrote: > > > > Julian, this code works : > > > > #!/usr/bin/perl > > use Mail::SpamAssassin ; > > my $test = Mail::SpamAssassin->new(); > > my $siterules = $test->{site_rules_filename}; > > $siterules ||= $test->first_existing_path > > (@Mail::SpamAssassin::site_rules_path); > > print "Site Rules Path : $siterules\n"; > > Presumably, as I need a directory, I don't want to do the > site_rules_filename bit. So I end up with just > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; > > If I create a mailscanner.cf in there, and put everything from > spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf > and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? I am not too sure it does. SpamAssassin works with the concept of two files, a 'site' config and a 'user' config. Some configuration settings should go in the 'site' config and others in a 'user' config. The site_rules_path/mailscanner.cf file should be for site wide config options. The spam.assassin.prefs file should be for options that are only applicable when running MailScanner. For instance you might want to adjust certain timeouts for running SpamAssassin under MailScanner but not from the command line. I think Matt expressed this in more detail earlier. If it was generally felt that having only one file was the best way forward I would agree with your scheme above. But I still have a feeling that the two files better match how SA expects to work. > > So people expecting to find spam.assassin.prefs.conf will still have > it, but the real file will be in mailscanner.cf in the > site_rules_path directory. > > When they upgrade by RPM, what should I do? Once they have the > mailscanner.cf in place, it's easy. It's the first upgrade to the new > structure that I have to handle carefully. Any ideas? > > Is *everyone* happy with this? If not, what would be better and why? > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ4MyCfw32o+k+q+hAQF2WQf+NRv/LZ8dfcFazXNgCBAXD/+CI1lAFu+8 > w0xwGB2qDx4S6X90aCD04fMktxHVhsm8Hf1R28+rVTsVeruIJDHaJ4EYiQG91vGM > j9YWfgDjppEw09rJyt+VkYAcej594yVTiZD4NzNRpdmhiOR2TNCMbDG6rHIZWMG9 > MO6xCytqdMFLjU9MT1Sz8as+gNXcaZvlgsbJEMduZ251Owe4EQFqqXSkR/IgOVZg > /j6hXdvuWSuEkSiHq4bVYPQMSes8rIQCVEauaKhy4V9y4ucr9EAfgmqfl7HBNiAk > CMR7VeDffuYOXw5rciw7cZfjBrhvxAPujEfeIQe7rBwI30Ct2V8QSw== > =fHlY > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Whoever said nothing is impossible never tried slamming a revolving door." - Melissa O'Brien ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 15:16:21 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 9:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > -----BEGIN PGP SIGNED MESSAGE----- > > > On 22 Nov 2005, at 12:00, Rick Cooper wrote: > > > > Julian, this code works : > > > > #!/usr/bin/perl > > use Mail::SpamAssassin ; > > my $test = Mail::SpamAssassin->new(); > > my $siterules = $test->{site_rules_filename}; > > $siterules ||= $test->first_existing_path > > (@Mail::SpamAssassin::site_rules_path); > > print "Site Rules Path : $siterules\n"; > > Presumably, as I need a directory, I don't want to do the > site_rules_filename bit. So I end up with just > > use Mail::SpamAssassin; > $a = new Mail::SpamAssassin; > print "site rules is \""; > print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > print "\"\n"; > > If I create a mailscanner.cf in there, and put everything from > spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf > and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? > Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf site_rules_path/mailscanner.cf? > So people expecting to find spam.assassin.prefs.conf will still have > it, but the real file will be in mailscanner.cf in the > site_rules_path directory. > > When they upgrade by RPM, what should I do? Once they have the > mailscanner.cf in place, it's easy. It's the first upgrade to the new > structure that I have to handle carefully. Any ideas? > Wouldn't the above handle this also? At the very least the rpm install scripts could add the link. Or When MailScanner loads it could look for a soft link at site_rules_path/mailscanner.cf and create it then. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 15:42:48 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Anthony Peacock > Sent: Tuesday, November 22, 2005 10:10 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > [...] > > If I create a mailscanner.cf in there, and put everything from > > spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf > > and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? > > I am not too sure it does. SpamAssassin works with the concept of > two files, a 'site' config and a 'user' config. Some configuration > settings should go in the 'site' config and others in a 'user' > config. > > The site_rules_path/mailscanner.cf file should be for site wide > config options. > > The spam.assassin.prefs file should be for options that are only > applicable when running MailScanner. > How about this. Don't put the spamassassin.prefs.conf in the normal site_rules dir at all. When Ms loads create a new Sa object, get the site_rules_path and read all the .cf files into a variable and reading into it spamassassin.prefs.conf last. Now destroy the original object and create a new object setting the new({config_text => MSRules}) to the value of that variable. This, according to the docs, will cause SA to ignore all site and user prefs stuff and use the value of config_text instead. I don't think MailScanner uses the user prefs anyway. Once that is done you should be able to destroy the original variable and free the memory and the SA package would be using what it always did. This should result in spamassassin.prefs.conf in being the overriding site rules provider while MailScanner is running and completely ignored when sa-* is run from the command line. If Julian has time to test it that would be great, otherwise I could get to it sometime this week-weekend. Ref: http://search.cpan.org/~jmason/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAssassin .pm [...] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 15:56:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 15:16, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Julian Field >> Sent: Tuesday, November 22, 2005 9:58 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: ending the spam.assassin.prefs.conf madness. >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 22 Nov 2005, at 12:00, Rick Cooper wrote: >>> >>> Julian, this code works : >>> >>> #!/usr/bin/perl >>> use Mail::SpamAssassin ; >>> my $test = Mail::SpamAssassin->new(); >>> my $siterules = $test->{site_rules_filename}; >>> $siterules ||= $test->first_existing_path >>> (@Mail::SpamAssassin::site_rules_path); >>> print "Site Rules Path : $siterules\n"; >> >> Presumably, as I need a directory, I don't want to do the >> site_rules_filename bit. So I end up with just >> >> use Mail::SpamAssassin; >> $a = new Mail::SpamAssassin; >> print "site rules is \""; >> print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); >> print "\"\n"; >> >> If I create a mailscanner.cf in there, and put everything from >> spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf >> and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? >> > > Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf > site_rules_path/mailscanner.cf? So all I need to do is add a link to spam.assassin.prefs.conf in site_rules_path/mailscanner.cf ? This sounds like this whole entire problem could be solved with 1 soft link. Is that really all I need to do? >> So people expecting to find spam.assassin.prefs.conf will still have >> it, but the real file will be in mailscanner.cf in the >> site_rules_path directory. >> >> When they upgrade by RPM, what should I do? Once they have the >> mailscanner.cf in place, it's easy. It's the first upgrade to the new >> structure that I have to handle carefully. Any ideas? >> > > Wouldn't the above handle this also? At the very least the rpm install > scripts could add the link. Or When MailScanner loads it could look > for a > soft link at site_rules_path/mailscanner.cf and create it then. It would be easy for the rpm install script to run a short Perl script which output the pathname where the soft-link has to go. I would rather not do it at run-time, it is very difficult to not do it if you need to not do it for some reason. The only problem left is that people normally install MailScanner before installing SpamAssassin. Which package should it go into? I suspect the answer is both. Should be easy enough. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4M/nvw32o+k+q+hAQGvqQf/XXTt1QrZqHrBObfwZ2DFg6m3d+f55ozt hkWlL8M/reQ3oy2OXjtBzxPYyC1L4bRRRdUeItKr930RchfRjC/iuezPFp91ZB4j by7DS2FoTHh3JPzKr8xqZtLYccrO2eD9j9Z93DMutSfFoLlguBkLBtbD5mFTObZq rTzPezziPebfH4DnmsK3n+hlIeSL3mdqFhCQdyo5eMEk/agLb+CFXK43PKz2/Aar WXEYG0AjBhXWHbrE56W0cqmYrWYrtGHTI1CPwtdOOVGWX2B5be6GjepP79N0bnwa 1Ltn2XqeQqXob8N1A4ICjGSsvBpoAzCUaA9/bB41MblWiTSuGaWa/Q== =zC0b -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 15:58:50 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi, > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Anthony Peacock Sent: Tuesday, November 22, 2005 10:10 AM > > To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ending the > > spam.assassin.prefs.conf madness. > > > > > [...] > > > If I create a mailscanner.cf in there, and put everything from > > > spam.assassin.prefs.conf in it, and just softlink that > > > mailscanner.cf and spam.assassin.prefs.conf, then does this do the > > > Right Thing(TM)? > > > > I am not too sure it does. SpamAssassin works with the concept of > > two files, a 'site' config and a 'user' config. Some configuration > > settings should go in the 'site' config and others in a 'user' > > config. > > > > The site_rules_path/mailscanner.cf file should be for site wide > > config options. > > > > The spam.assassin.prefs file should be for options that are only > > applicable when running MailScanner. > > > > How about this. Don't put the spamassassin.prefs.conf in the normal > site_rules dir at all. > > When Ms loads create a new Sa object, get the site_rules_path and read > all the .cf files into a variable and reading into it > spamassassin.prefs.conf last. Now destroy the original object and > create a new object setting the new({config_text => MSRules}) to the > value of that variable. This, according to the docs, will cause SA to > ignore all site and user prefs stuff and use the value of config_text > instead. I don't think MailScanner uses the user prefs anyway. Once > that is done you should be able to destroy the original variable and > free the memory and the SA package would be using what it always did. > This should result in spamassassin.prefs.conf in being the overriding > site rules provider while MailScanner is running and completely > ignored when sa-* is run from the command line. If Julian has time to > test it that would be great, otherwise I could get to it sometime this > week-weekend. > > Ref: > http://search.cpan.org/~jmason/Mail-SpamAssassin-3.1.0/lib/Mail/SpamAs > sassin .pm This is very neat, but I would actually prefer Julian's proposal. By doing it Julian's way it is patently obvious what is happening with the SA config files. And anyone maintaining SA can see that there is a mailscanner.cf file that may override other settings. The issue I was raising above, was purely that there are some SA config directives that _have_ to go in the site_rules_path, and some that can be set via a user prefs file. For maximum flexibility in the configuration I would like to see the two file option, where we keep a separate spam.assassin.prefs file as well as a site_rules_path/mailscanner.conf file. However, if people think that manageing two files with such subtle differences would be over complicated for the 90% of users that want a simple out-of-the-box install. Then I would prefer a site_rules_path/mailscanner.conf file with a soft link from the spam.assassin.prefs file. I think Matt expressed the difference between the different config directives better than I can. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Minds, like parachutes, function best when open." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 16:02:01 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 15:42, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Anthony Peacock >> Sent: Tuesday, November 22, 2005 10:10 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: ending the spam.assassin.prefs.conf madness. >> >> > [...] >>> If I create a mailscanner.cf in there, and put everything from >>> spam.assassin.prefs.conf in it, and just softlink that >>> mailscanner.cf >>> and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? >> >> I am not too sure it does. SpamAssassin works with the concept of >> two files, a 'site' config and a 'user' config. Some configuration >> settings should go in the 'site' config and others in a 'user' >> config. >> >> The site_rules_path/mailscanner.cf file should be for site wide >> config options. >> >> The spam.assassin.prefs file should be for options that are only >> applicable when running MailScanner. >> > > How about this. Don't put the spamassassin.prefs.conf in the normal > site_rules dir at all. > > When Ms loads create a new Sa object, get the site_rules_path and > read all > the .cf files into a variable and reading into it > spamassassin.prefs.conf > last. Now destroy the original object and create a new object > setting the > new({config_text => MSRules}) to the value of that variable. This, > according > to the docs, will cause SA to ignore all site and user prefs stuff > and use > the value of config_text instead. I don't think MailScanner uses > the user > prefs anyway. Once that is done you should be able to destroy the > original > variable and free the memory and the SA package would be using what it > always did. This should result in spamassassin.prefs.conf in being the > overriding site rules provider while MailScanner is running and > completely > ignored when sa-* is run from the command line. If Julian has time > to test > it that would be great, otherwise I could get to it sometime this > week-weekend. A sample implementation would be good, but we are starting to get near the end of the month. So if this is going in the next release, I would like to sort it this week. I don't quite understand your description above, sounds complicated and error-prone. I am all in favour of an install-time simple solution. Otherwise you can end up making life impossible for the advanced guys who like to tweak. I try to please everyone if possible :-) - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4NA+/w32o+k+q+hAQEXMgf+LtxPEAUuF4UBQVV37Hhrjdr+c7fl6i47 pGIpNHgYZTGyT0+Y9hThUzfgMAF1HwbUumimvXFN4u+fGLbmFBIF5U3HyBIKqgKU wBTKV2kHYUQGj4InnEN5n5PZVpcYOS/Z6vz8CZLS1YB89a8AN0F+hsxY5y1F2ncz RLWJ7o+dfW3kl7lWUOxjOukMG/4RUy0s7fI6Q8x9EK8n74pHsXkI+ld+B/oUvyFa hSsrEZYJvhC7qfBVQpdrSjWPgLeGl2SNfXVXf+opurP+N5kkjC7n/h/q3AwkyWQh aPZ1sa+5UqE8O0wNxs8RDCL+JwsRdAR0WFnbKMJTBi30drxStO7sqA== =MAEP -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 16:03:54 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi, > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 15:42, Rick Cooper wrote: > > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Anthony Peacock > >> Sent: Tuesday, November 22, 2005 10:10 AM To: > >> MAILSCANNER@JISCMAIL.AC.UK Subject: Re: ending the > >> spam.assassin.prefs.conf madness. > >> > >> > > [...] > >>> If I create a mailscanner.cf in there, and put everything from > >>> spam.assassin.prefs.conf in it, and just softlink that > >>> mailscanner.cf and spam.assassin.prefs.conf, then does this do the > >>> Right Thing(TM)? > >> > >> I am not too sure it does. SpamAssassin works with the concept of > >> two files, a 'site' config and a 'user' config. Some configuration > >> settings should go in the 'site' config and others in a 'user' > >> config. > >> > >> The site_rules_path/mailscanner.cf file should be for site wide > >> config options. > >> > >> The spam.assassin.prefs file should be for options that are only > >> applicable when running MailScanner. > >> > > > > How about this. Don't put the spamassassin.prefs.conf in the normal > > site_rules dir at all. > > > > When Ms loads create a new Sa object, get the site_rules_path and > > read all the .cf files into a variable and reading into it > > spamassassin.prefs.conf last. Now destroy the original object and > > create a new object setting the new({config_text => MSRules}) to > > the value of that variable. This, according to the docs, will cause > > SA to ignore all site and user prefs stuff and use the value of > > config_text instead. I don't think MailScanner uses the user prefs > > anyway. Once that is done you should be able to destroy the > > original variable and free the memory and the SA package would be > > using what it always did. This should result in > > spamassassin.prefs.conf in being the overriding site rules provider > > while MailScanner is running and completely ignored when sa-* is > > run from the command line. If Julian has time to test it that would > > be great, otherwise I could get to it sometime this week-weekend. > > A sample implementation would be good, but we are starting to get > near the end of the month. So if this is going in the next release, I > would like to sort it this week. I don't quite understand your > description above, sounds complicated and > error-prone. I am all in favour of an install-time > simple solution. Otherwise you can end up making life impossible for > the advanced guys who like to tweak. I try to please everyone if > possible :-) My vote is to KISS, and go for the soft link route. That way makes it very obvious for someone maintaining/debugging SA to see that there is an extra cf file that _may_ be overwriting some settings. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Minds, like parachutes, function best when open." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 16:12:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 15:58, Anthony Peacock wrote: > > However, if people think that manageing two files with such subtle > differences would be over complicated for the 90% of users that want > a simple out-of-the-box install. I think having 2 files would be more complicated than absolutely necessary. > Then I would prefer a > site_rules_path/mailscanner.conf file with a soft link from the > spam.assassin.prefs file. Should the real file be spam.assassin.prefs.conf or mailscanner.cf? I am in favour of the real file being spam.assassin.prefs.conf and the link being mailscanner.cf. That keeps the RPM installer simpler too. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4NDgvw32o+k+q+hAQE46wgAqxcwmQkw/AOqZISLvq2rKM/N0emJWr7f 328vls8eWUzd7lWwpzJ24U1zsu79N1xZEtyzb9K40x8crbRibggQDrRurEXL/dvX NVaQ5YmRE7R93Di+FJ6kISLO5sfOJDDCLMee3Z8Kaf5t/mx1fk0TCTjsBb/Ilicb 5/OIBD2WU7GYO6fMlEaAHAguTdiaqxq4qf0IyvM+qRZD2Hx8HwWzVxAPBF0xWdgY k95iSAv9mJIQkNGAw31KjbBmaIgV85eO1L3Kyw74ThNjlm+YIJHNnpU0vwLvFDxj 7Ohmwwvy6J14GMKGP8YlWMu3n3Ur2n2uvsHzZpwPwV+1s9RGO7CfOQ== =hZ06 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 22 16:15:47 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > Please accept my sincere apologies for anything I said yesterday. My > only excuse is that I was awaiting some very important information > from my consultant. In the end it didn't go the way I would have > preferred. So I was more than a little edgy. > My apologies again. > No offense Julian. When debating technical issues I'm often read as more edgy than I mean to be. Thus, I usually take such things with a grain of salt unless it clearly turns into a personal attack. Hope you didn't take any of my parries as personal either. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 16:15:44 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi, > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 15:58, Anthony Peacock wrote: > > > > However, if people think that manageing two files with such subtle > > differences would be over complicated for the 90% of users that want > > a simple out-of-the-box install. > > I think having 2 files would be more complicated than absolutely > necessary. Fair enough. > > Then I would prefer a > > site_rules_path/mailscanner.conf file with a soft link from the > > spam.assassin.prefs file. > > Should the real file be spam.assassin.prefs.conf or mailscanner.cf? I > am in favour of the real file being spam.assassin.prefs.conf and the > link being mailscanner.cf. That keeps the RPM installer simpler too. From dhawal at NETMAGICSOLUTIONS.COM Tue Nov 22 16:29:44 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field writes: >>> If I create a mailscanner.cf in there, and put everything from >>> spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf >>> and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? >> >> Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf >> site_rules_path/mailscanner.cf? > > So all I need to do is add a link to spam.assassin.prefs.conf in > site_rules_path/mailscanner.cf ? > > This sounds like this whole entire problem could be solved with 1 > soft link. > > Is that really all I need to do? I don't think so, time and again Matt has insisted on NOT soft linking sa-prefs.conf to local.cf (and if i understand correctly any *.cf file) a. Due to the problems already discussed in this thread b. SA probably using the same file twice, unless mailscanner ceases to use sa.prefs.conf But, i am obviously not Matt (and am quite likely to misunderstand sa's internal working) and also am sure he prefers to speak for himself. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 16:24:33 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 16:15, Anthony Peacock wrote: > Hi, > >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 22 Nov 2005, at 15:58, Anthony Peacock wrote: >>> >>> However, if people think that manageing two files with such subtle >>> differences would be over complicated for the 90% of users that want >>> a simple out-of-the-box install. >> >> I think having 2 files would be more complicated than absolutely >> necessary. > > Fair enough. > >>> Then I would prefer a >>> site_rules_path/mailscanner.conf file with a soft link from the >>> spam.assassin.prefs file. >> >> Should the real file be spam.assassin.prefs.conf or mailscanner.cf? I >> am in favour of the real file being spam.assassin.prefs.conf and the >> link being mailscanner.cf. That keeps the RPM installer simpler too. > > From my perspective it wouldn't make any difference. So I would go > with what made the installer easier. Okay, that's made Anthony happy with a "1 soft link" solution. ln -s -f /spam.assassin.prefs.conf / mailscanner.cf Now to get clearance from Matt and Rick... - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4NGRPw32o+k+q+hAQGFkQf/aLYj9RpAb6GALEhnk6aiEmPDoZkifKH1 J+lyJeb+jaACD0L0Kx3cWHL1CWA5nk/y5y5Pl8e0Ymog6R/EXtY7cI0sDnOwUlRO Yy4EptTiAo7laZxSPueODdJBbwcrkWCPrX3p5vAxhvQqX1DB4Txa3l4pwKvBMvoV B/Bz+ei+o3kHFWvhbcUrrHWavSFyM1A5OWeaa4nA0X8LjhogmJO3h1JMKkjars4f SA/N4tmf3FXzjOCXMeMWZScTc1bbPfCDJ3q2K3795ffuHzDIr4fzV2X/8xTRdsHO RYxOFv3WN3llo5k8rJ6TzHLBwjlBs8dvKLNvu2MmcW0Gm6sWlaAcbA== =tqlr -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 16:24:40 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi, > Julian Field writes: > >>> If I create a mailscanner.cf in there, and put everything from > >>> spam.assassin.prefs.conf in it, and just softlink that > >>> mailscanner.cf and spam.assassin.prefs.conf, then does this do the > >>> Right Thing(TM)? > >> > >> Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf > >> site_rules_path/mailscanner.cf? > > > > So all I need to do is add a link to spam.assassin.prefs.conf in > > site_rules_path/mailscanner.cf ? > > > > This sounds like this whole entire problem could be solved with 1 > > soft link. > > > > Is that really all I need to do? > > I don't think so, time and again Matt has insisted on NOT soft linking > sa-prefs.conf to local.cf (and if i understand correctly any *.cf > file) > > a. Due to the problems already discussed in this thread > b. SA probably using the same file twice, unless mailscanner ceases to > use sa.prefs.conf > > But, i am obviously not Matt (and am quite likely to misunderstand > sa's internal working) and also am sure he prefers to speak for > himself. Dhawal, You are right of course. I knew there was a reason for keeping them separate, I just couldn't rememember it. I was hoping someone like Matt or you would jump in to remind me. And in fact it was a post by Matt a few weeks ago that made me understand the relationship between the two files. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A computer lets you make more mistakes faster than any invention in human history with the possible exceptions of handguns and tequila." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 22 16:27:09 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Julian Field writes: > >>>> If I create a mailscanner.cf in there, and put everything from >>>> spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf >>>> and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? >>> >>> >>> Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf >>> site_rules_path/mailscanner.cf? >> >> >> So all I need to do is add a link to spam.assassin.prefs.conf in >> site_rules_path/mailscanner.cf ? >> This sounds like this whole entire problem could be solved with 1 >> soft link. >> Is that really all I need to do? > > > I don't think so, time and again Matt has insisted on NOT soft linking > sa-prefs.conf to local.cf (and if i understand correctly any *.cf file) > a. Due to the problems already discussed in this thread > b. SA probably using the same file twice, unless mailscanner ceases to > use sa.prefs.conf > But, i am obviously not Matt (and am quite likely to misunderstand sa's > internal working) and also am sure he prefers to speak for himself. > - dhawal That's a correct analysis. If you soft-link the file, under the existing MS code, you'll end up double-parsing the file. For most options this is irrelevant, but for a few options this could cause subtle misbehaviors. (ie: report template commands, trusted_networks, and other commands that concatenate instead of clobber.) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 16:28:47 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 16:15, Anthony Peacock wrote: > > > Hi, > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> On 22 Nov 2005, at 15:58, Anthony Peacock wrote: > >>> > >>> However, if people think that manageing two files with such subtle > >>> differences would be over complicated for the 90% of users that > >>> want a simple out-of-the-box install. > >> > >> I think having 2 files would be more complicated than absolutely > >> necessary. > > > > Fair enough. > > > >>> Then I would prefer a > >>> site_rules_path/mailscanner.conf file with a soft link from the > >>> spam.assassin.prefs file. > >> > >> Should the real file be spam.assassin.prefs.conf or mailscanner.cf? > >> I am in favour of the real file being spam.assassin.prefs.conf and > >> the link being mailscanner.cf. That keeps the RPM installer simpler > >> too. > > > > From my perspective it wouldn't make any difference. So I would go > > with what made the installer easier. > > Okay, that's made Anthony happy with a "1 soft link" solution. > > ln -s -f /spam.assassin.prefs.conf / > mailscanner.cf Not so fast that man :-) Dhawal's post has just reminded me why I had it in my mind that the two separate files was a better option. I think a soft link would only be an option, if MailScanner stopped using the spam.assassin.prefs file itself. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "A computer lets you make more mistakes faster than any invention in human history with the possible exceptions of handguns and tequila." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 16:38:33 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 16:15, Anthony Peacock wrote: > > > Hi, > > > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> On 22 Nov 2005, at 15:58, Anthony Peacock wrote: > >>> > >>> However, if people think that manageing two files with such subtle > >>> differences would be over complicated for the 90% of users that > >>> want a simple out-of-the-box install. > >> > >> I think having 2 files would be more complicated than absolutely > >> necessary. > > > > Fair enough. > > > >>> Then I would prefer a > >>> site_rules_path/mailscanner.conf file with a soft link from the > >>> spam.assassin.prefs file. > >> > >> Should the real file be spam.assassin.prefs.conf or mailscanner.cf? > >> I am in favour of the real file being spam.assassin.prefs.conf and > >> the link being mailscanner.cf. That keeps the RPM installer simpler > >> too. > > > > From my perspective it wouldn't make any difference. So I would go > > with what made the installer easier. > > Okay, that's made Anthony happy with a "1 soft link" solution. > > ln -s -f /spam.assassin.prefs.conf / > mailscanner.cf > > Now to get clearance from Matt and Rick... I have just metophoricaly stepped back from this discussion to look at the root issue. I actually think that the main problem we have (and this was raised initially), are caused by the comments at the top of the current spam.assassin.prefs.conf file. The version that I have installed instructs users to disable their local.cf file. If they already have a working SA setup that is just going to plain break it. The comments also claim that an upgrade to SA would overwrite settings in the local.cf file. This also is not true. So perhaps all we need is some sensible comments in that file, that point out that settings in this file are for MailScanner only and any settings that need to be applied site wide should go in local.cf. And to prune or comment out some of the more eosoteric settings that Matt commented about earlier. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Computer software consists of only two components: ones and zeros, in roughly equal proportions. All that is required is to sort them into the correct order." ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 16:43:47 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 16:27, Matt Kettler wrote: > Dhawal Doshy wrote: >> Julian Field writes: >> >>>>> If I create a mailscanner.cf in there, and put everything from >>>>> spam.assassin.prefs.conf in it, and just softlink that >>>>> mailscanner.cf >>>>> and spam.assassin.prefs.conf, then does this do the Right Thing >>>>> (TM)? >>>> >>>> >>>> Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf >>>> site_rules_path/mailscanner.cf? >>> >>> >>> So all I need to do is add a link to spam.assassin.prefs.conf in >>> site_rules_path/mailscanner.cf ? >>> This sounds like this whole entire problem could be solved with 1 >>> soft link. >>> Is that really all I need to do? >> >> >> I don't think so, time and again Matt has insisted on NOT soft >> linking >> sa-prefs.conf to local.cf (and if i understand correctly any *.cf >> file) >> a. Due to the problems already discussed in this thread >> b. SA probably using the same file twice, unless mailscanner >> ceases to >> use sa.prefs.conf >> But, i am obviously not Matt (and am quite likely to misunderstand >> sa's >> internal working) and also am sure he prefers to speak for himself. >> - dhawal > > That's a correct analysis. If you soft-link the file, under the > existing MS > code, you'll end up double-parsing the file. Sorry, should have said. I will stop using the spam.assassin.prefs.conf internally in MailScanner. Obviously we don't want to parse the same file twice. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4NKxvw32o+k+q+hAQEUHQgAgk337cicaWKpG3kg1/sjP1jInOsjDfaO EPEWHJAqIICi/Pg7zV6hqHCj/HrJhx4N9rUZ/NW4ngnQviYHXQb5dQElT1QGVwXj vTGT3THENSZH4cHwdv2IfviNIqTpnwOrOWWxdevNSc5KjvHN2T17u6v+Ox76hvT9 TSv3O2wGDC3RDpftWFClEssPFMYJWxA7hXQ3hJcBI6Mm9aHC9SnnHPCattCbcSET kjX6NHwJ9WtiEjyep3jQZYcQ7F97CPHWx2kHMDip2h1ey9KZwVeuHRaRJqTcWCSa FtODNa3YNx/aTZ5bANTAjXOcvPWuwlJA6fVHsVBO5hHteuFPF8pwMw== =3E2O -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 16:46:50 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Julian, > -----BEGIN PGP SIGNED MESSAGE----- > > > On 22 Nov 2005, at 16:27, Matt Kettler wrote: > > > Dhawal Doshy wrote: > >> Julian Field writes: > >> > >>>>> If I create a mailscanner.cf in there, and put everything from > >>>>> spam.assassin.prefs.conf in it, and just softlink that > >>>>> mailscanner.cf and spam.assassin.prefs.conf, then does this do > >>>>> the Right Thing (TM)? > >>>> > >>>> > >>>> Why not just ln -f -s > >>>> /MailScannerPath/etc/spamassassin.prefs.conf > >>>> site_rules_path/mailscanner.cf? > >>> > >>> > >>> So all I need to do is add a link to spam.assassin.prefs.conf in > >>> site_rules_path/mailscanner.cf ? This sounds like this whole > >>> entire problem could be solved with 1 soft link. Is that really > >>> all I need to do? > >> > >> > >> I don't think so, time and again Matt has insisted on NOT soft > >> linking sa-prefs.conf to local.cf (and if i understand correctly > >> any *.cf file) a. Due to the problems already discussed in this > >> thread b. SA probably using the same file twice, unless mailscanner > >> ceases to use sa.prefs.conf But, i am obviously not Matt (and am > >> quite likely to misunderstand sa's internal working) and also am > >> sure he prefers to speak for himself. - dhawal > > > > That's a correct analysis. If you soft-link the file, under the > > existing MS code, you'll end up double-parsing the file. > > Sorry, should have said. I will stop using the > spam.assassin.prefs.conf internally in MailScanner. Obviously we > don't want to parse the same file twice. OK, I am back to being happy again :-) (I know easily pleased and it has been a very long afternoon at work) I also think it would be good to rewrite the comments per my other email. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 16:50:14 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 16:38, Anthony Peacock wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> >> On 22 Nov 2005, at 16:15, Anthony Peacock wrote: >> >>> Hi, >>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> On 22 Nov 2005, at 15:58, Anthony Peacock wrote: >>>>> >>>>> However, if people think that manageing two files with such subtle >>>>> differences would be over complicated for the 90% of users that >>>>> want a simple out-of-the-box install. >>>> >>>> I think having 2 files would be more complicated than absolutely >>>> necessary. >>> >>> Fair enough. >>> >>>>> Then I would prefer a >>>>> site_rules_path/mailscanner.conf file with a soft link from the >>>>> spam.assassin.prefs file. >>>> >>>> Should the real file be spam.assassin.prefs.conf or mailscanner.cf? >>>> I am in favour of the real file being spam.assassin.prefs.conf and >>>> the link being mailscanner.cf. That keeps the RPM installer simpler >>>> too. >>> >>> From my perspective it wouldn't make any difference. So I would go >>> with what made the installer easier. >> >> Okay, that's made Anthony happy with a "1 soft link" solution. >> >> ln -s -f /spam.assassin.prefs.conf / >> mailscanner.cf >> >> Now to get clearance from Matt and Rick... > > I have just metophoricaly stepped back from this discussion to look > at the root issue. I actually think that the main problem we have > (and this was raised initially), are caused by the comments at the > top of the current spam.assassin.prefs.conf file. > > The version that I have installed instructs users to disable their > local.cf file. If they already have a working SA setup that is just > going to plain break it. > > The comments also claim that an upgrade to SA would overwrite > settings in the local.cf file. This also is not true. > > So perhaps all we need is some sensible comments in that file, that > point out that settings in this file are for MailScanner only and any > settings that need to be applied site wide should go in local.cf. > And to prune or comment out some of the more eosoteric settings that > Matt commented about earlier. I have 2 preferences. 1) there is only 1 file, it makes life easier for users, and 2) that file (or a link to it) is located somewhere people can find it. I won't parse a file more than once if I can possibly avoid it. Argue it out amongst yourselves. At the moment there are too many threads of this conversation going on at the same time. Try doing this over IRC or something more interactive than a mailing list. Let me know when you have reached some semblance of a conclusion. Feel free to ask me "do you prefer a or b" questions in the mean time, but you guys need to sort it out amongst yourselves. You care about this a whole lot more than I do :-) I'm off home. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4NMSPw32o+k+q+hAQFZ0AgAgV0K9/2JrpJfSpXuyjJQ34usPMoelVgU uq58Dl83wMsnqeT+79iWvLBQpyhsCjHSokMDdXJQu/Z5Al5WpUKEvNqW3HSD0neN 2VrTusaQed6a7pm6/KWmcBb2hn/JdGq7d6eF//lUSB3ydDAWQjD9tP0oKHRKJmcH QdYGkLG1BUBDLNjxrR0kBWW4D489prGiVP+7CUwAuP7Ok481YQ3OmdOBnt6ZjB4c OJFjlaVX2m9KEfcyeZZCJpMXnR17avjzKg1hZ9dp7WFhrWqzpYzv+Ra0gCea3SFS 8fjIkfEIJu4WBPzXmQvhCqHjyEvyZl81T51B9Lhue4wTl7VJi+79mg== =SvSf -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 16:53:43 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 10:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > -----BEGIN PGP SIGNED MESSAGE----- > > > On 22 Nov 2005, at 15:16, Rick Cooper wrote: > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > >> Behalf Of Julian Field > >> Sent: Tuesday, November 22, 2005 9:58 AM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: ending the spam.assassin.prefs.conf madness. > >> > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> > >> On 22 Nov 2005, at 12:00, Rick Cooper wrote: > >>> > >>> Julian, this code works : > >>> > >>> #!/usr/bin/perl > >>> use Mail::SpamAssassin ; > >>> my $test = Mail::SpamAssassin->new(); > >>> my $siterules = $test->{site_rules_filename}; > >>> $siterules ||= $test->first_existing_path > >>> (@Mail::SpamAssassin::site_rules_path); > >>> print "Site Rules Path : $siterules\n"; > >> > >> Presumably, as I need a directory, I don't want to do the > >> site_rules_filename bit. So I end up with just > >> > >> use Mail::SpamAssassin; > >> $a = new Mail::SpamAssassin; > >> print "site rules is \""; > >> print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); > >> print "\"\n"; > >> > >> If I create a mailscanner.cf in there, and put everything from > >> spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf > >> and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? > >> > > > > Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf > > site_rules_path/mailscanner.cf? > > So all I need to do is add a link to spam.assassin.prefs.conf in > site_rules_path/mailscanner.cf ? > > This sounds like this whole entire problem could be solved with 1 > soft link. > Look at the attached and see if it couldn't be easily incorporated into the existing SA.pm. It will allow you to use the MailScanner overrides from spam.assassin.prefs.conf, all the other normal site rules and you don't need any links, mailscanner won't interfere with normal command line stuff and I think/hope every one would be happy. I tested this by running the lint at the end, then moving a copy of /etc/mail/spamassassin to another directory and hard coding that directory as $siterules. ->lint came out no errors. Then I edited local.cf in the new directory (which SA would never look for) and created a bare word lint error and re-ran the code. It showed one lint error so the $test object was indeed ignoring the standard rules dir and using what was fed it through the $test = Mail::SpamAssassin->new({config_text => @lines}); line. Will this satisfy everyone? Of course if you are going to lint your SA install with MailScanner rules then you will have to point to the right rule file, or Julian could whip up a quick lint utility similar to the attached specifically for checking after modifying spam.assassin.prefs.conf, and/or lint at startup every time and output the errors as required. Heck you could probably add yet another config value to let the user decide if spam.assassin.prefs.conf should be in or out of the normal site rules path. :-) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/OCTET-STREAM (Name: "FixMsSiteRules.pl") ] [ 1.6KB. ] [ Unable to print this part. ] From rcooper at DWFORD.COM Tue Nov 22 16:57:07 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 11:13 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > -----BEGIN PGP SIGNED MESSAGE----- > > On 22 Nov 2005, at 15:58, Anthony Peacock wrote: > > > > However, if people think that manageing two files with such subtle > > differences would be over complicated for the 90% of users that want > > a simple out-of-the-box install. > > I think having 2 files would be more complicated than absolutely > necessary. > > > Then I would prefer a > > site_rules_path/mailscanner.conf file with a soft link from the > > spam.assassin.prefs file. > > Should the real file be spam.assassin.prefs.conf or mailscanner.cf? > I am in favour of the real file being spam.assassin.prefs.conf and > the link being mailscanner.cf. That keeps the RPM installer simpler too. > And I would think just one more thing you don't have to change (keeping spam.assassin.prefs.conf) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 17:03:41 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi, As per Julian's suggestion, here is what I think would work. 1. Stop MS parsing the spam.assassin.prefs.conf file. 2. Link to the spam.assassin.prefs.conf file from site_rules_path/mailscanner.cf 3. Update the comments in spam.assassin.prefs.conf file. It is simple, makes it very clear to an admin what is going on, whether they are starting off by looking at the SA config or the MS config. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is a sobering thought, for example, that when Mozart was my age, he had been dead for two years." - Tom Lehrer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 17:04:32 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 11:25 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > [...] > Okay, that's made Anthony happy with a "1 soft link" solution. > > ln -s -f /spam.assassin.prefs.conf / > mailscanner.cf > > Now to get clearance from Matt and Rick... Doesn't matter to me how you go. I was just offering code possibilities and have no real opinion on this. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Tue Nov 22 17:06:28 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Rick, > Look at the attached and see if it couldn't be easily incorporated > into the existing SA.pm. It will allow you to use the MailScanner > overrides from spam.assassin.prefs.conf, all the other normal site > rules and you don't need any links, mailscanner won't interfere with > normal command line stuff and I think/hope every one would be happy. > > I tested this by running the lint at the end, then moving a copy of > /etc/mail/spamassassin to another directory and hard coding that > directory as $siterules. ->lint came out no errors. Then I edited > local.cf in the new directory (which SA would never look for) and > created a bare word lint error and re-ran the code. It showed one lint > error so the $test object was indeed ignoring the standard rules dir > and using what was fed it through the $test = > Mail::SpamAssassin->new({config_text => @lines}); line. > > Will this satisfy everyone? Of course if you are going to lint your SA > install with MailScanner rules then you will have to point to the > right rule file, or Julian could whip up a quick lint utility similar > to the attached specifically for checking after modifying > spam.assassin.prefs.conf, and/or lint at startup every time and output > the errors as required. > > Heck you could probably add yet another config value to let the user > decide if spam.assassin.prefs.conf should be in or out of the normal > site rules path. :-) While this is very slick and would work. I think it is more complicated than is needed. I also think it has the disadvantage of 'hiding' what is going on under the bonnet. With the link solution it would be very obvious to me what was going on, whether I was checking out a problem from a SA perspective or a MS perspective. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If a man empties his purse into his head, no man can take it away from him. An investment in knowledge always pays the best interest." - Benjamin Franklin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 17:21:02 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Anthony Peacock > Sent: Tuesday, November 22, 2005 12:06 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: ending the spam.assassin.prefs.conf madness. > > > Hi Rick, > [...] > While this is very slick and would work. I think it is more > complicated than is needed. I also think it has the disadvantage of > 'hiding' what is going on under the bonnet. > > With the link solution it would be very obvious to me what was going > on, whether I was checking out a problem from a SA perspective or a > MS perspective. I duno about slick but simple is always nice. This was just a possible response to someone's desire to keep the preferences in spam.assassain.prefs.conf from overriding some of the items in the normal local.cf which placing the link in the site rules dir would do. Personally I will do what works best for my situation regardless, I still have two patches I have to apply to each MailScanner release anyway so adding a third if I had to wouldn't matter much to me. My thing is just offering practical examples of a solution(s)) when Julian hits one of these kinds of situations... Kind of like that whole panda_wrapper thing... I don't even use pavcl my self. The link solution seems best to me just thinking about --lint(ing) any changes since you would have to either run spamassassin --lint twice or have MailScanner do it's own lint if spam.assassin.prefs.conf were to be separated from the normal site rules dir. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 18:03:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: spam.assassin.prefs.conf contents Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have tried to split this conversation into a couple of separate threads, so we can all understand where everything is going. Here are all the current settings in spam.assassin.prefs.conf. Please tell me what settings you think should be removed. I am assuming at the point that we keep all of it in 1 file. 1 versus 2 files can go in a separate thread. What of the following settings should definitely be removed? What settings should be added or changed? Please post comments in-line in the posting, don't top post in this thread. Please note these are supposed to produce a good setup on a vaguely-sensibly setup novice system. e.g. How many people run a mail server without DNS? The number has got to be vanishingly small. Please state your reasons for any additions/removals/changes. dns_available yes ok_locales en bayes_file_mode 0770 bayes_ignore_header X-YOURDOMAIN-COM-MailScanner bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information lock_method flock use_auto_whitelist 0 pyzor_path /usr/bin/pyzor dcc_path /usr/local/bin/dccproc rbl_timeout 20 razor_timeout 10 pyzor_timeout 10 envelope_sender_header X-MailScanner-From header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com score FRIEND_GREETINGS 100.0 header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com score FRIEND_GREETINGS2 100.0 uri IE_VULN /%([01][0-9a-f]|7f).*@/i score IE_VULN 100.0 describe IE_VULN Internet Explorer vulnerability score RCVD_IN_RSL 0 -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 18:06:11 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: spam.assassin.prefs.conf split into 2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I think this is a bad idea, and it should be kept as 1 file for ease of use. I am going to have to hear very good reasons to split this file into 2. As MailScanner calls SpamAssassin as the same user all the time, people only using SA through MS have no real concept of what is a per-user setting and what is not. They will never know which file to put a setting into, and will probably put it in both to be sure. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 18:09:41 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:15 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If we accept that we are having 1 file and a link to it, which should be the real file? The /spam.assassin.prefs.conf will not be read directly by MailScanner, the /mailscanner.cf will be read by SpamAssassin as part of its normal initialisation. /spam.assassin.prefs.conf is the real file? or /mailscanner.cf is the real file? I prefer the first one as it makes the installation a lot easier to do automatically. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 22 18:16:41 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:15 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Julian Field > Sent: Tuesday, November 22, 2005 1:10 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: spam.assassin.prefs.conf real file location > > > If we accept that we are having 1 file and a link to it, which should be > the real file? > The /spam.assassin.prefs.conf will not be read directly > by MailScanner, the /mailscanner.cf will be read by > SpamAssassin as part of its normal initialisation. > > /spam.assassin.prefs.conf is the real file? > or > /mailscanner.cf is the real file? > > I prefer the first one as it makes the installation a lot easier to do > automatically. > I vote for the first. Makes sense in a multitude of ways and keeps MailScanner's files where they should be for upgrades and such. Of course there would have to be a note some where that the link should be removed is MailScanner is removed manually Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Nov 22 18:38:59 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:31:15 2006 Subject: Lots of SpamAssassin timeouts today Message-ID: Not sure if anything is going on, but I’ve noticed today that I have been seeing a lot of SpamAssassin timeouts on my server today: Nov 22 10:30:22 mail MailScanner[29761]: SpamAssassin timed out and was killed, failure 2 of 20 Anyone else noticed this today at all? Anyone have any ideas on what could be going on? Thanks, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hoff.milo at GMAIL.COM Tue Nov 22 18:49:43 2005 From: hoff.milo at GMAIL.COM (Milo Hoffman) Date: Thu Jan 12 21:31:15 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/22/05, Julian Field wrote: If we accept that we are having 1 file and a link to it, which should be the real file? The /spam.assassin.prefs.conf will not be read directly by MailScanner, the /mailscanner.cf will be read by SpamAssassin as part of its normal initialisation. /spam.assassin.prefs.conf is the real file? or /mailscanner.cf is the real file? I prefer the first one as it makes the installation a lot easier to do automatically. I would prefer the first one. Mostly because we have been used to it till now. Any change might lead to a considerable amount of confusion amongst the existing users. Milo ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hoff.milo at GMAIL.COM Tue Nov 22 18:51:24 2005 From: hoff.milo at GMAIL.COM (Milo Hoffman) Date: Thu Jan 12 21:31:15 2006 Subject: spam.assassin.prefs.conf contents Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/22/05, Julian Field wrote: uri IE_VULN /%([01][0-9a-f]|7f).*@/i score IE_VULN 100.0 describe IE_VULN Internet Explorer vulnerability I would better remove this one. This gave me FP a lot of time. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Nov 22 19:41:17 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:15 2006 Subject: Lots of SpamAssassin timeouts today Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jason Williams wrote: > Not sure if anything is going on, but I^Òve noticed today that I have > been seeing a lot of SpamAssassin timeouts on my server today: > It's usually DNS related or can be resolved with increasing the timeout. I think it's covered in the wiki / maq somewhere -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Nov 22 19:47:37 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:15 2006 Subject: Lots of SpamAssassin timeouts today Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michele Neylon:: Blacknight.ie > Sent: Tuesday, November 22, 2005 2:41 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Lots of SpamAssassin timeouts today > > Jason Williams wrote: > > Not sure if anything is going on, but I've noticed today that I have > > been seeing a lot of SpamAssassin timeouts on my server today: > > > > It's usually DNS related or can be resolved with increasing the timeout. > I think it's covered in the wiki / maq somewhere > > -- > Mr Michele Neylon Probably not related but there is a LOT of virus activity today. One client reports: Processed: 25,082 1.2Gb Clean: 8,937 35.6% Viruses: 12,945 51.6% High load can also cause SpamAssassin timeouts. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jwilliams at COURTESYMORTGAGE.COM Tue Nov 22 19:53:08 2005 From: jwilliams at COURTESYMORTGAGE.COM (Jason Williams) Date: Thu Jan 12 21:31:15 2006 Subject: Lots of SpamAssassin timeouts today Message-ID: -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney Sent: Tuesday, November 22, 2005 11:48 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Lots of SpamAssassin timeouts today > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michele Neylon:: Blacknight.ie > Sent: Tuesday, November 22, 2005 2:41 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Lots of SpamAssassin timeouts today > > Jason Williams wrote: > > Not sure if anything is going on, but I've noticed today that I have > > been seeing a lot of SpamAssassin timeouts on my server today: > > > > It's usually DNS related or can be resolved with increasing the timeout. > I think it's covered in the wiki / maq somewhere > > -- > Mr Michele Neylon > >Probably not related but there is a LOT of virus activity today. One client >reports: > > Processed: 25,082 1.2Gb > Clean: 8,937 35.6% > Viruses: 12,945 51.6% > >High load can also cause SpamAssassin timeouts. > >Steve Can DNS timeouts cause a higher load on the server than normal? I've noticed a little bit higher load average than normal on the server today? I think a new virus came out yesterday or today. I see a lot of rejects from cia.gov with a .exe. ClamAV picks it up as mytop of some sort. Thanks, Jason ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vachanta at GMAIL.COM Tue Nov 22 19:53:28 2005 From: vachanta at GMAIL.COM (Venkata Achanta) Date: Thu Jan 12 21:31:15 2006 Subject: virus e-mails again Message-ID: Since yesterday morning we are getting hit by lots of virus e-mail with .exe attachments. File-packed_da.exe, File-packed_dataInfo.exe At Mon Nov 21 22:03:08 2005 the virus scanner said: Executable DOS/Windows programs are dangerous in email (File-packed_da.exe) Attachment is too small The user community is in panic. i sent out a broadcast e-mail letting the users know about the virus outbreak and blah blah. These are not getting scored high enough to be categorized as spam. Users are getting tonnes of messages with just the attachments stripped. Right now i am collecting subject lines to put together a SA rule set. Any other suggestions are welcome in the mean time. more info: http://www.ironport.com/toc/toc_viruses.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 22 19:48:57 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:15 2006 Subject: spam.assassin.prefs.conf contents Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > I have tried to split this conversation into a couple of separate > threads, so we can all understand where everything is going. > > Here are all the current settings in spam.assassin.prefs.conf. > Please tell me what settings you think should be removed. > I am assuming at the point that we keep all of it in 1 file. 1 versus 2 > files can go in a separate thread. > > What of the following settings should definitely be removed? > What settings should be added or changed? > ok_locales en Leave in but comment out. It seems a bit far-fetched to assume most MS users are English-only. SA defaults to all, and that seems the only sensible default. (Most people assume they don't ever need mail in xzy language or from xyz country, but later find that their purchasing dept is working to contract with a foreign company that sends them a bi-lingual email. Pretty much all Internet connected companies are by far more global than their admins think.) > bayes_file_mode 0770 Leave in but Comment out. This serves no useful purpose in the absence of bayes_path, which is commented out. > rbl_timeout 20 > razor_timeout 10 > pyzor_timeout 10 Remove or comment out. The razor and pyzor settings match the SA default, so they aren't really doing anything. While that's not harmful, it's not really useful either. However, the RBL timeout is LONGER than the SA default of 15, which is highly undesirable for MS users. > score RCVD_IN_RSL 0 Comment out, but add a comment for SA 3.0.0-3.0.4 users to see. 3.1.0 lacks this rule, and 3.0.5 will also likely lack it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Tue Nov 22 19:56:19 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:16 2006 Subject: virus e-mails again Message-ID: If you were running ClamAV or Sophos, you'd be detecting these as a Sober variant. Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Venkata Achanta > Sent: Tuesday, November 22, 2005 1:53 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: virus e-mails again > > Since yesterday morning we are getting hit by lots of virus > e-mail with .exe attachments. > > File-packed_da.exe, File-packed_dataInfo.exe > > At Mon Nov 21 22:03:08 2005 the virus scanner said: > Executable DOS/Windows programs are dangerous in email > (File-packed_da.exe) > Attachment is too small > > The user community is in panic. i sent out a broadcast e-mail > letting the users know about the virus outbreak and blah blah. > > These are not getting scored high enough to be categorized as > spam. Users are getting tonnes of messages with just the > attachments stripped. > > Right now i am collecting subject lines to put together a SA rule set. > > Any other suggestions are welcome in the mean time. > > more info: > > http://www.ironport.com/toc/toc_viruses.html > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 20:04:09 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: Lots of SpamAssassin timeouts today Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is a new virus that F-Secure phoned me about today. F-Secure call it Sober.Y. Jason Williams wrote: >-----Original Message----- >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >Behalf Of Stephen Swaney >Sent: Tuesday, November 22, 2005 11:48 AM >To: MAILSCANNER@JISCMAIL.AC.UK >Subject: Re: Lots of SpamAssassin timeouts today > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Michele Neylon:: Blacknight.ie >>Sent: Tuesday, November 22, 2005 2:41 PM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Lots of SpamAssassin timeouts today >> >>Jason Williams wrote: >> >> >>>Not sure if anything is going on, but I've noticed today that I have >>>been seeing a lot of SpamAssassin timeouts on my server today: >>> >>> >>> >>It's usually DNS related or can be resolved with increasing the >> >> >timeout. > > >>I think it's covered in the wiki / maq somewhere >> >>-- >>Mr Michele Neylon >> >>Probably not related but there is a LOT of virus activity today. One >> >> >client > > >>reports: >> >> Processed: 25,082 1.2Gb >> Clean: 8,937 35.6% >> Viruses: 12,945 51.6% >> >>High load can also cause SpamAssassin timeouts. >> >>Steve >> >> > >Can DNS timeouts cause a higher load on the server than normal? > >I've noticed a little bit higher load average than normal on the server >today? > >I think a new virus came out yesterday or today. I see a lot of rejects >from cia.gov with a .exe. ClamAV picks it up as mytop of some sort. > >Thanks, > >Jason > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Eric.Jacobs at THOMASTECHSOLUTIONS.COM Tue Nov 22 20:04:41 2005 From: Eric.Jacobs at THOMASTECHSOLUTIONS.COM (Jacobs, Eric (ThomasTech)) Date: Thu Jan 12 21:31:16 2006 Subject: Lots of SpamAssassin timeouts today Message-ID: > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Stephen Swaney > Sent: Tuesday, November 22, 2005 11:48 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Lots of SpamAssassin timeouts today > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Michele Neylon:: Blacknight.ie > > Sent: Tuesday, November 22, 2005 2:41 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Lots of SpamAssassin timeouts today > > > > Jason Williams wrote: > > > Not sure if anything is going on, but I've noticed today > that I have > > > been seeing a lot of SpamAssassin timeouts on my server today: > > > > > > > It's usually DNS related or can be resolved with increasing the > timeout. > > I think it's covered in the wiki / maq somewhere > > > > -- > > Mr Michele Neylon > > > >Probably not related but there is a LOT of virus activity today. One > client > >reports: > > > > Processed: 25,082 1.2Gb > > Clean: 8,937 35.6% > > Viruses: 12,945 51.6% > > > >High load can also cause SpamAssassin timeouts. > > > >Steve > > Can DNS timeouts cause a higher load on the server than normal? > > I've noticed a little bit higher load average than normal on > the server > today? > > I think a new virus came out yesterday or today. I see a lot > of rejects > from cia.gov with a .exe. ClamAV picks it up as mytop of some sort. > > Thanks, > > Jason > > ------------------------ MailScanner list ------------------------ I'm getting hit with a lot of theses viruses (Clamav sees them as SOBER.U). What might be upping the CPU load is that spamassassin is also seeing them as SPAM. (And, of course, in my case, I've set up sendmail to split multiple recipients into separate e-mails, thus multiplying the load manyfold since these viruses have many, many recipients in each message) Eric Jacobs Thomas Technology Solutions, Inc. One Progress Dr Horsham, PA 19044 215-682-5354 eric.jacobs@thomastechsolutions.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 22 20:11:25 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:16 2006 Subject: virus e-mails again Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Venkata Achanta wrote: > Since yesterday morning we are getting hit by lots of virus e-mail > with .exe attachments. > > File-packed_da.exe, File-packed_dataInfo.exe > > At Mon Nov 21 22:03:08 2005 the virus scanner said: > Executable DOS/Windows programs are dangerous in email > (File-packed_da.exe) > Attachment is too small > > The user community is in panic. i sent out a broadcast e-mail letting the > users know about the virus outbreak and blah blah. > > These are not getting scored high enough to be categorized as spam. Users > are getting tonnes of messages with just the attachments stripped. > > Right now i am collecting subject lines to put together a SA rule set. Good luck with that. The current sober/mytob strains are mutating rapidly. Be sure to make your subject rules deal with the variant subjects that use underscores instead of spaces. > > Any other suggestions are welcome in the mean time. It's really a shame that MS currently only has one "Silent Viruses" option which pairs with "Still deliver silent viruses". Unfortunately, in this day and age, anything but "All-Viruses" in the "Silent Viruses" option is asking for trouble. So you ultimately have the choice of all or nothing for local user notification. Yes, the "non forging viruses" offers a way around this, but that also causes the sender to be notified, not such a good idea for most viruses. Ideally I'd like to have 3 categories: non-forging - notify sender and recipient "sender silent" - notify recipient but not sender "double Silent" - notify neither (but notify postmaster if enabled) This way I could list macros as non-forging viruses, list things like the mtob and sober worms in "double silent" and leave everything else in "sender silent" so the recipients get warnings about them. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 22 20:23:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: virus e-mails again Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Noted. No guarantees though. Matt Kettler wrote: > >Ideally I'd like to have 3 categories: > > non-forging - notify sender and recipient > "sender silent" - notify recipient but not sender > "double Silent" - notify neither (but notify postmaster if enabled) > > >This way I could list macros as non-forging viruses, list things like the mtob >and sober worms in "double silent" and leave everything else in "sender silent" >so the recipients get warnings about them. > > -- -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Tue Nov 22 20:29:26 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf contents Message-ID: Hi All, > dns_available yes This is rather a difficult one - on a mail gateway, no DNS is going to cause rather a lot of problems. By setting this to yes it seems to save 3 DNS lookups on every message processed in a batch (I've just looked at Dns.pm). The only time this is going to be useful is if DNS is temporarily unavailable and SA would automatically disable RBL checks rather than timeout each lookup, but you've still got the initial 3 lookups to timeout first and MailScanner might timeout SA before it finishes anyway. > bayes_file_mode 0770 Remove or comment out - this was for MailWatch and Exim/Postfix users only. > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamCheck > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-SpamScore > bayes_ignore_header X-YOURDOMAIN-COM-MailScanner-Information These should stay but be commented-out with instructions. It's a shame we can't automatically add these at run-time being as MailScanner will have these settings in memory. e.g. When SA loads add a bayes_ignore_header config item for each header value in MailScanner.conf. > envelope_sender_header X-MailScanner-From Keep - this is required for SPF checks, again as above it's a shame we can't do this a run-time. > > header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i > describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com > score FRIEND_GREETINGS 100.0 > header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i > describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com > score FRIEND_GREETINGS2 100.0 Remove - this is old now. > > uri IE_VULN /%([01][0-9a-f]|7f).*@/i > score IE_VULN 100.0 > describe IE_VULN Internet Explorer vulnerability Remove - old, and has caused FP's in the past. My 2p. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Tue Nov 22 23:07:19 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:16 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I consider spamassassin and all the other tools prerequisites, so I tend to install it *before* mailscanner. -----BEGIN PGP SIGNED MESSAGE----- On 22 Nov 2005, at 15:16, Rick Cooper wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On >> Behalf Of Julian Field >> Sent: Tuesday, November 22, 2005 9:58 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: ending the spam.assassin.prefs.conf madness. >> >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> >> On 22 Nov 2005, at 12:00, Rick Cooper wrote: >>> >>> Julian, this code works : >>> >>> #!/usr/bin/perl >>> use Mail::SpamAssassin ; >>> my $test = Mail::SpamAssassin->new(); >>> my $siterules = $test->{site_rules_filename}; >>> $siterules ||= $test->first_existing_path >>> (@Mail::SpamAssassin::site_rules_path); >>> print "Site Rules Path : $siterules\n"; >> >> Presumably, as I need a directory, I don't want to do the >> site_rules_filename bit. So I end up with just >> >> use Mail::SpamAssassin; >> $a = new Mail::SpamAssassin; >> print "site rules is \""; >> print $a->first_existing_path (@Mail::SpamAssassin::site_rules_path); >> print "\"\n"; >> >> If I create a mailscanner.cf in there, and put everything from >> spam.assassin.prefs.conf in it, and just softlink that mailscanner.cf >> and spam.assassin.prefs.conf, then does this do the Right Thing(TM)? >> > > Why not just ln -f -s /MailScannerPath/etc/spamassassin.prefs.conf > site_rules_path/mailscanner.cf? So all I need to do is add a link to spam.assassin.prefs.conf in site_rules_path/mailscanner.cf ? This sounds like this whole entire problem could be solved with 1 soft link. Is that really all I need to do? >> So people expecting to find spam.assassin.prefs.conf will still have >> it, but the real file will be in mailscanner.cf in the >> site_rules_path directory. >> >> When they upgrade by RPM, what should I do? Once they have the >> mailscanner.cf in place, it's easy. It's the first upgrade to the new >> structure that I have to handle carefully. Any ideas? >> > > Wouldn't the above handle this also? At the very least the rpm install > scripts could add the link. Or When MailScanner loads it could look > for a > soft link at site_rules_path/mailscanner.cf and create it then. It would be easy for the rpm install script to run a short Perl script which output the pathname where the soft-link has to go. I would rather not do it at run-time, it is very difficult to not do it if you need to not do it for some reason. The only problem left is that people normally install MailScanner before installing SpamAssassin. Which package should it go into? I suspect the answer is both. Should be easy enough. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4M/nvw32o+k+q+hAQGvqQf/XXTt1QrZqHrBObfwZ2DFg6m3d+f55ozt hkWlL8M/reQ3oy2OXjtBzxPYyC1L4bRRRdUeItKr930RchfRjC/iuezPFp91ZB4j by7DS2FoTHh3JPzKr8xqZtLYccrO2eD9j9Z93DMutSfFoLlguBkLBtbD5mFTObZq rTzPezziPebfH4DnmsK3n+hlIeSL3mdqFhCQdyo5eMEk/agLb+CFXK43PKz2/Aar WXEYG0AjBhXWHbrE56W0cqmYrWYrtGHTI1CPwtdOOVGWX2B5be6GjepP79N0bnwa 1Ltn2XqeQqXob8N1A4ICjGSsvBpoAzCUaA9/bB41MblWiTSuGaWa/Q== =zC0b -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Nov 22 23:31:24 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Tue, 22 Nov 2005 18:09:41 +0000: > If we accept that we are having 1 file and a link to it, which should be > the real file? > The /spam.assassin.prefs.conf will not be read directly > by MailScanner, the /mailscanner.cf will be read by > SpamAssassin as part of its normal initialisation. > > /spam.assassin.prefs.conf is the real file? > or > /mailscanner.cf is the real file? > > I prefer the first one as it makes the installation a lot easier to do > automatically. Reading the sa-talk list as well I find that people quite often get confused with spam.assassin.prefs.conf hanging around in a different area than /etc/mail/spamassassin. And they train Bayes etc. and then later ask on the list why it doesn't kick in. Usually, because they trained with the wrong user or because SA was using the wrong prefs file (it's own). Same goes for running spamassassin against a mail. Usually this will result in different results then via MailScanner. They don't know that they have to specify the prefs file if they use SA or any of its tools outside of MailScanner. I use the /etc/mail/spamassassin/local.cf file as the spamassassin prefs file for MailScanner in all my installations. That completely eliminates all these problems. I don't see a reason why it should not be used. If you provide a "well-behaving" prefs file you should rename the old local.cf (I think SA scans only files with extension of *.cf in that directory) and put yours there. This provides for a clean setup where everyone knows where the configuration resides. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Nov 22 23:56:00 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf split into 2 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Tue, 22 Nov 2005 18:06:11 +0000: > I think this is a bad idea completely agree. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Tue Nov 22 23:56:00 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf contents Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Tue, 22 Nov 2005 18:03:46 +0000: > bayes_file_mode 0770 Hm, I use 0666. What about bayes_path? Also, bayes_learn_to_journal 1 is a good option in my eyes. > use_auto_whitelist 0 Seems to have been moved to plugins in 3.1, so may throw an error. > pyzor_path /usr/bin/pyzor > dcc_path /usr/local/bin/dccproc Pyzor, razor and dcc are optional, many people don't use them. > header FRIEND_GREETINGS Subject =~ /you have an E-Card from/i > describe FRIEND_GREETINGS Nasty E-card from FriendGreetings.com > score FRIEND_GREETINGS 100.0 > header FRIEND_GREETINGS2 Subject =~ /you have a greeting card from/i > describe FRIEND_GREETINGS2 Nasty E-card from FriendGreetings.com > score FRIEND_GREETINGS2 100.0 > > uri IE_VULN /%([01][0-9a-f]|7f).*@/i > score IE_VULN 100.0 > describe IE_VULN Internet Explorer vulnerability Remove all the above, this has nothing to do with MailScanner or SA in general. > score RCVD_IN_RSL 0 It's not part of any newer SA version, so may actually throw an error. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ecs.soton.ac.uk Wed Nov 23 09:43:56 2005 From: mailscanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: Beta 4.48.2 released Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I have just released 4.48.2. This release uses the new method of handling the spam.assassin.prefs.conf file as discussed over the past few days. spam.assassin.prefs.conf is no longer read specially by the MailScanner code, it is read as normal like any other *.cf file by SpamAssassin during its initialisation. So when testing it you don't have to specify the file specially any more, it will get found automatically. The install.sh scripts create the soft-link for you if they can find your copy of SpamAssassin. For those who install MailScanner followed by SpamAssassin, the SpamAssassin ClamAV+SA package will attempt to install the link as well, so it should work whichever route you use. The full ChangeLog is this: * New Features and Improvements * - - Upgraded ClamAV to 0.87.1. - - Improved Sophos wrapper script to allow for EM library installations. No support for Sophos V5.0 yet. - - Enabled blocking of messages containing web bugs. Note this may have some false alarms, as a web bug is any image of 2x2 or smaller. - - Changed ClamAV parser to not generate warning output when it sees lines it wasn't expected, as there are so many false positives that no-one ever looks at them anyway. - - Added HTML::Parser to the list of Perl modules installed by my ClamAV+SA package so it can be used separately from MailScanner, without needing MailScanner to be installed first. - - Rearranged SpamAssassin spam.assassin.prefs.conf file, it is now read by SpamAssassin via a link called "mailscanner.cf" in the site_rules directory. It is no longer read directly by MailScanner, it is just read by Spam- Assassin during its normal initialisation process. - - Improved Clam+SA package and other installation scripts to create the soft- link whenever possible. - - Rewritten comments at the top of spam.assassin.prefs.conf. * Fixes * - - Added "report-type" MIME attribute to spam notification multipart/ report messages as the RFC says it should be there, and this lacking caused a problem in a few email apps. Thanks for Georg@hackt.net for this. - - Added missing ", 0777" from mkdir call in internal TNEF code. - - Fixed startup problems reading rulesets from LDAP on first message batch. - - Subject lines are all MIME-decoded properly now. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4Q53vw32o+k+q+hAQG95AgAlrC9BKo/vQw42QxQbc0EKPyeN61c4rhL TJxe0sETwO6swzK5G5ictxlIYoox+i20xc5vR7mfuQnYA3h93ooMnlLawWMjANnw oWRGDs8T9FccF20oeeLXGC/FYhyIYXnirtFnjUe7EuD1ZeY9SBTeDNuTx4LJO1RU 3GWUKwZu9GKbDwy7XYODYwdOarjXUlDf3fZTeHugSS/kP9stDPxjkJ3WEq5JeUeV V6qIrxPmFzMH66OocEsLyfa1ra3JrTDih/asnP/9SzzTPRNKwf7EJOITEhKAKmQk 9HdYTnjw5xjCdWzvlaDgdIZDRqi01b7oZb5k0H0+S/8WlRc4EWkdcw== =72+v -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at soton.ac.uk Wed Nov 23 11:26:21 2005 From: G.Pentland at soton.ac.uk (Pentland G.) Date: Thu Jan 12 21:31:16 2006 Subject: RAZOR2 - license stuff Message-ID: For those of you that are confused about Razor licensing... > http://wiki.apache.org/spamassassin/UsingRazor > > http://sourceforge.net/mailarchive/forum.php?thread_id=8989676&forum_id= 4258 Hope that is useful to someone, Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Nov 23 12:15:25 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello, With the recent Sober outbreak I have just noticed that ClamAV does not appear to be scanning. I'm using both bitdefender and ClamAV and bitdefender is listed as having detected the virus/worm but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. Any ideas why clam isn't scanning? Settings related - MailScanner.conf: Virus Scanners = clamavmodule bitdefender virus.scanners.conf: bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc clamav /usr/lib/MailScanner/clamav-wrapper /usr/local clamavmodule /bin/false /tmp Thanks, Rod -- Rodney Green Network/Security Administrator Trayer Products, Inc. rgreen@trayerproducts.com 607-734-8124 Ext. 343 Security+ Certified Honor the Fallen -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Image/JPEG 8.8KB. ] [ Unable to print this part. ] From a.peacock at CHIME.UCL.AC.UK Wed Nov 23 11:14:36 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf split into 2 Message-ID: Hi, > I think this is a bad idea, and it should be kept as 1 file for ease > of use. I am going to have to hear very good reasons to split this > file into 2. > > As MailScanner calls SpamAssassin as the same user all the time, > people only using SA through MS have no real concept of what is a > per-user setting and what is not. They will never know which file to > put a setting into, and will probably put it in both to be sure. I can't think of a good reason to have two files. The only time you might want this is if you wanted to tweak some settings only when MS was running, but I really can't see an occasion where this would be likely. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If a man empties his purse into his head, no man can take it away from him. An investment in knowledge always pays the best interest." - Benjamin Franklin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 23 11:13:11 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: Hi, > Julian Field wrote on Tue, 22 Nov 2005 18:09:41 +0000: > > > If we accept that we are having 1 file and a link to it, which > > should be the real file? The > > /spam.assassin.prefs.conf will not be read directly > > by MailScanner, the /mailscanner.cf will be read by > > SpamAssassin as part of its normal initialisation. > > > > /spam.assassin.prefs.conf is the real file? > > or > > /mailscanner.cf is the real file? > > > > I prefer the first one as it makes the installation a lot easier to > > do automatically. > > Reading the sa-talk list as well I find that people quite often get > confused with spam.assassin.prefs.conf hanging around in a different > area than /etc/mail/spamassassin. And they train Bayes etc. and then > later ask on the list why it doesn't kick in. Usually, because they > trained with the wrong user or because SA was using the wrong prefs > file (it's own). Same goes for running spamassassin against a mail. > Usually this will result in different results then via MailScanner. > They don't know that they have to specify the prefs file if they use > SA or any of its tools outside of MailScanner. I use the > /etc/mail/spamassassin/local.cf file as the spamassassin prefs file > for MailScanner in all my installations. That completely eliminates > all these problems. I don't see a reason why it should not be used. If > you provide a "well-behaving" prefs file you should rename the old > local.cf (I think SA scans only files with extension of *.cf in that > directory) and put yours there. This provides for a clean setup where > everyone knows where the configuration resides. Please do NOT delete any existing local.cf files. That would instantly break my SA configuration, which has a lot of stuff in local.cf to do with SQL Bayes settings, etc. I vote for option one above, but leave anything else in the site_rules_path alone. By naming the MS file mailscanner.cf, it will be processed after the local.cf file anyway. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ All sweeping generalisations are false. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Nov 23 12:54:31 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've noticed the same thing. MS 4.47.1, Clam 0.87.1, in my case. clamavmodule picks up phishing stuff and old viruses, but not much else. I've never found it comforting that Mail::ClamAV (0.17) fails half of its self-tests. I've just switched from clamavmodule to clamav in my MailScanner settings. I'll see how that goes. Jeff Earickson Colby College On Wed, 23 Nov 2005, Rodney Green wrote: > Date: Wed, 23 Nov 2005 07:15:25 -0500 > From: Rodney Green > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: clamavmodule > > Hello, > > With the recent Sober outbreak I have just noticed that ClamAV does not > appear to be scanning. I'm using both bitdefender and ClamAV and > bitdefender is listed as having detected the virus/worm but ClamAV is > not. I'm using clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. > Any ideas why clam isn't scanning? > > Settings related - > > MailScanner.conf: >     Virus Scanners = clamavmodule bitdefender > > virus.scanners.conf: >     bitdefender     /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc >     clamav          /usr/lib/MailScanner/clamav-wrapper     /usr/local >     clamavmodule    /bin/false                              /tmp >     > > Thanks, > Rod > -- > Rodney Green Network/Security Administrator > Trayer Products, Inc. > rgreen@trayerproducts.com > 607-734-8124 Ext. 343 > Security+ Certified > > Honor the Fallen > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 23 13:20:09 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:16 2006 Subject: Test mail, please ignore Message-ID: As said, please ignore ... I'm just trying to see (with telnet) what's preventing my messages to go to the list...Sigh. -- Glenn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 23 13:27:01 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:16 2006 Subject: Test mail, please ignore Message-ID: Hi, This got to the list. However, one of the JISCMAIL servers had a disk full error again this morning. > As said, please ignore ... I'm just trying to see (with telnet) what's > preventing my messages to go to the list...Sigh. > > -- Glenn > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "If a man empties his purse into his head, no man can take it away from him. An investment in knowledge always pays the best interest." - Benjamin Franklin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Nov 23 13:29:41 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:31:16 2006 Subject: Test mail, please ignore Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 23/11/05, Glenn Steen wrote: > As said, please ignore ... I'm just trying to see (with telnet) what's preventing my messages to go to the list...Sigh. > > -- Glenn > And now I know... Probably someone else have already mentioned this... Tempfail on kili.jiscmail.ac.uk ... Sigh. Since this is unlikely to reach the list I'll mail Jules too. Couldn't we move the list to something a bit more reliable? ("We" in this case would be Jules ... and possibly Mr Michele Neylon:) Transcript of communication with kili: # telnet kili.jiscmail.ac.uk 25 Trying 130.246.192.52... Connected to kili.jiscmail.ac.uk (130.246.192.52). Escape character is '^]'. 220 kili.jiscmail.ac.uk ESMTP JISCmail mailer; Wed, 23 Nov 2005 13:23:39 GMT EHLO aa.nn.se 250-kili.jiscmail.ac.uk Hello xxxx [xxxxxxxx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL from: 452 4.4.5 Insufficient disk space; try again later quit 452 4.4.5 Insufficient disk space; try again later quit 221 2.0.0 kili.jiscmail.ac.uk closing connection Connection closed by foreign host. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martelm at QUARK.VSC.EDU Wed Nov 23 13:38:44 2005 From: martelm at QUARK.VSC.EDU (Michael H. Martel) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: --On November 23, 2005 7:54:31 AM -0500 "Jeff A. Earickson" wrote: > else. I've never found it comforting that Mail::ClamAV (0.17) > fails half of its self-tests. I've just switched from clamavmodule > to clamav in my MailScanner settings. I'll see how that goes. In the for what it's worth department, I don't trust the ClamAV Module and have been using plain clamv for over two years now. It's worked well and finds things without a problem. Michael -- --------------------------------o--------------------------------- Michael H. Martel | Systems Administrator michael.martel@vsc.edu | Vermont State Colleges http://www.vsc.edu/~michael | PH:802-241-2544 FX:802-241-3363 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed Nov 23 14:27:49 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Michael H. Martel > Sent: Wednesday, November 23, 2005 7:39 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamavmodule > > --On November 23, 2005 7:54:31 AM -0500 "Jeff A. Earickson" > wrote: > > > else. I've never found it comforting that Mail::ClamAV > (0.17) fails > > half of its self-tests. I've just switched from clamavmodule to > > clamav in my MailScanner settings. I'll see how that goes. > > In the for what it's worth department, I don't trust the > ClamAV Module and have been using plain clamv for over two > years now. It's worked well and finds things without a problem. > > > Michael > > -- Conversely, I use clamavmodule on my hosts as well as sophossavi and both seem to work just fine. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 23 14:38:01 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:16 2006 Subject: OT : DNSBLs Message-ID: As there still seems to be some confusion about what DNSBLs do etc., I've written a short piece which hopefully will explain the basics: http://www.mneylon.com/blog/archives/2005/11/23/what-is-a-blacklist-dispelli ng-the-myths/ I would appreciate feedback. Please address feedback to me directly via the comments section or via email to my non-work address TIA Michele Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tac.forums at GMAIL.COM Wed Nov 23 10:46:05 2005 From: tac.forums at GMAIL.COM (TAC Forums) Date: Thu Jan 12 21:31:16 2006 Subject: any idea why this mail might still have got marked as spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I have a message in which the spam.whitelist.rules has the following line From: *@domain.com yes But when the person sent the mail to me it has these tags marked. X-MailScanner-SpamCheck: spam, SBL+XBL X-MailScanner-SpamScore: ssss Any idea why this mail might still have got marked as spam? Regards -- TAC Support Team ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Nov 23 14:57:32 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Rodney Green Sent: Wednesday, November 23, 2005 7:15 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: clamavmodule Hello, With the recent Sober outbreak I have just noticed that ClamAV does not appear to be scanning. I'm using both bitdefender and ClamAV and bitdefender is listed as having detected the virus/worm but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. Any ideas why clam isn't scanning? Settings related - MailScanner.conf: Virus Scanners = clamavmodule bitdefender virus.scanners.conf: bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc clamav /usr/lib/MailScanner/clamav-wrapper /usr/local clamavmodule /bin/false /tmp Thanks, Rod -- [Rick Cooper] There was a discussion about this, I believe yesterday, on the clam users list and one of the authors posted a change in configs that allowed the person with the issue to start tagging the virus. I believe the author's concern was with a maxrecursion level of 1 and suggested at least 8. I am not sure how the ClamAV module handles the recursion depth or if you have your MailScanner set at less than 8. I have nothing to test with here. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 23 15:02:21 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:16 2006 Subject: any idea why this mail might still have got marked as spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do you have it after the "fromorto: default no" line? I don't know if the order is important (should be), but I always make sure the defaults are at the bottom. TAC Forums wrote: >Hi > >I have a message in which the spam.whitelist.rules has the following line > >From: *@domain.com yes > >But when the person sent the mail to me it has these tags marked. > >X-MailScanner-SpamCheck: spam, SBL+XBL >X-MailScanner-SpamScore: ssss > >Any idea why this mail might still have got marked as spam? > >Regards >-- >TAC Support Team > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rgreen at TRAYERPRODUCTS.COM Wed Nov 23 14:17:51 2005 From: rgreen at TRAYERPRODUCTS.COM (Rodney Green) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michael H. Martel wrote: > --On November 23, 2005 7:54:31 AM -0500 "Jeff A. Earickson" > wrote: > >> else. I've never found it comforting that Mail::ClamAV (0.17) >> fails half of its self-tests. I've just switched from clamavmodule >> to clamav in my MailScanner settings. I'll see how that goes. > > In the for what it's worth department, I don't trust the ClamAV Module > and have been using plain clamv for over two years now. It's worked > well and finds things without a problem. > I've switched to clamav and it did detect the latest sober variant. Thanks guys! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 23 15:16:38 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I also use the clamav-milter on my servers; most of the time *no* viruses ever reach my MailScanner anyways. Rodney Green wrote: > Michael H. Martel wrote: > >> --On November 23, 2005 7:54:31 AM -0500 "Jeff A. Earickson" >> wrote: >> >>> else. I've never found it comforting that Mail::ClamAV (0.17) >>> fails half of its self-tests. I've just switched from clamavmodule >>> to clamav in my MailScanner settings. I'll see how that goes. >> >> >> In the for what it's worth department, I don't trust the ClamAV >> Module and have been using plain clamv for over two years now. It's >> worked well and finds things without a problem. >> > I've switched to clamav and it did detect the latest sober variant. > Thanks guys! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Nov 23 15:22:41 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Rodney Green Sent: Wednesday, November 23, 2005 7:15 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: clamavmodule Hello, With the recent Sober outbreak I have just noticed that ClamAV does not appear to be scanning. I'm using both bitdefender and ClamAV and bitdefender is listed as having detected the virus/worm but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. Any ideas why clam isn't scanning? Settings related - MailScanner.conf: Virus Scanners = clamavmodule bitdefender virus.scanners.conf: bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc clamav /usr/lib/MailScanner/clamav-wrapper /usr/local clamavmodule /bin/false /tmp Thanks, Rod [Rick Cooper] Ok I noted a couple of things that could cause a problem. MailScanner.conf ClamAVmodule Maximum Recursion Level should be at least 8, don't know what the default is ClamAVmodule Maximum Compression Ratio should be at least 250, don't know what the default is Apply the following patch, if Julian ok's it of course, to SweepViruses.pm. It adds CL_SCAN_BLOCKBROKEN() because, apparently, if this is not set it may not handle several viruses correctly. The clam author (tomitz?) was mostly concerned about the user's maxrecursion being below 8 and flatly state at his current setting (I think it was one) Clam would miss a large number of malware. Julian, do you think CL_SCAN_BLOCKBROKEN() should be a default or a config option. Broken PE files are pretty much always malware anyway. ================================= Cut below ========== --- SweepViruses.pm Wed Nov 23 10:08:36 2005 +++ SweepVirusesClamFix.pm Wed Nov 23 10:09:10 2005 @@ -1023,15 +1023,17 @@ $results = $Clam->scan("$dirname/$childname/$filename", Mail::ClamAV::CL_SCAN_STDOPT() | Mail::ClamAV::CL_SCAN_ARCHIVE() | Mail::ClamAV::CL_SCAN_PE() | + Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | Mail::ClamAV::CL_SCAN_OLE2()); } else { $results = $Clam->scan("$dirname/$childname/$filename", Mail::ClamAV::CL_SCAN_STDOPT() | Mail::ClamAV::CL_SCAN_ARCHIVE() | Mail::ClamAV::CL_SCAN_PE() | Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | + Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | Mail::ClamAV::CL_SCAN_OLE2()); } unless ($results) { ======================== End Cut ====================== Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Wed Nov 23 15:25:36 2005 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Alex Neuman van der Hans wrote: > I also use the clamav-milter on my servers; most of the time *no* > viruses ever reach my MailScanner anyways. > > Rodney Green wrote: > >> Michael H. Martel wrote: >> >>> --On November 23, 2005 7:54:31 AM -0500 "Jeff A. Earickson" >>> wrote: >>> >>>> else. I've never found it comforting that Mail::ClamAV (0.17) >>>> fails half of its self-tests. I've just switched from clamavmodule >>>> to clamav in my MailScanner settings. I'll see how that goes. >>> >>> >>> >>> In the for what it's worth department, I don't trust the ClamAV >>> Module and have been using plain clamv for over two years now. It's >>> worked well and finds things without a problem. >>> >> I've switched to clamav and it did detect the latest sober variant. >> Thanks guys! >> I can second that, my highest virus level was 700 a few months ago. Yesterday I caught 4000+ and today looks to beat that number already. I am processing about 80 to 100k messages a day after RBLs. ClamAV has caught everything so far. DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Wed Nov 23 15:30:34 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Rodney Green > Sent: Wednesday, November 23, 2005 9:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamavmodule > > > Michael H. Martel wrote: > > --On November 23, 2005 7:54:31 AM -0500 "Jeff A. Earickson" > > wrote: > > > >> else. I've never found it comforting that Mail::ClamAV (0.17) > >> fails half of its self-tests. I've just switched from clamavmodule > >> to clamav in my MailScanner settings. I'll see how that goes. > > > > In the for what it's worth department, I don't trust the ClamAV Module > > and have been using plain clamv for over two years now. It's worked > > well and finds things without a problem. > > > I've switched to clamav and it did detect the latest sober variant. > Thanks guys! > > -- For the community, if you have something to test with, could you check your MS settings I listed in the previous message and also apply the patch to SweepViruses.pm and see if you catch it with clamavmodule afterwards? I cannot remember the last virus that made it past smtp as I use Exim with Exiscan and scan at SMTP with clam, bitdefender and f-prot so viruses are dropped before by the end of the DATA phase and never get "written to disk" Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Nov 23 15:31:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:16 2006 Subject: Beta 4.48.2 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote on Wed, 23 Nov 2005 09:43:56 +0000: > The install.sh scripts create the soft-link for you if they can find > your copy of SpamAssassin. So, what happens if someone doesn't use install.sh but only the MailScanner*.rpm? As I understand then you don't create anything in the SA site rules directory? Which means I can upgrade MS without interfering with other packages? Good. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Wed Nov 23 15:31:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote on Wed, 23 Nov 2005 11:13:11 -0000: > That would instantly break my SA configuration, which has a lot of > stuff in local.cf to do with SQL Bayes settings, etc. > > I vote for option one above, but leave anything else in the > site_rules_path alone. By naming the MS file mailscanner.cf, it will > be processed after the local.cf file anyway. And might break your local.cf settings consequently as well. I have the same setup as you and use the local.cf for both SA and MS. My suggestion aimed at preventing problems with such a setup. I agree that renaming the old local.cf creates a problem as long as you haven't renamed it back. If you want to avoid any problems the only way is to add a file with *no* cf suffix to that directory and tell users to compare it with local.cf or rename to local.cf if they want to use it. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 23 15:42:20 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:16 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: Hi, > Anthony Peacock wrote on Wed, 23 Nov 2005 11:13:11 -0000: > > > That would instantly break my SA configuration, which has a lot of > > stuff in local.cf to do with SQL Bayes settings, etc. > > > > I vote for option one above, but leave anything else in the > > site_rules_path alone. By naming the MS file mailscanner.cf, it > > will be processed after the local.cf file anyway. > > And might break your local.cf settings consequently as well. I have > the same setup as you and use the local.cf for both SA and MS. My > suggestion aimed at preventing problems with such a setup. I agree > that renaming the old local.cf creates a problem as long as you > haven't renamed it back. If you want to avoid any problems the only > way is to add a file with *no* cf suffix to that directory and tell > users to compare it with local.cf or rename to local.cf if they want > to use it. I understand your point, and this wouldn't really affect me as I don't use the installer anyway. But I am fundamentally opposed to a piece of software removing (even by renaming) the configuration information of an existing piece of software. I think doing it this way (moving current configs) is less obvious and more prone to breaking a currently working system, than adding an additional config file. It will also be obvious that this file is there. The way the discussion is moving about the contents of the spam.assassin.prefs.conf file there is going to be little in it that would override the sort of system wide settings that generally get put in the local.cf file. In fact it looks like a lot of it is going to be commented out with instructions about why you might want to uncomment lines. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 23 15:52:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This release may be significantly faster than previous releases. Please give this version a try and tell me how you get on with it, whether it works and whether it works any faster. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== =PtM7 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Wed Nov 23 16:41:05 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: > Julian Field <> said on 23 November 2005 15:53: > > >>-----BEGIN PGP SIGNED MESSAGE----- >> >>This release may be significantly faster than previous releases. >> >>Please give this version a try and tell me how you get on with it, >>whether it works and whether it works any faster. >> > > What have you changed ? :) see: http://www.sng.ecs.soton.ac.uk/mailscanner/ChangeLog - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 23 16:44:16 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Michele Neylon :: Blacknight Solutions wrote: > >> Julian Field <> said on 23 November 2005 15:53: >> >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> >>> This release may be significantly faster than previous releases. >>> >>> Please give this version a try and tell me how you get on with it, >>> whether it works and whether it works any faster. >> >> >> What have you changed ? :) > > > see: http://www.sng.ecs.soton.ac.uk/mailscanner/ChangeLog > - Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode. > Tee-ooh-neigh-eee-saahhp-ahht-tohh--eee (in somewhat mispronounced cantonese, kind of like Serenity's use of mandarin)... ;) What does "Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode" for non-programmers? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 23 16:27:57 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: Julian Field <> said on 23 November 2005 15:53: > -----BEGIN PGP SIGNED MESSAGE----- > > This release may be significantly faster than previous releases. > > Please give this version a try and tell me how you get on with it, > whether it works and whether it works any faster. > What have you changed ? :) Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 23 16:41:12 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >Julian Field <> said on 23 November 2005 15:53: > > > >> >> >What have you changed ? :) > > > > I almost asked the same myself, but there's an old spanish proverb that says "when you get a miracle, ask not the name of the saint who granted it" or something like that (sounds a lot more poetic and Ben Franklin-like in the original spanish) ... "Sepa el milagro y no el Santo" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Wed Nov 23 17:01:32 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: > What does "Speed improvement changing &POSIX::WNOHANG to WNOHANG in sub Explode" for non-programmers? A badly written rap lyric ? :) Cheers Chris The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Wed Nov 23 16:06:54 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:31:16 2006 Subject: broken /usr/bin/file behaviour Message-ID: Whoever wrote libmagic seems to be a fan of the BBC comedy "Are you being served?" create an ascii file that begins: I'm free and then run /usr/bin/file against it. It is reported as: Apple QuickTime movie file (free) Does this count as a bug - it has certainly bugged one of my users who has had his email blocked as a result. GREG -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 23 17:35:04 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: Alex Neuman van der Hans <> said on 23 November 2005 16:44: > > What does "Speed improvement changing &POSIX::WNOHANG to WNOHANG in > sub Explode" for non-programmers? > I'd be happy with a "what does that mean for thus of us who don't speak fluent Perl?"? Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 23 17:29:11 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: Hi Julian, This works fine for me on Solaris 8. Caveat. I don't use your install script, so I wasn't able to test the new SpamAssassin cf file checking stuff. Although I have manually added the link from /etc/mail/spamassassin/mailscanner.cf to /opt/MailScanner/etc/spam.assassin.prefs.conf so I can confirm that that works OK. > -----BEGIN PGP SIGNED MESSAGE----- > > This release may be significantly faster than previous releases. > > Please give this version a try and tell me how you get on with it, > whether it works and whether it works any faster. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP > tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf > Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ > /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I > vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP > YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== > =PtM7 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Truth often suffers more from the heat of its defenders than from the arguments of its opposers. -William Penn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 23 18:05:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: broken /usr/bin/file behaviour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The "file" command is very clever, but it doesn't get the answer right 100% of the time, only about 99.99% of the time. It looks at the characters at the beginning of the file to infer what type of content is in the file, ignoring its filename altogether. It really is a work of art, it just cannot guarantee to get it right all the time. File it as a bug in the "file" command, they should be able to expand the "magic" file (which holds the detection signature table) so that it successfully deduces that this file is in fact a text file and not a QuickTime movie (a very short one :-) Greg Matthews wrote: >Whoever wrote libmagic seems to be a fan of the BBC comedy "Are you >being served?" > >create an ascii file that begins: >I'm free > >and then run /usr/bin/file against it. It is reported as: >Apple QuickTime movie file (free) > >Does this count as a bug - it has certainly bugged one of my users who >has had his email blocked as a result. > >GREG > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Wed Nov 23 18:14:08 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:16 2006 Subject: MailScanner on freebsd Message-ID: I have just reviewed this doc http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml I have verified that all directories have been created. Output /var/spool drwxr-x--- 4 root daemon 512 Oct 18 09:31 MailScanner drwxrwx--- 2 smmsp smmsp 512 Nov 23 10:35 clientmqueue drwxr-x--- 2 root daemon 1024 Nov 23 10:35 mqueue drwxr-x--- 5 root daemon 512 Nov 22 15:16 mqueue.in Output of /var/spool/MailScanner drwxr-x--- 7 root daemon 512 Nov 21 17:14 incoming drwxr-x--- 2 root daemon 512 Oct 18 09:31 quarantine According to the section "Change Commands that start Sendmail" Two sendmail processes are needed in order for MailScanner and sendmail to function. On FreeBSD 5.4, sendmail on boot up is loading by /etc/rc.sendmail with defaults specified under /etc/defaults/rc.conf. In order to have two sendmail processes load at startup, would I have to modify the /etc/rc.conf to override sendmail defaults by adding: #Modified /etc/rc.conf would have these lines. #This would take care of the first sendmail process. sendmail_enable="YES" sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in" #Startup second sendmail process points to /var/spool/mqueue /usr/sbin/sendmail -L sm-mta -bd -q15m Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> Marc.Dufresne@PARKS.ON.CA 11/21/2005 7:08 PM >>> Sendmail is working!!!! I had to modify the DAEMON_OPTIONS in my mc file in order to have sendmail listen on any address (0.0.0.0) instead of just my public address. Recompiled sendmail, then it worked. Issuing a sendmail -v root >> Marc.Dufresne@PARKS.ON.CA 11/21/2005 12:18 pm >>> No sendmail -v root >> brent.bolin@GMAIL.COM 11/21/2005 11:57 AM >>> Don't go there yet!. Is sendmail working ? sendmail -v root wrote: > > I found this doc > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > Sendmail.cf incoming QueueDirectory is setup to > /var/spool/mqueue. > Are these the right permissions? > > Here is the output from ls -l /var/spool > > drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner > drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue > drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue > drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in > > MailScanner.conf is setup as > > Incoming Queue Dir = /var/spool/mqueue > Outgoing Queue Dir = /var/spool/mqueue > > # Set where to unpack incoming messages before scanning them > Incoming Work Dir = /var/spool/MailScanner/incoming > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming > > # Set where to store infected and message attachments > Quarantine Dir = /var/spool/MailScanner/quarantine > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> > Don't care about private discussions. The list exiled me when I called > someone a "Dipswitch". > > Pretty harsh words ya think ? > > Do you show this? > > # ps auxwww|grep sendmail > root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting > connections (sendmail) > root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/mqueue (sendmail) > smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/clientmqueue (sendmail) > root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail > > Sounds to me like your sendmail submit isn't running. > > Also attaching a valid submit.cf > file > > Make sure your using both the sendmail.cf < > http://sendmail.cf> and > submit > files I'm sending you. > > > On 11/21/05, Marc Dufresne wrote: > > > > My apologies for the private discussions. Didn't realize I posted to > the > > forum. > > > > Sendmail is running on port 25. Sendmail is acting as a Relay for my > > domain. I have no problem sending/receiving internet e-mail. The two > > problems I am having are: > > > > 1- MailScanner doesn't seem to be scanning inbound mail. > > > > 2- local mail sent to root and postmaster is not being delivered. > The > > /var/spool/clientmqueue is backing up with e-mails sent to root and > > postmaster. > > > > Here's what /var/spool/maillog is saying > > > > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, > > delay=10:33:28, > > xdelay=00:00:00, mailer=relay, pri=1023910, > relay=[127.0.0.1 > > ], > > dsn=4.0.0, stat=Deferred: Connection refused by > [127.0.0.1 > > ] > > > > I issued the command sendmail -v root I'm > > receiving. > > > > root....connecting to [127.0.0.1 ] > via relay > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > I have modified my /etc/mail/access to reflect > > > > 127.0.0.1 RELAY > > localhost.localdomain RELAY > > localhost RELAY > > > > Issued a makemap hash /etc/mail/access.db < /etc/mail/access. > Restarted > > sendmail and still receive the Connection Refused error. > > > > Any ideas? > > > > I want to fix problem 2 first, eliminating the connection refused > > errors. Then I want to move onto the MailScanner problem. > > > > > > Marc Dufresne, Corporate IT Officer > > St. Lawrence Parks Commission > > 13740 County Road 2 > > Morrisburg, ON K0C 1X0 > > > > E-mail: Marc.Dufresne@parks.on.ca > > Voice: 613-543-3704 Ext#2455 > > Fax: 613-543-2847 > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> > > Marc Dufresne wrote: > > > Couldn't download any of your sample files. None of the links to > > your > > > files work. > > > > Looking a the links, I'm not surprised. > > > > The way you are quoting is making it very hard to follow. Please > avoid > > > > having private discussions while using a public mailing list and > don't > > > > top-post. > > > > > > > > From the command line, if I issue sendmail -v root > > I receive this error, > > > > > > root....connecting to [127.0.0.1 ] > via relay > > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > Is sendmail running? > > > > On what port/IP is it running on? > > > > > > > > What files do I need to modify under /etc/mail? > > > > > > > Are you familiar with Sendmail or other MTAs? > > > > Regards, > > > > Ugo > > > > > > > > Marc Dufresne, Corporate IT Officer > > > St. Lawrence Parks Commission > > > 13740 County Road 2 > > > Morrisburg, ON K0C 1X0 > > > > > > E-mail: Marc.Dufresne@parks.on.ca > > > Voice: 613-543-3704 Ext#2455 > > > Fax: 613-543-2847 > > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > > >>>> BB 11/20/2005 9:38 PM >>> > > > Marc, > > > > > > I have attached working sendmail.mc < > http://sendmail.mc> < > > http://sendmail.mc> and > > > sendmail.cf < > http://sendmail.cf>files along > with > > /etc/rc.conf > > startup. > > > There are a number of things in the > > > rc.conf that you don't need just use the sendmail portion for > > examples. > > > BTW > > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf > > does > > > not > > > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > > > > > The first thing is to get a working copy of sendmail running. Make > > > your > > > edits to /etc/rc.conf with the examples sent. > > > > > > Copy sendmail.cf < > http://sendmail.cf> > /etc/mail > > > > > > Verify no sendmail processes are running and if they are kill the > > pid > > > of > > > them. Verify again they are gone. > > > > > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > > > sendmail. > > > Send your self a test message from the MTA level - > > > > > > sendmail -v root > > > > > This should send a test mesage to root with no subject and > > undisclosed > > > recipients. Thats fine all we want to know is if sendmail is > > running. > > > Its > > > also a good test to check the header files. > > > > > > If its working thats great, move on to MailScanner. I've included > a > > > working > > > copy of a mailscanner.conf file. There are some things configured > > that > > > you > > > might not be using, but all the directores are in place and are > set > > to > > > defaults. > > > > > > Virus scanners set to none if not using (I'm using three) > > > Spamassassin set to no if not using (I'm using 3.1.0_3) > > > Uncomment the whitlist and blacklist file rules, I'm using > > > SQLblacklist/whitelists > > > > > > I've included another file called directories.needed. Just run, it > > > will > > > create them if they don't exist > > > > > > This should be enough to get you going. Remember you need to get > > > sendmail > > > running first. I didn't or never have used the Makefile included > > with > > > the > > > distribution. I use the m4 macro on the configuration file *.mc or > > just > > > use > > > webmin. Its in the ports or can be downloaded from > > > webmin.com > > > . > > > > > > It does not make sense to me why sendmail is running if it is > marked > > > to > > > "NONE". If that dosen't do it mark the first instance with NONE > and > > all > > > the > > > others with NO > > > > > > BTW: There is also a nice webmin modual for MailScanner. Once > setup > > > things > > > don't change much other then whitelists/blacklists. The latest > > version > > > of > > > mailwatch can do this hence > > > > > > Is Definitely Not Spam = &SQLWhitelist > > > Is Definitely Spam = &SQLBlacklist > > > > > > > > > Hang on for the ride... > > > > > > > > > > > > On 11/20/05, Marc Dufresne wrote: > > >> I am going to explain my understanding of the MailScanner setup. > > > Please > > >> reveiw and let me know if I'm understanding this correctly? > > >> > > >> When MailScanner.conf is configured, the following parameters > > should > > > be > > >> set if I'm using sendmail on FreeBSD 5.4: > > >> > > >> #MTA used for the Gateway > > >> MTA=sendmail > > >> > > >> #Set how to invoke MTA when sending messages MailScanner has > > created > > >> (e.g. to sender/recipient saying "found a virus in your > message"). > > > This > > >> can also be the filename of a ruleset. > > >> sendmail=/usr/sbin/sendmail > > >> > > >> #Incoming mail queue directory for Sendmail > > >> Incoming Queue Directory=/var/spool/mqueue > > >> > > >> #Outgoing mail queue directory for Sendmail > > >> Outgoing Queue Directory=/var/spool/mqueue > > >> > > >> #Incoming Queue Directory for MailScanner > > >> /var/spool/MailScanner/incoming > > >> > > >> #Quarantine Directory for MailScanner > > >> /var/spool/MailScanner/quaratine > > >> > > >> System Startup should be as follows: > > >> > > >> 1) #Disable sendmail from loading at system startup > > >> modify /etc/rc.conf to disable sendmail load > > >> > > >> > > > > > > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > > > > > > > > >> > > >> Section 23.4.2.3 > FreeBSD > 5.0-STABLEand Later > > >> > > >> /etc/rc.conf > > >> > > >> sendmail_enable="NO" > > >> sendmail_submit_enable="NO" > > >> sendmail_outbound_enable="NO" > > >> sendmail_msp_queue_enable="NO" > > >> > > >> 2) #Load MailScanner at system startup. > > >> #Make sure mailscanner.sh file is located under > /usr/local/etc/rc.d > > >> in order to load MailScannner process at startup. Mailscanner.sh > > > should > > >> invoke sendmail and mailscanner process to start > > scanning/delivering > > >> mail. > > >> > > >> /usr/local/etc/rc.d/mailscanner.sh > > >> _________________________________ > > >> > > >> First Problem > > >> > > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > > >> everything. Sendmail still loads at startup??????? > > >> > > >> Second Problem > > >> > > >> Once system is completly loaded and sitting at the login prompt, > I > > >> receive an error > > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind > > >> address already in use > > >> > > >> I login, and run ps -ax (This is what I see) > > >> > > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > > >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > > >> /var/spool/client > > >> > > >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/mqueue > > >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/client > > >> > > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl > > >> -I/usr/local/lib/MailScanner /usr/local > > >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> > > >> Third Problem > > >> > > >> I run tail -f /var/log/maillog > > >> > > >> I will send test e-mails from the outside and watch sendmail > > receive > > >> and process incoming mail. Everyone receives e-mails from the > > > outside, > > >> but mailscanner does not scan any messages. > > >> > > >> I will issue a mailq to view /var/spool/mqueue directory. > Directory > > > is > > >> always empty. > > >> > > >> I'm completely stumped here as to why Sendmail refuses to disable > > at > > >> startup and MailScanner refuses to scan e-mail messages!!!!! > > >> > > >> Any ideas???? > > >> > > >> > > >> Marc Dufresne, Corporate IT Officer > > >> St. Lawrence Parks Commission > > >> 13740 County Road 2 > > >> Morrisburg, ON K0C 1X0 > > >> > > >> E-mail: Marc.Dufresne@parks.on.ca > > >> Voice: 613-543-3704 Ext#2455 > > >> Fax: 613-543-2847 > > >> Corporate website: www.parks.on.ca < > http://www.parks.on.ca> < > > http://www.parks.on.ca> > > >> > > >>>>> BB 11/19/2005 12:38 AM >>> > > >> Don't know if they ever got the list fixed for my replies, so I'm > > > doing > > >> it > > >> direct and through the list. > > >> > > >> Change /etc/rc.conf or /etc/defaults/rc.conf > > >> sendmail_enable=NONE > > >> > > >> Verify mailscanner is starting up with > > > /usr/local/etc/rc.d/mailscanner > > >> .sh > > >> > > >> Think you need to manually create some of the directores. Verify > > >> MailScanner.conf for directories. > > >> > > >> tail -f /var/log/maillog will show you the details > > >> > > >> The only reason to rebuild sendmail.cf < > http://sendmail.cf> < > > http://sendmail.cf> > > > > >>> is to > > >> remove > > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good > > >> choice to > > >> use. > > >> > > >> # SMTP daemon options > > >> > > >> O DaemonPortOptions=Name=IPv4, Family=inet > > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > > >> O DaemonPortOptions=Port=587, Name=MSA, M=E > > >> > > >> > > >> -- > > >> ACK and you shall receive > > >> > > >> > > >> > > > > > > > > > -- > > > ACK and you shall receive > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > BEGIN:VCARD > > > VERSION:2.1 > > > X-GWTYPE:USER > > > FN:Marc Dufresne > > > TEL;WORK:613-543-3704 > > > ORG:;Information Technology > > > TEL;PREF;FAX:613-543-2847 > > > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > > > N:Dufresne;Marc > > > TITLE:Corporate IT Officer > > > END:VCARD > > > > > > > > > -- > > Ugo > > > > -> Please don't send a copy of your reply by e-mail. I read the > list. > > -> Please avoid top-posting, long signatures and HTML, and cut the > > irrelevant parts in your replies. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From MailScanner at ecs.soton.ac.uk Wed Nov 23 17:54:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: Test mail, please ignore Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: >On 23/11/05, Glenn Steen wrote: > > >>As said, please ignore ... I'm just trying to see (with telnet) what's preventing my messages to go to the list...Sigh. >> >>-- Glenn >> >> >> >And now I know... Probably someone else have already mentioned this... >Tempfail on kili.jiscmail.ac.uk ... Sigh. Since this is unlikely to >reach the list I'll mail Jules too. > >Couldn't we move the list to something a bit more reliable? ("We" in >this case would be Jules ... and possibly Mr Michele Neylon:) > >Transcript of communication with kili: ># telnet kili.jiscmail.ac.uk 25 >Trying 130.246.192.52... >Connected to kili.jiscmail.ac.uk (130.246.192.52). >Escape character is '^]'. >220 kili.jiscmail.ac.uk ESMTP JISCmail mailer; Wed, 23 Nov 2005 13:23:39 GMT >EHLO aa.nn.se >250-kili.jiscmail.ac.uk Hello xxxx [xxxxxxxx], pleased to meet you >250-ENHANCEDSTATUSCODES >250-PIPELINING >250-8BITMIME >250-SIZE >250-DSN >250-ETRN >250-DELIVERBY >250 HELP >MAIL from: >452 4.4.5 Insufficient disk space; try again later >quit >452 4.4.5 Insufficient disk space; try again later > I am investigating when their contract is up for renewal, this may all solve itself very soon, and I don't want to move if it will solve itself soon anyway. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 23 17:48:15 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: clamavmodule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] That sounds good to me. Will all be in the next release. Rick Cooper wrote: > > > -----Original Message----- > *From:* MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]*On Behalf Of *Rodney Green > *Sent:* Wednesday, November 23, 2005 7:15 AM > *To:* MAILSCANNER@JISCMAIL.AC.UK > *Subject:* clamavmodule > > Hello, > > With the recent Sober outbreak I have just noticed that ClamAV > does not appear to be scanning. I'm using both bitdefender and > ClamAV and bitdefender is listed as having detected the virus/worm > but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, > ClamAV version 0.87.1. Any ideas why clam isn't scanning? > > Settings related - > > MailScanner.conf: > Virus Scanners = clamavmodule bitdefender > > virus.scanners.conf: > bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > clamav /usr/lib/MailScanner/clamav-wrapper /usr/local > clamavmodule /bin/false /tmp > > > Thanks, > Rod > > [Rick Cooper] > > Ok I noted a couple of things that could cause a problem. > MailScanner.conf > > ClamAVmodule Maximum Recursion Level should be at least 8, don't > know what the default is > ClamAVmodule Maximum Compression Ratio should be at least 250, > don't know what the default is > > Apply the following patch, if Julian ok's it of course, to > SweepViruses.pm. It adds CL_SCAN_BLOCKBROKEN() because, > apparently, if this is not set it may not handle several viruses > correctly. The clam author (tomitz?) was mostly concerned about > the user's maxrecursion being below 8 and flatly state at his > current setting (I think it was one) Clam would miss a large > number of malware. > > Julian, do you think CL_SCAN_BLOCKBROKEN() should be a default or > a config option. Broken PE files are pretty much always malware > anyway. > > ================================= Cut below ========== > --- SweepViruses.pm Wed Nov 23 10:08:36 2005 > +++ SweepVirusesClamFix.pm Wed Nov 23 10:09:10 2005 > @@ -1023,15 +1023,17 @@ > $results = $Clam->scan("$dirname/$childname/$filename", > Mail::ClamAV::CL_SCAN_STDOPT() | > Mail::ClamAV::CL_SCAN_ARCHIVE() | > Mail::ClamAV::CL_SCAN_PE() | > + Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | > Mail::ClamAV::CL_SCAN_OLE2()); > } else { > $results = $Clam->scan("$dirname/$childname/$filename", > Mail::ClamAV::CL_SCAN_STDOPT() | > Mail::ClamAV::CL_SCAN_ARCHIVE() | > Mail::ClamAV::CL_SCAN_PE() | > > Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | > + Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | > Mail::ClamAV::CL_SCAN_OLE2()); > } > > unless ($results) { > ======================== End Cut ====================== > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by *MailScanner* , and is > believed to be clean. > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joshua.hirsh at PARTNERSOLUTIONS.CA Wed Nov 23 19:12:05 2005 From: joshua.hirsh at PARTNERSOLUTIONS.CA (Joshua Hirsh) Date: Thu Jan 12 21:31:16 2006 Subject: broken /usr/bin/file behaviour Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > and then run /usr/bin/file against it. It is reported as: > Apple QuickTime movie file (free) > > Does this count as a bug - it has certainly bugged one of my users who > has had his email blocked as a result. I've personally disabled a few of the quicktime checks as they catch on regular messages quite often. You might want to comment out these five lines in your magic file (/usr/share/magic or /usr/share/file/magic on RHEL3/4 systems respectively): 4 string free Apple QuickTime movie file (free) 4 string junk Apple QuickTime movie file (junk) 4 string skip Apple QuickTime movie file (skip) 4 string wide Apple QuickTime movie file (wide) 4 string pict Apple QuickTime movie file (pict) The problem is that these patterns (column #3) are matched starting at the 4th character within the file. During my testing (ie: randomly downloading quicktime movies to check which type they were), a majority of them were matched under the first four patterns listed in the magic file (moov, mdat, ftyp, pnot), and not the ones listed above that I disabled. There was also one other that matched AVI's quite frequently, but I can't find it anymore. As an example of messages that match against these patterns, emails that start with the following as the first line will get triggered: The pictures The junk Its wide I'm free ..etc...etc.. As always, YMMV. Cheers, -Joshua ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 23 18:02:31 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight Solutions wrote: >Alex Neuman van der Hans <> said on 23 November 2005 16:44: > > > >>What does "Speed improvement changing &POSIX::WNOHANG to WNOHANG in >>sub Explode" for non-programmers? >> >> >> > >I'd be happy with a "what does that mean for thus of us who don't speak >fluent Perl?"? > > Very little, apparently :-) Someone has made a significant speed improvement on 1 architecture by replacing the parameter to the waitpid() called &POSIX::WNOHANG with WNOHANG. This is all in the subroutine called Explode which opens up email attachments and turns them into normal files that can be scanned for viruses and so on. So I have made the same change (in 2 places in the same subroutine) in the main code and released it as a new minor version to see if others see a similar speed improvement. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at YAHOO.COM Wed Nov 23 19:20:39 2005 From: micoots at YAHOO.COM (Michael Mansour) Date: Thu Jan 12 21:31:16 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, > --On November 22, 2005 11:41:15 AM +0000 Anthony > Peacock > wrote: > > Anthony, > > > I would be graetful if people could check this, > and try it on other > > systems. > > This seems to work on my RedHat 7.3 boxes with SA > 3.10 > > #./t1 > site rules is "/etc/mail/spamassassin" > # > > ># !/usr/local/bin/perl > > > > use Mail::SpamAssassin; > > $a = new Mail::SpamAssassin; > > > > print "site rules is \""; > > print $a->first_existing_path > (@Mail::SpamAssassin::site_rules_path); > > print "\"\n"; I tested this on FC2: # ./t1 site rules is "/etc/mail/spamassassin" FC1: # ./t1 site rules is "/etc/mail/spamassassin" SL41: # ./t1 site rules is "/etc/mail/spamassassin" After changing the perl path to /usr/bin. All works fine. Regards, Michael. ____________________________________________________ Do you Yahoo!? Yahoo! News: Get the latest news via video today! http://au.news.yahoo.com/video/ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 23 19:36:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I hope we can pretty much consider this discussion closed at this point. Please try the latest beta and see what you think. The installation is done by the mailscnner RPM file in the 2 RPM distributions, and by the install.sh in the TAR distribution. I decided it would be neater to do it in the RPM distribution for the vast majority of RPM users. The ClamAV+SA installation package also make several attempts at finding the right place to put the link in, and warns you about it if it fails to find one. So whether you install MS then SA or the other way round, it should work okay if you use my install.sh files. Even if you install the RPMs manually it will still work. In the rare situation that it ends up with a link pointing at a non-existent file, SA will just make a minor complaint and carry on, so it will still work. But it may not lint correctly, which IMHO is a suitable behaviour. I have also re-written the comments at the top of spam.assassin.prefs.conf completely so they are rather more suitable for the new setup. Hopefully we're all there now. Jules. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dave.list at PIXELHAMMER.COM Wed Nov 23 21:34:39 2005 From: dave.list at PIXELHAMMER.COM (DAve) Date: Thu Jan 12 21:31:16 2006 Subject: OT: Senderbase Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good afternoon, I take a look each week at senderbase to check and see what others think my network is sending out in terms of mail volume. I generally find it helpful. http://senderbase.org Anyone else using that report? I ask because I have two IPs showing up there as having excessively high mail volumes, yet the IPs they list have port 25 blocked at the client router. I have send two emails to support@senderbase.org and received no replys so far. Am I spinning my wheels here? DAve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Wed Nov 23 23:08:01 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:31:16 2006 Subject: any idea why this mail might still have got marked as spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] TAC Forums wrote: > Hi > > I have a message in which the spam.whitelist.rules has the following line > > From: *@domain.com yes > > But when the person sent the mail to me it has these tags marked. > > X-MailScanner-SpamCheck: spam, SBL+XBL > X-MailScanner-SpamScore: ssss > > Any idea why this mail might still have got marked as spam? Are you sure that you're looking at the right address, the envelope sender? The From-address shown in your mail client is often something else than the actual address which MailScanner uses. -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jeff.Mills at POCOLD.COM.AU Wed Nov 23 23:12:56 2005 From: Jeff.Mills at POCOLD.COM.AU (Jeff Mills) Date: Thu Jan 12 21:31:16 2006 Subject: any idea why this mail might still have got marked as spam? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] In my spam.whitelist.rules, for an entire domain, I use: From: @domain.com yes I do not use the "*". I'm not sure whether this will make any difference, but perhaps your system is actually looking for the email address of "*@domain.com". > > I have a message in which the spam.whitelist.rules has the > following line > > > > From: *@domain.com yes > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Thu Nov 24 01:41:55 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:31:16 2006 Subject: MailScanner on freebsd Message-ID: > According to the section "Change Commands that start Sendmail" > > Two sendmail processes are needed in order for MailScanner and sendmail > to function. On FreeBSD 5.4, sendmail on boot up is loading by > /etc/rc.sendmail with defaults specified under /etc/defaults/rc.conf. > > In order to have two sendmail processes load at startup, would I have > to modify the /etc/rc.conf to override sendmail defaults by adding: > ># Modified /etc/rc.conf would have these lines. > ># This would take care of the first sendmail process. > sendmail_enable="YES" > sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn > -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in" > ># Startup second sendmail process points to /var/spool/mqueue > /usr/sbin/sendmail -L sm-mta -bd -q15m Did you install the port? #pkg_info -Lx MailScanner | grep rc.d /usr/local/etc/rc.d/mailscanner.sh.sample /usr/local/etc/rc.d/mta.sh.sample If you have installed mailscanner from ports you should have the above files which you may need to rename to *.sh If you for some reason do not want to use the port, you may still take a look at those files here: #ls /usr/ports/mail/mailscanner/files/ or through the ports-cgi at freebsd.org -- Lars ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Nov 24 01:56:15 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:16 2006 Subject: Beta 4.48.2 and SA prefs flap Message-ID: I've been semi-following the flurry of emails about spam.assassin.prefs.conf, and Julian's beta changes. Maybe "MailScanner -v" should spit out what it thinks the SA prefs files it is using are? Per the Perl snippet posted earlier this week? And I'll put forth a plea for my Time::HiRes changes to MessageBatch.pm, posted Nov 4, for this month's edition. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Nov 24 02:06:17 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:16 2006 Subject: OT: Senderbase Message-ID: Hi, Yes, I check them for our domain periodically, especially if we are having spambot outbreak problems. Their information is generally useful BUT it is not updated in strictly daily fashion like they indicate. I have killed listed spambots and had them linger with a non-zero daily magnitude for several days afterwords. I sent senderbase email queries (about this topic and other things). They will respond eventually -- but not quickly. IMHO, generally useful info but nothing like "real time" info. Jeff Earickson Colby College On Wed, 23 Nov 2005, DAve wrote: > Date: Wed, 23 Nov 2005 16:34:39 -0500 > From: DAve > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: Senderbase > > Good afternoon, > > I take a look each week at senderbase to check and see what others think my > network is sending out in terms of mail volume. I generally find it helpful. > > http://senderbase.org > > Anyone else using that report? I ask because I have two IPs showing up there > as having excessively high mail volumes, yet the IPs they list have port 25 > blocked at the client router. > > I have send two emails to support@senderbase.org and received no replys so > far. Am I spinning my wheels here? > > DAve > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Wed Nov 23 17:44:09 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Changed calling WNOHANG from the function Explode using it's package name to a style more reminiscent of a Perl built-in. This somehow gained him a speed increase. If I had to venture a guess. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Thu Nov 24 09:02:07 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:31:16 2006 Subject: Test mail, please ignore Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 23/11/05, Julian Field wrote: > > > Glenn Steen wrote: > (snip) > >Couldn't we move the list to something a bit more reliable? ("We" in > >this case would be Jules ... and possibly Mr Michele Neylon:) > > (snip) > > > I am investigating when their contract is up for renewal, this may all > solve itself very soon, and I don't want to move if it will solve itself > soon anyway. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > Fair enough, we'll try to endure:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se From martinh at SOLID-STATE-LOGIC.COM Thu Nov 24 09:26:54 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:16 2006 Subject: MailScanner on freebsd Message-ID: There's a very good MS in the ports tree, you may find it 'easier' to use that. It will amend (or tell you) the startup files etc etc -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Marc Dufresne > Sent: 23 November 2005 18:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] MailScanner on freebsd > > I have just reviewed this doc > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > I have verified that all directories have been created. > > Output /var/spool > > drwxr-x--- 4 root daemon 512 Oct 18 09:31 MailScanner > drwxrwx--- 2 smmsp smmsp 512 Nov 23 10:35 clientmqueue > drwxr-x--- 2 root daemon 1024 Nov 23 10:35 mqueue > drwxr-x--- 5 root daemon 512 Nov 22 15:16 mqueue.in > > Output of /var/spool/MailScanner > > drwxr-x--- 7 root daemon 512 Nov 21 17:14 incoming > drwxr-x--- 2 root daemon 512 Oct 18 09:31 quarantine > > According to the section "Change Commands that start Sendmail" > > Two sendmail processes are needed in order for MailScanner and sendmail > to function. On FreeBSD 5.4, sendmail on boot up is loading by > /etc/rc.sendmail with defaults specified under /etc/defaults/rc.conf. > > In order to have two sendmail processes load at startup, would I have > to modify the /etc/rc.conf to override sendmail defaults by adding: > > #Modified /etc/rc.conf would have these lines. > > #This would take care of the first sendmail process. > sendmail_enable="YES" > sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn > -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in" > > #Startup second sendmail process points to /var/spool/mqueue > /usr/sbin/sendmail -L sm-mta -bd -q15m > > > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> Marc.Dufresne@PARKS.ON.CA 11/21/2005 7:08 PM >>> > Sendmail is working!!!! > > I had to modify the DAEMON_OPTIONS in my mc file in order to have > sendmail listen on any address (0.0.0.0) instead of just my public > address. Recompiled sendmail, then it worked. > Issuing a sendmail -v root > I thought I did this before, guess not, or sendmail just didn't get > updated properly. Who knows? > > Now on to MailScanner. > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> Marc.Dufresne@PARKS.ON.CA 11/21/2005 12:18 pm >>> > No sendmail -v root checked my /etc/hosts.allow file which has: > > ALL : localhost 127.0.0.1 [::1] : allow > sendmail : localhost : allow > sendmail : ALL : allow > > What is [::1] ? I never seen that reference. > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> brent.bolin@GMAIL.COM 11/21/2005 11:57 AM >>> > Don't go there yet!. Is sendmail working ? > > sendmail -v root > > > On 11/21/05, Marc Dufresne wrote: > > > > I found this doc > > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > > > Sendmail.cf incoming QueueDirectory is setup to > > /var/spool/mqueue. > > Are these the right permissions? > > > > Here is the output from ls -l /var/spool > > > > drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner > > drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue > > drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue > > drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in > > > > > MailScanner.conf is setup as > > > > Incoming Queue Dir = /var/spool/mqueue > > Outgoing Queue Dir = /var/spool/mqueue > > > > # Set where to unpack incoming messages before scanning them > > Incoming Work Dir = /var/spool/MailScanner/incoming > > > > Here is output ls -l /var/spool/MailScanner > > drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming > > > > # Set where to store infected and message attachments > > Quarantine Dir = /var/spool/MailScanner/quarantine > > > > Here is output ls -l /var/spool/MailScanner > > drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine > > > > > > > > Marc Dufresne, Corporate IT Officer > > St. Lawrence Parks Commission > > 13740 County Road 2 > > Morrisburg, ON K0C 1X0 > > > > E-mail: Marc.Dufresne@parks.on.ca > > Voice: 613-543-3704 Ext#2455 > > Fax: 613-543-2847 > > Corporate website: www.parks.on.ca > > > > >>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> > > Don't care about private discussions. The list exiled me when I > called > > someone a "Dipswitch". > > > > Pretty harsh words ya think ? > > > > Do you show this? > > > > # ps auxwww|grep sendmail > > root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: > accepting > > connections (sendmail) > > root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue > > runner@00:15:00 > > for /var/spool/mqueue (sendmail) > > smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue > > runner@00:15:00 > > for /var/spool/clientmqueue (sendmail) > > root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail > > > > Sounds to me like your sendmail submit isn't running. > > > > Also attaching a valid submit.cf > > > file > > > > Make sure your using both the sendmail.cf < > > http://sendmail.cf> and > > submit > > files I'm sending you. > > > > > > On 11/21/05, Marc Dufresne wrote: > > > > > > My apologies for the private discussions. Didn't realize I posted > to > > the > > > forum. > > > > > > Sendmail is running on port 25. Sendmail is acting as a Relay for > my > > > domain. I have no problem sending/receiving internet e-mail. The > two > > > problems I am having are: > > > > > > 1- MailScanner doesn't seem to be scanning inbound mail. > > > > > > 2- local mail sent to root and postmaster is not being delivered. > > The > > > /var/spool/clientmqueue is backing up with e-mails sent to root > and > > > postmaster. > > > > > > Here's what /var/spool/maillog is saying > > > > > > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, > > > delay=10:33:28, > > > xdelay=00:00:00, mailer=relay, pri=1023910, > > relay=[127.0.0.1 > > > ], > > > dsn=4.0.0, stat=Deferred: Connection refused by > > [127.0.0.1 > > > ] > > > > > > I issued the command sendmail -v root error > > I'm > > > receiving. > > > > > > root....connecting to [127.0.0.1 > ] > > via relay > > > root....Deferred: Connection refused by [127.0.0.1 > > > ] > > > > > > I have modified my /etc/mail/access to reflect > > > > > > 127.0.0.1 RELAY > > > localhost.localdomain RELAY > > > localhost RELAY > > > > > > Issued a makemap hash /etc/mail/access.db < /etc/mail/access. > > Restarted > > > sendmail and still receive the Connection Refused error. > > > > > > Any ideas? > > > > > > I want to fix problem 2 first, eliminating the connection refused > > > errors. Then I want to move onto the MailScanner problem. > > > > > > > > > Marc Dufresne, Corporate IT Officer > > > St. Lawrence Parks Commission > > > 13740 County Road 2 > > > Morrisburg, ON K0C 1X0 > > > > > > E-mail: Marc.Dufresne@parks.on.ca > > > Voice: 613-543-3704 Ext#2455 > > > Fax: 613-543-2847 > > > Corporate website: www.parks.on.ca < > > http://www.parks.on.ca> > > > > > > >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> > > > Marc Dufresne wrote: > > > > Couldn't download any of your sample files. None of the links to > > > your > > > > files work. > > > > > > Looking a the links, I'm not surprised. > > > > > > The way you are quoting is making it very hard to follow. Please > > avoid > > > > > > having private discussions while using a public mailing list and > > don't > > > > > > top-post. > > > > > > > > > > > From the command line, if I issue sendmail -v root > > > I receive this error, > > > > > > > > root....connecting to [127.0.0.1 > ] > > via relay > > > > root....Deferred: Connection refused by [127.0.0.1 > > > ] > > > > > > Is sendmail running? > > > > > > On what port/IP is it running on? > > > > > > > > > > > What files do I need to modify under /etc/mail? > > > > > > > > > > Are you familiar with Sendmail or other MTAs? > > > > > > Regards, > > > > > > Ugo > > > > > > > > > > > Marc Dufresne, Corporate IT Officer > > > > St. Lawrence Parks Commission > > > > 13740 County Road 2 > > > > Morrisburg, ON K0C 1X0 > > > > > > > > E-mail: Marc.Dufresne@parks.on.ca > > > > Voice: 613-543-3704 Ext#2455 > > > > Fax: 613-543-2847 > > > > Corporate website: www.parks.on.ca < > > http://www.parks.on.ca> > > > > > > > >>>> BB 11/20/2005 9:38 PM >>> > > > > Marc, > > > > > > > > I have attached working sendmail.mc < > > http://sendmail.mc> < > > > http://sendmail.mc> and > > > > sendmail.cf < > > http://sendmail.cf>files along > > with > > > /etc/rc.conf > > > startup. > > > > There are a number of things in the > > > > rc.conf that you don't need just use the sendmail portion for > > > examples. > > > > BTW > > > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf > > > does > > > > not > > > > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > > > > > > > The first thing is to get a working copy of sendmail running. > Make > > > > your > > > > edits to /etc/rc.conf with the examples sent. > > > > > > > > Copy sendmail.cf < > > http://sendmail.cf> > > /etc/mail > > > > > > > > Verify no sendmail processes are running and if they are kill > the > > > pid > > > > of > > > > them. Verify again they are gone. > > > > > > > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > > > > sendmail. > > > > Send your self a test message from the MTA level - > > > > > > > > sendmail -v root > > > > > > > This should send a test mesage to root with no subject and > > > undisclosed > > > > recipients. Thats fine all we want to know is if sendmail is > > > running. > > > > Its > > > > also a good test to check the header files. > > > > > > > > If its working thats great, move on to MailScanner. I've > included > > a > > > > working > > > > copy of a mailscanner.conf file. There are some things > configured > > > that > > > > you > > > > might not be using, but all the directores are in place and are > > set > > > to > > > > defaults. > > > > > > > > Virus scanners set to none if not using (I'm using three) > > > > Spamassassin set to no if not using (I'm using 3.1.0_3) > > > > Uncomment the whitlist and blacklist file rules, I'm using > > > > SQLblacklist/whitelists > > > > > > > > I've included another file called directories.needed. Just run, > it > > > > will > > > > create them if they don't exist > > > > > > > > This should be enough to get you going. Remember you need to get > > > > sendmail > > > > running first. I didn't or never have used the Makefile included > > > with > > > > the > > > > distribution. I use the m4 macro on the configuration file *.mc > or > > > just > > > > use > > > > webmin. Its in the ports or can be downloaded from > > > > webmin.com > > > > > . > > > > > > > > It does not make sense to me why sendmail is running if it is > > marked > > > > to > > > > "NONE". If that dosen't do it mark the first instance with NONE > > and > > > all > > > > the > > > > others with NO > > > > > > > > BTW: There is also a nice webmin modual for MailScanner. Once > > setup > > > > things > > > > don't change much other then whitelists/blacklists. The latest > > > version > > > > of > > > > mailwatch can do this hence > > > > > > > > Is Definitely Not Spam = &SQLWhitelist > > > > Is Definitely Spam = &SQLBlacklist > > > > > > > > > > > > Hang on for the ride... > > > > > > > > > > > > > > > > On 11/20/05, Marc Dufresne wrote: > > > >> I am going to explain my understanding of the MailScanner > setup. > > > > Please > > > >> reveiw and let me know if I'm understanding this correctly? > > > >> > > > >> When MailScanner.conf is configured, the following parameters > > > should > > > > be > > > >> set if I'm using sendmail on FreeBSD 5.4: > > > >> > > > >> #MTA used for the Gateway > > > >> MTA=sendmail > > > >> > > > >> #Set how to invoke MTA when sending messages MailScanner has > > > created > > > >> (e.g. to sender/recipient saying "found a virus in your > > message"). > > > > This > > > >> can also be the filename of a ruleset. > > > >> sendmail=/usr/sbin/sendmail > > > >> > > > >> #Incoming mail queue directory for Sendmail > > > >> Incoming Queue Directory=/var/spool/mqueue > > > >> > > > >> #Outgoing mail queue directory for Sendmail > > > >> Outgoing Queue Directory=/var/spool/mqueue > > > >> > > > >> #Incoming Queue Directory for MailScanner > > > >> /var/spool/MailScanner/incoming > > > >> > > > >> #Quarantine Directory for MailScanner > > > >> /var/spool/MailScanner/quaratine > > > >> > > > >> System Startup should be as follows: > > > >> > > > >> 1) #Disable sendmail from loading at system startup > > > >> modify /etc/rc.conf to disable sendmail load > > > >> > > > >> > > > > > > > > > > > > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail- > changingmta.html > > > > > > > > > > > > > > > >> > > > >> Section 23.4.2.3 > > > FreeBSD > > 5.0-STABLEand Later > > > >> > > > >> /etc/rc.conf > > > >> > > > >> sendmail_enable="NO" > > > >> sendmail_submit_enable="NO" > > > >> sendmail_outbound_enable="NO" > > > >> sendmail_msp_queue_enable="NO" > > > >> > > > >> 2) #Load MailScanner at system startup. > > > >> #Make sure mailscanner.sh file is located under > > /usr/local/etc/rc.d > > > >> in order to load MailScannner process at startup. > Mailscanner.sh > > > > should > > > >> invoke sendmail and mailscanner process to start > > > scanning/delivering > > > >> mail. > > > >> > > > >> /usr/local/etc/rc.d/mailscanner.sh > > > >> _________________________________ > > > >> > > > >> First Problem > > > >> > > > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > > > >> everything. Sendmail still loads at startup??????? > > > >> > > > >> Second Problem > > > >> > > > >> Once system is completly loaded and sitting at the login > prompt, > > I > > > >> receive an error > > > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot > bind > > > >> address already in use > > > >> > > > >> I login, and run ps -ax (This is what I see) > > > >> > > > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > > > >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > > > >> /var/spool/client > > > >> > > > >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > > >> /var/spool/mqueue > > > >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > > >> /var/spool/client > > > >> > > > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > > > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl > > > >> -I/usr/local/lib/MailScanner /usr/local > > > >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > > > >> /usr/local > > > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > > > >> /usr/local > > > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > > > >> /usr/local > > > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > > > >> /usr/local > > > >> > > > >> Third Problem > > > >> > > > >> I run tail -f /var/log/maillog > > > >> > > > >> I will send test e-mails from the outside and watch sendmail > > > receive > > > >> and process incoming mail. Everyone receives e-mails from the > > > > outside, > > > >> but mailscanner does not scan any messages. > > > >> > > > >> I will issue a mailq to view /var/spool/mqueue directory. > > Directory > > > > is > > > >> always empty. > > > >> > > > >> I'm completely stumped here as to why Sendmail refuses to > disable > > > at > > > >> startup and MailScanner refuses to scan e-mail messages!!!!! > > > >> > > > >> Any ideas???? > > > >> > > > >> > > > >> Marc Dufresne, Corporate IT Officer > > > >> St. Lawrence Parks Commission > > > >> 13740 County Road 2 > > > >> Morrisburg, ON K0C 1X0 > > > >> > > > >> E-mail: Marc.Dufresne@parks.on.ca > > > >> Voice: 613-543-3704 Ext#2455 > > > >> Fax: 613-543-2847 > > > >> Corporate website: www.parks.on.ca < > > http://www.parks.on.ca> < > > > http://www.parks.on.ca> > > > >> > > > >>>>> BB 11/19/2005 12:38 AM >>> > > > >> Don't know if they ever got the list fixed for my replies, so > I'm > > > > doing > > > >> it > > > >> direct and through the list. > > > >> > > > >> Change /etc/rc.conf or /etc/defaults/rc.conf > > > >> sendmail_enable=NONE > > > >> > > > >> Verify mailscanner is starting up with > > > > /usr/local/etc/rc.d/mailscanner > > > >> .sh > > > >> > > > >> Think you need to manually create some of the directores. > Verify > > > >> MailScanner.conf for directories. > > > >> > > > >> tail -f /var/log/maillog will show you the details > > > >> > > > >> The only reason to rebuild sendmail.cf < > > http://sendmail.cf> < > > > http://sendmail.cf> > > > > > > >>> is to > > > >> remove > > > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a > good > > > >> choice to > > > >> use. > > > >> > > > >> # SMTP daemon options > > > >> > > > >> O DaemonPortOptions=Name=IPv4, Family=inet > > > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > > > >> O DaemonPortOptions=Port=587, Name=MSA, M=E > > > >> > > > >> > > > >> -- > > > >> ACK and you shall receive > > > >> > > > >> > > > >> > > > > > > > > > > > > -- > > > > ACK and you shall receive > > > > > > > > ------------------------ MailScanner list > ------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and > > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > > > BEGIN:VCARD > > > > VERSION:2.1 > > > > X-GWTYPE:USER > > > > FN:Marc Dufresne > > > > TEL;WORK:613-543-3704 > > > > ORG:;Information Technology > > > > TEL;PREF;FAX:613-543-2847 > > > > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > > > > N:Dufresne;Marc > > > > TITLE:Corporate IT Officer > > > > END:VCARD > > > > > > > > > > > > > -- > > > Ugo > > > > > > -> Please don't send a copy of your reply by e-mail. I read the > > list. > > > -> Please avoid top-posting, long signatures and HTML, and cut the > > > irrelevant parts in your replies. > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > > > > -- > > ACK and you shall receive > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 24 10:03:00 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: Time::HiRes for MessageBatch timing Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This just didn't happen as I haven't had the time to add a whole new Perl module to the MailScanner distribution. On 4 Nov 2005, at 16:27, Jeff A. Earickson wrote: > Julian, > > Per my recent request for batch timing in the logs, please > look at my suggested changes for MessageBatch.pm (attached, > against 4.47.4). My changes have NOT been tested at all, so I > don't know if this will work. The changes: > > * added Time::HiRes for timing the start and end timing on > a batch of messages. > > * changed output of information in EndBatch from integer > to float > > * Added a "Batch Completed in x.x seconds" syslog, even if > "Log Speed" is not turned on in the config file. > > Please see if my idea makes sense. Since HighRes is required > for SpamAssassin, why not use it here too to give better info? > > Jeff Earickson > Colby College > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4WP1vw32o+k+q+hAQGfPAf/YXVMkqDLXKjAdmEnQCY+fUqa7v36QjcB V19WRHoDfoKHOOHImTvyNlbUlVUjRwg9Xuw4RsLJe7X6HWrLqsHnqE0Y9drPRejY Lyd6Tr+bT59PGckGZNeQrDewCNsktF7cjTTrf+kSyDtTkdk4H49iS9P7yvimwOSC qr0eAV0N9OPeG3Tlpsi+BzgQMKifWeKOuLRoREiMdAULH9B9Ktk1UtIP245JRNk5 Q74ulzRy+Wgijx4AlfMgHVUxfuwVaE24nvYS7eTHxq8n2Ky2hW1LSIKXnUEq8UYa AQ6lFlp0mWQCfFBVyTCvl6LYf+bQFMzkNGBHk1mrEdOqa5owLkvhpg== =7kBI -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Nov 24 10:06:34 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: Jules Small buglet Just installed the beta tar.tz on my FreeBSD system. and the mailscanner.cf links to /etc/MailScanner/spam.assassin.prefs.conf this is incorrect, it should be /opt/MailScanner/etc/spam.assassin.prefs.conf As I'm using the tar.gz general installer, not the RPM or freebsd ports version. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 23 November 2005 15:53 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Beta release 4.48.2-2 > > -----BEGIN PGP SIGNED MESSAGE----- > > This release may be significantly faster than previous releases. > > Please give this version a try and tell me how you get on with it, > whether it works and whether it works any faster. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP > tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf > Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ > /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I > vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP > YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== > =PtM7 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 24 10:14:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:16 2006 Subject: Beta release 4.48.2-2 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Does /etc/MailScanner exist on your system? It does a hunt through likely-looking paths to find where to put it, and stops at the first one it finds, as it can only put 1 link in. On 24 Nov 2005, at 10:06, Martin Hepworth wrote: > Jules > > Small buglet > > Just installed the beta tar.tz on my FreeBSD system. > > and the mailscanner.cf links to /etc/MailScanner/ > spam.assassin.prefs.conf > > this is incorrect, it should be > /opt/MailScanner/etc/spam.assassin.prefs.conf > > As I'm using the tar.gz general installer, not the RPM or freebsd > ports > version. > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: 23 November 2005 15:53 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: [MAILSCANNER] Beta release 4.48.2-2 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> This release may be significantly faster than previous releases. >> >> Please give this version a try and tell me how you get on with it, >> whether it works and whether it works any faster. >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.2 (Build 2425) >> >> iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP >> tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf >> Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ >> /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I >> vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP >> YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== >> =PtM7 >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4WShvw32o+k+q+hAQEndAgApnJ8usHqAJq+IdCVq7py4eWk/VhqD1+I RW1SP+CJePARemz5S+qWvpbzP51nIywYr05b5H2AOq/gg/M7Cm8x/9SMmJAzV2gM bWmyk91ZOiqJJ9B1rGSyaGYb2VZb9LSAlVKQ52xxYZ2KDozKm6E1/JCtXI8YhOiM 4lyTQQyh7Jo8X1RZStxi3yRTwDxm7eWfMBuqUMM4aK0gwVpIlD3Ws2cpmMMBjNhr CCyiExnY1C3dMIjfjh4zmM/B4i2Hz4xdVRaMKAydLXIOiiQJs7HKFFv/gUaSSP7s vbHF7f0n9M6LUq42LU+t4WVu5HObec9UeJzTFF2FBlpx7y1dJLS8BA== =wvuA -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Nov 24 11:00:04 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:17 2006 Subject: Beta release 4.48.2-2 Message-ID: Jules No it does not, it's the tar.gz normal location of /opt/MailScanner/etc Why it thinks that exists I have no idea... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 24 November 2005 10:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Beta release 4.48.2-2 > > -----BEGIN PGP SIGNED MESSAGE----- > > Does /etc/MailScanner exist on your system? It does a hunt through > likely-looking paths to find where to put it, and stops at the first > one it finds, as it can only put 1 link in. > > On 24 Nov 2005, at 10:06, Martin Hepworth wrote: > > > Jules > > > > Small buglet > > > > Just installed the beta tar.tz on my FreeBSD system. > > > > and the mailscanner.cf links to /etc/MailScanner/ > > spam.assassin.prefs.conf > > > > this is incorrect, it should be > > /opt/MailScanner/etc/spam.assassin.prefs.conf > > > > As I'm using the tar.gz general installer, not the RPM or freebsd > > ports > > version. > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Julian Field > >> Sent: 23 November 2005 15:53 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: [MAILSCANNER] Beta release 4.48.2-2 > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> This release may be significantly faster than previous releases. > >> > >> Please give this version a try and tell me how you get on with it, > >> whether it works and whether it works any faster. > >> > >> - -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.2 (Build 2425) > >> > >> iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP > >> tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf > >> Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ > >> /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I > >> vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP > >> YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== > >> =PtM7 > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ4WShvw32o+k+q+hAQEndAgApnJ8usHqAJq+IdCVq7py4eWk/VhqD1+I > RW1SP+CJePARemz5S+qWvpbzP51nIywYr05b5H2AOq/gg/M7Cm8x/9SMmJAzV2gM > bWmyk91ZOiqJJ9B1rGSyaGYb2VZb9LSAlVKQ52xxYZ2KDozKm6E1/JCtXI8YhOiM > 4lyTQQyh7Jo8X1RZStxi3yRTwDxm7eWfMBuqUMM4aK0gwVpIlD3Ws2cpmMMBjNhr > CCyiExnY1C3dMIjfjh4zmM/B4i2Hz4xdVRaMKAydLXIOiiQJs7HKFFv/gUaSSP7s > vbHF7f0n9M6LUq42LU+t4WVu5HObec9UeJzTFF2FBlpx7y1dJLS8BA== > =wvuA > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gmatt at NERC.AC.UK Thu Nov 24 11:28:59 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:31:17 2006 Subject: broken /usr/bin/file behaviour Message-ID: On Wed, 2005-11-23 at 18:05 +0000, Julian Field wrote: > File it as a bug in the "file" command, they should be able to expand > the "magic" file (which holds the detection signature table) so that it > successfully deduces that this file is in fact a text file and not a > QuickTime movie (a very short one :-) I've verified the behaviour in the most recent version (4.16) and sent an email to Christos. In the meantime I suppose I'd better allow quicktime movies through my relays... G -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 24 11:16:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:17 2006 Subject: Beta release 4.48.2-2 Message-ID: -----BEGIN PGP SIGNED MESSAGE----- What does this say? perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new- >first_existing_path(@Mail::SpamAssassin::site_rules_path)' That should all be on one line. That's how the tar.gz works out where to put the file. On 24 Nov 2005, at 11:00, Martin Hepworth wrote: > Jules > > No it does not, it's the tar.gz normal location of /opt/MailScanner/ > etc > > Why it thinks that exists I have no idea... > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: 24 November 2005 10:14 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] Beta release 4.48.2-2 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> Does /etc/MailScanner exist on your system? It does a hunt through >> likely-looking paths to find where to put it, and stops at the first >> one it finds, as it can only put 1 link in. >> >> On 24 Nov 2005, at 10:06, Martin Hepworth wrote: >> >>> Jules >>> >>> Small buglet >>> >>> Just installed the beta tar.tz on my FreeBSD system. >>> >>> and the mailscanner.cf links to /etc/MailScanner/ >>> spam.assassin.prefs.conf >>> >>> this is incorrect, it should be >>> /opt/MailScanner/etc/spam.assassin.prefs.conf >>> >>> As I'm using the tar.gz general installer, not the RPM or freebsd >>> ports >>> version. >>> >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Julian Field >>>> Sent: 23 November 2005 15:53 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: [MAILSCANNER] Beta release 4.48.2-2 >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> This release may be significantly faster than previous releases. >>>> >>>> Please give this version a try and tell me how you get on with it, >>>> whether it works and whether it works any faster. >>>> >>>> - -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.2 (Build 2425) >>>> >>>> iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP >>>> tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf >>>> Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ >>>> /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I >>>> vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP >>>> YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== >>>> =PtM7 >>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> ** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.2 (Build 2425) >> >> iQEVAwUBQ4WShvw32o+k+q+hAQEndAgApnJ8usHqAJq+IdCVq7py4eWk/VhqD1+I >> RW1SP+CJePARemz5S+qWvpbzP51nIywYr05b5H2AOq/gg/M7Cm8x/9SMmJAzV2gM >> bWmyk91ZOiqJJ9B1rGSyaGYb2VZb9LSAlVKQ52xxYZ2KDozKm6E1/JCtXI8YhOiM >> 4lyTQQyh7Jo8X1RZStxi3yRTwDxm7eWfMBuqUMM4aK0gwVpIlD3Ws2cpmMMBjNhr >> CCyiExnY1C3dMIjfjh4zmM/B4i2Hz4xdVRaMKAydLXIOiiQJs7HKFFv/gUaSSP7s >> vbHF7f0n9M6LUq42LU+t4WVu5HObec9UeJzTFF2FBlpx7y1dJLS8BA== >> =wvuA >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4WhBfw32o+k+q+hAQFKRAgAikrlr+vs+THKt8CCCDSxqw7KAnqsb7YV eFZTJ6Q/CDgk66f0enqtafbZp8QkJVMs0qEsuIHvcyzKG1yTYfy0qqaVFw9BFxcy vUfDajzVFufntjlfGtr/OsI/Qo32bVsM94M88rlexdL5MdFPScbbj9HnpXO28A+g I8ojRk8xoMk8W37HPrGV7BNDKqeoZPBhu9OL5t+538Y0w4l4f7OQlj68ff/CE8R/ UWlVFePWIckghDZ1E0hyWF2OrRwuoSg1TblbmNz/D7akY5majgNFFoqHQxB6vXJi JbkeuEXlZBUJGiv3ms2sR6eU85tzOcPPDSnGBcdotstklvbRjyOSrA== =eLAn -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Nov 24 12:10:21 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:17 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: Hi Julian, Thank you for working on this. I think the current situation is much improved. > I hope we can pretty much consider this discussion closed at this > point. Please try the latest beta and see what you think. The > installation is done by the mailscnner RPM file in the 2 RPM > distributions, and by the install.sh in the TAR distribution. I > decided it would be neater to do it in the RPM distribution for the > vast majority of RPM users. The ClamAV+SA installation package also > make several attempts at finding the right place to put the link in, > and warns you about it if it fails to find one. So whether you install > MS then SA or the other way round, it should work okay if you use my > install.sh files. Even if you install the RPMs manually it will still > work. > > In the rare situation that it ends up with a link pointing at a > non-existent file, SA will just make a minor complaint and carry on, > so it will still work. But it may not lint correctly, which IMHO is a > suitable behaviour. > > I have also re-written the comments at the top of > spam.assassin.prefs.conf completely so they are rather more suitable > for the new setup. > > Hopefully we're all there now. > > Jules. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Truth often suffers more from the heat of its defenders than from the arguments of its opposers. -William Penn ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Nov 24 13:43:49 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:17 2006 Subject: Beta release 4.48.2-2 Message-ID: Jules It gives /etc/mail/spamassassin Which IS the correct place for the local site rules. The problem is that the sym link for mailscanner.cf created in /etc/mail/spamassassin points to /etc/MailScanner/spam.assassin.prefs.conf, when it should point to /opt/MailScanner/etc/spam.assassin.prefs.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 24 November 2005 11:16 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Beta release 4.48.2-2 > > -----BEGIN PGP SIGNED MESSAGE----- > > What does this say? > > perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new- > >first_existing_path(@Mail::SpamAssassin::site_rules_path)' > > That should all be on one line. > That's how the tar.gz works out where to put the file. > > On 24 Nov 2005, at 11:00, Martin Hepworth wrote: > > > Jules > > > > No it does not, it's the tar.gz normal location of /opt/MailScanner/ > > etc > > > > Why it thinks that exists I have no idea... > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Julian Field > >> Sent: 24 November 2005 10:14 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: [MAILSCANNER] Beta release 4.48.2-2 > >> > >> -----BEGIN PGP SIGNED MESSAGE----- > >> > >> Does /etc/MailScanner exist on your system? It does a hunt through > >> likely-looking paths to find where to put it, and stops at the first > >> one it finds, as it can only put 1 link in. > >> > >> On 24 Nov 2005, at 10:06, Martin Hepworth wrote: > >> > >>> Jules > >>> > >>> Small buglet > >>> > >>> Just installed the beta tar.tz on my FreeBSD system. > >>> > >>> and the mailscanner.cf links to /etc/MailScanner/ > >>> spam.assassin.prefs.conf > >>> > >>> this is incorrect, it should be > >>> /opt/MailScanner/etc/spam.assassin.prefs.conf > >>> > >>> As I'm using the tar.gz general installer, not the RPM or freebsd > >>> ports > >>> version. > >>> > >>> > >>> -- > >>> Martin Hepworth > >>> Snr Systems Administrator > >>> Solid State Logic > >>> Tel: +44 (0)1865 842300 > >>> > >>>> -----Original Message----- > >>>> From: MailScanner mailing list > >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>>> Behalf Of Julian Field > >>>> Sent: 23 November 2005 15:53 > >>>> To: MAILSCANNER@JISCMAIL.AC.UK > >>>> Subject: [MAILSCANNER] Beta release 4.48.2-2 > >>>> > >>>> -----BEGIN PGP SIGNED MESSAGE----- > >>>> > >>>> This release may be significantly faster than previous releases. > >>>> > >>>> Please give this version a try and tell me how you get on with it, > >>>> whether it works and whether it works any faster. > >>>> > >>>> - -- > >>>> Julian Field > >>>> www.MailScanner.info > >>>> Buy the MailScanner book at www.MailScanner.info/store > >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >>>> > >>>> > >>>> -----BEGIN PGP SIGNATURE----- > >>>> Version: PGP Desktop 9.0.2 (Build 2425) > >>>> > >>>> iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP > >>>> tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf > >>>> Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ > >>>> /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I > >>>> vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP > >>>> YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== > >>>> =PtM7 > >>>> -----END PGP SIGNATURE----- > >>>> > >>>> -- > >>>> This message has been scanned for viruses and > >>>> dangerous content by MailScanner, and is > >>>> believed to be clean. > >>>> > >>>> ------------------------ MailScanner list ------------------------ > >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>> 'leave mailscanner' in the body of the email. > >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>>> > >>>> Support MailScanner development - buy the book off the website! > >>> > >>> > >>> ******************************************************************** > >>> ** > >>> > >>> This email and any files transmitted with it are confidential and > >>> intended solely for the use of the individual or entity to whom they > >>> are addressed. If you have received this email in error please > >>> notify > >>> the system manager. > >>> > >>> This footnote confirms that this email message has been swept > >>> for the presence of computer viruses and is believed to be clean. > >>> > >>> ******************************************************************** > >>> ** > >>> > >>> ------------------------ MailScanner list ------------------------ > >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>> 'leave mailscanner' in the body of the email. > >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>> Support MailScanner development - buy the book off the website! > >> > >> - -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> -----BEGIN PGP SIGNATURE----- > >> Version: PGP Desktop 9.0.2 (Build 2425) > >> > >> iQEVAwUBQ4WShvw32o+k+q+hAQEndAgApnJ8usHqAJq+IdCVq7py4eWk/VhqD1+I > >> RW1SP+CJePARemz5S+qWvpbzP51nIywYr05b5H2AOq/gg/M7Cm8x/9SMmJAzV2gM > >> bWmyk91ZOiqJJ9B1rGSyaGYb2VZb9LSAlVKQ52xxYZ2KDozKm6E1/JCtXI8YhOiM > >> 4lyTQQyh7Jo8X1RZStxi3yRTwDxm7eWfMBuqUMM4aK0gwVpIlD3Ws2cpmMMBjNhr > >> CCyiExnY1C3dMIjfjh4zmM/B4i2Hz4xdVRaMKAydLXIOiiQJs7HKFFv/gUaSSP7s > >> vbHF7f0n9M6LUq42LU+t4WVu5HObec9UeJzTFF2FBlpx7y1dJLS8BA== > >> =wvuA > >> -----END PGP SIGNATURE----- > >> > >> -- > >> This message has been scanned for viruses and > >> dangerous content by MailScanner, and is > >> believed to be clean. > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ4WhBfw32o+k+q+hAQFKRAgAikrlr+vs+THKt8CCCDSxqw7KAnqsb7YV > eFZTJ6Q/CDgk66f0enqtafbZp8QkJVMs0qEsuIHvcyzKG1yTYfy0qqaVFw9BFxcy > vUfDajzVFufntjlfGtr/OsI/Qo32bVsM94M88rlexdL5MdFPScbbj9HnpXO28A+g > I8ojRk8xoMk8W37HPrGV7BNDKqeoZPBhu9OL5t+538Y0w4l4f7OQlj68ff/CE8R/ > UWlVFePWIckghDZ1E0hyWF2OrRwuoSg1TblbmNz/D7akY5majgNFFoqHQxB6vXJi > JbkeuEXlZBUJGiv3ms2sR6eU85tzOcPPDSnGBcdotstklvbRjyOSrA== > =eLAn > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 24 14:12:36 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:17 2006 Subject: Beta release 4.48.2-2 Message-ID: Please try the attached replacement for install.sh, it should do a rather better job this time. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 1.2, Application/X-GZIP 5.6KB. ] [ Unable to print this part. ] [ Part 1.3: "Attached Text" ] On 24 Nov 2005, at 13:43, Martin Hepworth wrote: > Jules > > It gives > > /etc/mail/spamassassin > > Which IS the correct place for the local site rules. > > The problem is that the sym link for mailscanner.cf created in > /etc/mail/spamassassin points to /etc/MailScanner/ > spam.assassin.prefs.conf, > when it should point to /opt/MailScanner/etc/spam.assassin.prefs.conf > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Julian Field >> Sent: 24 November 2005 11:16 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] Beta release 4.48.2-2 >> >> -----BEGIN PGP SIGNED MESSAGE----- >> >> What does this say? >> >> perl -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new- >>> first_existing_path(@Mail::SpamAssassin::site_rules_path)' >> >> That should all be on one line. >> That's how the tar.gz works out where to put the file. >> >> On 24 Nov 2005, at 11:00, Martin Hepworth wrote: >> >>> Jules >>> >>> No it does not, it's the tar.gz normal location of /opt/MailScanner/ >>> etc >>> >>> Why it thinks that exists I have no idea... >>> >>> -- >>> Martin Hepworth >>> Snr Systems Administrator >>> Solid State Logic >>> Tel: +44 (0)1865 842300 >>> >>>> -----Original Message----- >>>> From: MailScanner mailing list >>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Julian Field >>>> Sent: 24 November 2005 10:14 >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: [MAILSCANNER] Beta release 4.48.2-2 >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> >>>> Does /etc/MailScanner exist on your system? It does a hunt through >>>> likely-looking paths to find where to put it, and stops at the >>>> first >>>> one it finds, as it can only put 1 link in. >>>> >>>> On 24 Nov 2005, at 10:06, Martin Hepworth wrote: >>>> >>>>> Jules >>>>> >>>>> Small buglet >>>>> >>>>> Just installed the beta tar.tz on my FreeBSD system. >>>>> >>>>> and the mailscanner.cf links to /etc/MailScanner/ >>>>> spam.assassin.prefs.conf >>>>> >>>>> this is incorrect, it should be >>>>> /opt/MailScanner/etc/spam.assassin.prefs.conf >>>>> >>>>> As I'm using the tar.gz general installer, not the RPM or freebsd >>>>> ports >>>>> version. >>>>> >>>>> >>>>> -- >>>>> Martin Hepworth >>>>> Snr Systems Administrator >>>>> Solid State Logic >>>>> Tel: +44 (0)1865 842300 >>>>> >>>>>> -----Original Message----- >>>>>> From: MailScanner mailing list >>>>>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>>> Behalf Of Julian Field >>>>>> Sent: 23 November 2005 15:53 >>>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>>> Subject: [MAILSCANNER] Beta release 4.48.2-2 >>>>>> >>>>>> -----BEGIN PGP SIGNED MESSAGE----- >>>>>> >>>>>> This release may be significantly faster than previous releases. >>>>>> >>>>>> Please give this version a try and tell me how you get on with >>>>>> it, >>>>>> whether it works and whether it works any faster. >>>>>> >>>>>> - -- >>>>>> Julian Field >>>>>> www.MailScanner.info >>>>>> Buy the MailScanner book at www.MailScanner.info/store >>>>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>>>> >>>>>> >>>>>> -----BEGIN PGP SIGNATURE----- >>>>>> Version: PGP Desktop 9.0.2 (Build 2425) >>>>>> >>>>>> iQEVAwUBQ4SQXPw32o+k+q+hAQElDAgAjT2tAQ7W01Gw4wwRqWl/cktxNDDREKRP >>>>>> tUfWhCnzPGS0DoP7QT0C0xvJMKyg2ioKT69b+Czq3+AXUtkN1MdeK2UUBAEi4ncf >>>>>> Jeag63HYeCBgkS44wnkuAnxTJ+jF9oaX2df5zcsT9NEXPc69oEFlNIOAcmZDRcJZ >>>>>> /FRDMqtB89qJQNQJpOb2jGlTmiSgWECjqyIvxLXhy7xax22hhbKfAO1JPW25nJ2I >>>>>> vOJHpFITSiPkzwlv4pEfalTIFtOXtp+KDmmIWQc/DzCiZ0iqmKFqD2Uhd1P4kygP >>>>>> YBKfOLSoP5q7kaxYphNAYHv7zLw0Xud7m4/V73NqFWw4adF11UnKXQ== >>>>>> =PtM7 >>>>>> -----END PGP SIGNATURE----- >>>>>> >>>>>> -- >>>>>> This message has been scanned for viruses and >>>>>> dangerous content by MailScanner, and is >>>>>> believed to be clean. >>>>>> >>>>>> ------------------------ MailScanner list >>>>>> ------------------------ >>>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>>> 'leave mailscanner' in the body of the email. >>>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>>> >>>>>> Support MailScanner development - buy the book off the website! >>>>> >>>>> >>>>> ****************************************************************** >>>>> ** >>>>> ** >>>>> >>>>> This email and any files transmitted with it are confidential and >>>>> intended solely for the use of the individual or entity to whom >>>>> they >>>>> are addressed. If you have received this email in error please >>>>> notify >>>>> the system manager. >>>>> >>>>> This footnote confirms that this email message has been swept >>>>> for the presence of computer viruses and is believed to be clean. >>>>> >>>>> ****************************************************************** >>>>> ** >>>>> ** >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> Support MailScanner development - buy the book off the website! >>>> >>>> - -- >>>> Julian Field >>>> www.MailScanner.info >>>> Buy the MailScanner book at www.MailScanner.info/store >>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >>>> >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: PGP Desktop 9.0.2 (Build 2425) >>>> >>>> iQEVAwUBQ4WShvw32o+k+q+hAQEndAgApnJ8usHqAJq+IdCVq7py4eWk/VhqD1+I >>>> RW1SP+CJePARemz5S+qWvpbzP51nIywYr05b5H2AOq/gg/M7Cm8x/9SMmJAzV2gM >>>> bWmyk91ZOiqJJ9B1rGSyaGYb2VZb9LSAlVKQ52xxYZ2KDozKm6E1/JCtXI8YhOiM >>>> 4lyTQQyh7Jo8X1RZStxi3yRTwDxm7eWfMBuqUMM4aK0gwVpIlD3Ws2cpmMMBjNhr >>>> CCyiExnY1C3dMIjfjh4zmM/B4i2Hz4xdVRaMKAydLXIOiiQJs7HKFFv/gUaSSP7s >>>> vbHF7f0n9M6LUq42LU+t4WVu5HObec9UeJzTFF2FBlpx7y1dJLS8BA== >>>> =wvuA >>>> -----END PGP SIGNATURE----- >>>> >>>> -- >>>> This message has been scanned for viruses and >>>> dangerous content by MailScanner, and is >>>> believed to be clean. >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> >>> ******************************************************************** >>> ** >>> >>> This email and any files transmitted with it are confidential and >>> intended solely for the use of the individual or entity to whom they >>> are addressed. If you have received this email in error please >>> notify >>> the system manager. >>> >>> This footnote confirms that this email message has been swept >>> for the presence of computer viruses and is believed to be clean. >>> >>> ******************************************************************** >>> ** >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> - -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> -----BEGIN PGP SIGNATURE----- >> Version: PGP Desktop 9.0.2 (Build 2425) >> >> iQEVAwUBQ4WhBfw32o+k+q+hAQFKRAgAikrlr+vs+THKt8CCCDSxqw7KAnqsb7YV >> eFZTJ6Q/CDgk66f0enqtafbZp8QkJVMs0qEsuIHvcyzKG1yTYfy0qqaVFw9BFxcy >> vUfDajzVFufntjlfGtr/OsI/Qo32bVsM94M88rlexdL5MdFPScbbj9HnpXO28A+g >> I8ojRk8xoMk8W37HPrGV7BNDKqeoZPBhu9OL5t+538Y0w4l4f7OQlj68ff/CE8R/ >> UWlVFePWIckghDZ1E0hyWF2OrRwuoSg1TblbmNz/D7akY5majgNFFoqHQxB6vXJi >> JbkeuEXlZBUJGiv3ms2sR6eU85tzOcPPDSnGBcdotstklvbRjyOSrA== >> =eLAn >> -----END PGP SIGNATURE----- >> >> -- >> This message has been scanned for viruses and >> dangerous content by MailScanner, and is >> believed to be clean. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Thu Nov 24 14:47:16 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:17 2006 Subject: Beta release 4.48.2-2 Message-ID: Jules OK... I'll try and find some time to test i Jules That's better.. worked fine. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 24 November 2005 14:13 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Beta release 4.48.2-2 > > Please try the attached replacement for install.sh, it should do a > rather better job this time. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Thu Nov 24 13:31:25 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:17 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anthony Peacock wrote on Wed, 23 Nov 2005 15:42:20 -0000: > I understand your point, and this wouldn't really affect me as I > don't use the installer anyway. Actually, the single rpm without install.sh *does* install the symlink. So don't forget to remove it. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From peter at UCGBOOK.COM Thu Nov 24 18:49:55 2005 From: peter at UCGBOOK.COM (Peter Bonivart) Date: Thu Jan 12 21:31:17 2006 Subject: broken /usr/bin/file behaviour Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greg Matthews wrote: > Whoever wrote libmagic seems to be a fan of the BBC comedy "Are you > being served?" > > create an ascii file that begins: > I'm free > > and then run /usr/bin/file against it. It is reported as: > Apple QuickTime movie file (free) Works fine in Solaris: root@kleenex[root]# more texttest I'm free root@kleenex[root]# file texttest texttest: ascii text root@kleenex[root]# uname -a SunOS kleenex 5.9 Generic_118558-11 sun4u sparc SUNW,Sun-Fire-V210 -- /Peter Bonivart --Unix lovers do it in the Sun ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Fri Nov 25 08:54:56 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:17 2006 Subject: spam.assassin.prefs.conf real file location Message-ID: Hi, > Anthony Peacock wrote on Wed, 23 Nov 2005 15:42:20 -0000: > > > I understand your point, and this wouldn't really affect me as I > > don't use the installer anyway. > > Actually, the single rpm without install.sh *does* install the > symlink. So don't forget to remove it. I am on Solaris so I don't use the RPMs either... :-) However, as I was part of the dicussions, I have manually added the symlink to help test the beta. I always commented out the whole of spam.assassin.prefs.conf anyway... -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The poor have sometimes objected to being governed badly; the rich have always objected to being governed at all." - G. K. Chesterton. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tac.forums at GMAIL.COM Fri Nov 25 09:53:38 2005 From: tac.forums at GMAIL.COM (TAC Forums) Date: Thu Jan 12 21:31:17 2006 Subject: any idea why this mail might still have got marked as spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/23/05, Alex Neuman van der Hans wrote: > Do you have it after the "fromorto: default no" line? I don't know if > the order is important (should be), but I always make sure the defaults > are at the bottom. Hi Yes... the fromorto: default no ... is at the bottom. -- TAC Support Team ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 23 13:29:41 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:17 2006 Subject: Test mail, please ignore Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 23/11/05, Glenn Steen wrote: > As said, please ignore ... I'm just trying to see (with telnet) what's preventing my messages to go to the list...Sigh. > > -- Glenn > And now I know... Probably someone else have already mentioned this... Tempfail on kili.jiscmail.ac.uk ... Sigh. Since this is unlikely to reach the list I'll mail Jules too. Couldn't we move the list to something a bit more reliable? ("We" in this case would be Jules ... and possibly Mr Michele Neylon:) Transcript of communication with kili: # telnet kili.jiscmail.ac.uk 25 Trying 130.246.192.52... Connected to kili.jiscmail.ac.uk (130.246.192.52). Escape character is '^]'. 220 kili.jiscmail.ac.uk ESMTP JISCmail mailer; Wed, 23 Nov 2005 13:23:39 GMT EHLO aa.nn.se 250-kili.jiscmail.ac.uk Hello xxxx [xxxxxxxx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL from: 452 4.4.5 Insufficient disk space; try again later quit 452 4.4.5 Insufficient disk space; try again later quit 221 2.0.0 kili.jiscmail.ac.uk closing connection Connection closed by foreign host. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From wayne at NIGHTSOL.NET Fri Nov 25 12:50:36 2005 From: wayne at NIGHTSOL.NET (Wayne) Date: Thu Jan 12 21:31:17 2006 Subject: Throughput Message-ID: Hey Guys, Im getting a throughput of around 35-40k messages per day max The server is a dual p3 600Mhz with 1gig RAM Max Children is set as 14.. Running on Fedora Core 2 with postfix and clamav for antivirus Does this sound about right? Its barley keeping up with loads And sometimes falls behind.. Load averages are always between 3-7 Do I need a new server or is there some way I can get more out of this one with current hardware? Thanks, Wayne ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Nov 23 10:04:36 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:31:17 2006 Subject: Beta 4.48.2 released Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 23/11/05, Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > > I have just released 4.48.2. > This release uses the new method of handling the > spam.assassin.prefs.conf file as discussed over the past few days. > spam.assassin.prefs.conf is no longer read specially by the > MailScanner code, it is read as normal like any other *.cf file by > SpamAssassin during its initialisation. > This means we have to overhaul the wiki a bit... Change any examples of "spamassassin --lint -p ..." to something catering to both before and after this release. Will take a look when I get time (as always in short supply:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 25 13:32:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:17 2006 Subject: Throughput Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Do a "vmstat 5" and track the "si" and "so" (swap in and out) figures. With only 1Gb of RAM I would suspect it is swapping. If so, buy more RAM. On 25 Nov 2005, at 12:50, Wayne wrote: > Hey Guys, > > Im getting a throughput of around 35-40k messages per day max > The server is a dual p3 600Mhz with 1gig RAM > Max Children is set as 14.. > Running on Fedora Core 2 with postfix and clamav for antivirus > > Does this sound about right? Its barley keeping up with loads > And sometimes falls behind.. > Load averages are always between 3-7 > Do I need a new server or is there some way I can get more out of > this one > with current hardware? > > Thanks, > Wayne > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4cSbvw32o+k+q+hAQH1WAf+KUt70OOJZnaQxbkQ4wP24QXnItHm5o+X /RuPyTBPMmemClzgPmNAv47ZD7EHlaEaV4y8q5vc0zf6npGw3OauMFz91G/eTail bWcOmWgWDSMYHAM+RaaNCP3CFJwJwxPgSDjP+IDU7hqnt8+KFNQjXj6z8XVLP8Cr VoYV4OQxK531/68D8lkFoQ3eVOaORo4AMnSHBpZtOszvX+B5p/Lp9QS7w2vlW9dX ldsPeOnZxi9U3TAT2WTSufInl3upyX3SMcSBToF9MgoRXf9MZwljypyPd4wtUiUI fbGfNNh6AREV9KYvtrKjRddbxINQL+rgT0E1PTTTmXWG++qsvPGfSw== =2AZN -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From DougHall at SANKYO.CO.UK Fri Nov 25 13:22:38 2005 From: DougHall at SANKYO.CO.UK (Doug Hall) Date: Thu Jan 12 21:31:17 2006 Subject: Mailling List! Message-ID: I can provide the server for the list if you like -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Glenn Steen Sent: 23 November 2005 13:30 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Test mail, please ignore On 23/11/05, Glenn Steen wrote: > As said, please ignore ... I'm just trying to see (with telnet) what's preventing my messages to go to the list...Sigh. > > -- Glenn > And now I know... Probably someone else have already mentioned this... Tempfail on kili.jiscmail.ac.uk ... Sigh. Since this is unlikely to reach the list I'll mail Jules too. Couldn't we move the list to something a bit more reliable? ("We" in this case would be Jules ... and possibly Mr Michele Neylon:) Transcript of communication with kili: # telnet kili.jiscmail.ac.uk 25 Trying 130.246.192.52... Connected to kili.jiscmail.ac.uk (130.246.192.52). Escape character is '^]'. 220 kili.jiscmail.ac.uk ESMTP JISCmail mailer; Wed, 23 Nov 2005 13:23:39 GMT EHLO aa.nn.se 250-kili.jiscmail.ac.uk Hello xxxx [xxxxxxxx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL from: 452 4.4.5 Insufficient disk space; try again later quit 452 4.4.5 Insufficient disk space; try again later quit 221 2.0.0 kili.jiscmail.ac.uk closing connection Connection closed by foreign host. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ---------------------- This email including attachment/s is COMPANY CONFIDENTIAL and may contain PROPRIETARY or LEGALLY privileged information. It is intended only for use of the addressee(s). If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. The contents of this e-mail are the views and opinions of the author only. If you are not the addressee or an intended recipient, you must not print, copy, amend, distribute or disclose it to anyone else or rely on the contents of this message, and you should permanently DELETE it. SANKYO PHARMA UK LTD does not accept responsibility for any unauthorised amendment which may be made to the contents of this e-mail following its dispatch. We make every effort to keep our network free from viruses. However, you need to check this email and any attachments for viruses as we can take no responsibility for any computer virus which may be transferred by this email. In any event the contents of this email shall be governed by the laws of England. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jason.Burzenski at AMERICANHM.COM Fri Nov 25 13:59:46 2005 From: Jason.Burzenski at AMERICANHM.COM (Jason Burzenski) Date: Thu Jan 12 21:31:17 2006 Subject: Throughput Message-ID: Wayne, I typically run at 6-8 load during peak hours which typically hasn't been a problem. Recently (sober.z/sober.mm) we've been seeing elevated load due to a 200% increase in messages (mostly virus related). This manifests itself by pushing the load up to ~10 and queueing in the inqueue. We had some success by increasing the child procs and the number of messages handled by each batch. We also removed some old semi-expensive custom rawbody and body rules to lighten the load on the box slightly. To improve IO we temporarily disabled writing files to the quarantine. If you are strapped for good hardware, you can always run another small MailScanner box and split your mail between the two via DNS. I would imagine you should be able to get a bit more out of your box. I also expect to be able to get more out of ours. I am putting the MailScanner book on my xmas list this year and hoping for a chapter on performance tuning. :) Jason -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] Sent: Friday, November 25, 2005 7:51 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Throughput Hey Guys, Im getting a throughput of around 35-40k messages per day max The server is a dual p3 600Mhz with 1gig RAM Max Children is set as 14.. Running on Fedora Core 2 with postfix and clamav for antivirus Does this sound about right? Its barley keeping up with loads And sometimes falls behind.. Load averages are always between 3-7 Do I need a new server or is there some way I can get more out of this one with current hardware? Thanks, Wayne ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Nov 25 14:50:23 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:17 2006 Subject: Zip Trojans Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Good morning folks. I am running MailScanner with the latest ClamAV. I noticed this morning that many clients are receiving a TON of non-encrypted zipped .exe trojans in their email. Does ClamAV simply not tag trojans or is something merely not working? I will watch the logs in the mean time. ___________________________________________ Wess Bechard Information Technology Manager eliquidMEDIA International Inc. Visit: www.eliquid.com Office: 519.973.1930 - 1.800.561.7525 Fax: 519.253.0337 Cell: 519.791.9492 ___________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tac.forums at GMAIL.COM Fri Nov 25 09:58:40 2005 From: tac.forums at GMAIL.COM (TAC Forums) Date: Thu Jan 12 21:31:17 2006 Subject: any idea why this mail might still have got marked as spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Are you sure that you're looking at the right address, the envelope > sender? The From-address shown in your mail client is often something > else than the actual address which MailScanner uses. Hi When you mean envelope sender, you mean return-path ... right? If yes, then both return-path and from address display that domain name. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Nov 25 14:53:21 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:17 2006 Subject: Zip Trojans Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Actually, I simply need to be able to block all zip files containing an exe, pif, etc. On Fri, 2005-11-25 at 09:50 -0500, Wess Bechard wrote: Good morning folks. I am running MailScanner with the latest ClamAV. I noticed this morning that many clients are receiving a TON of non-encrypted zipped .exe trojans in their email. Does ClamAV simply not tag trojans or is something merely not working? I will watch the logs in the mean time. ___________________________________________ Wess Bechard Information Technology Manager eliquidMEDIA International Inc. Visit: www.eliquid.com Office: 519.973.1930 - 1.800.561.7525 Fax: 519.253.0337 Cell: 519.791.9492 ___________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ___________________________________________ Wess Bechard Information Technology Manager eliquidMEDIA International Inc. Visit: www.eliquid.com Office: 519.973.1930 - 1.800.561.7525 Fax: 519.253.0337 Cell: 519.791.9492 ___________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Fri Nov 25 13:55:48 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:17 2006 Subject: Anyone using F-Secure? Message-ID: Hi all... As part of an evaluation of moving from Sophos to F-Secure sitewide here, we ended up running a copy of F-Secure command-line with MailScanner. It might be overkill, but it adds nicely to our pre-existing Mcafee, Sophos and ClamAV :) Anyway, in light of recent Sober variants, I've noticed a massive change in the amount of viruses detected by F-Secure. From gmatt at NERC.AC.UK Fri Nov 25 13:08:55 2005 From: gmatt at NERC.AC.UK (Greg Matthews) Date: Thu Jan 12 21:31:17 2006 Subject: Throughput Message-ID: On Fri, 2005-11-25 at 12:50 +0000, Wayne wrote: > Hey Guys, > > Im getting a throughput of around 35-40k messages per day max > The server is a dual p3 600Mhz with 1gig RAM > Max Children is set as 14.. > Running on Fedora Core 2 with postfix and clamav for antivirus > > Does this sound about right? sounds ok to me. there are various performance tweaks you can try to squeeze a bit more out of the machine. I went through this myself a few months ago, but it was a change in the way sendmail was configured that meant I could reject far more at the MTA which let me continue to use my original hardware. To be honest, I wouldnt expect much more performance from this machine and I'd want quite a bit in reserve to get me over "humps" in demand or give me some leeway during a DoS. > Its barley keeping up with loads > And sometimes falls behind.. > Load averages are always between 3-7 > Do I need a new server or is there some way I can get more out of this one > with current hardware? The best way to get more out the hardware is to deny more at the MTA, therefore doing less actual filtering. For my setup I use one dynamic block list, and milter-ahead for mailbox checking. With this configuration I was able to weather a namespace attack recently when one relay received approximately 1 million hits by midday. There are one or two other blocks at the MTA but these two account for the majority of dropped connections. G > > Thanks, > Wayne -- Greg Matthews 01491 692445 Head of UNIX/Linux, iTSS Wallingford ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 25 14:52:17 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:17 2006 Subject: Zip Trojans Message-ID: Just had someone the IRC channel say his ClamAV wasn't picking these up either.... what version of ClamAV are you running? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Wess Bechard > Sent: 25 November 2005 14:50 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Zip Trojans > > Good morning folks. > > I am running MailScanner with the latest ClamAV. > > I noticed this morning that many clients are receiving a TON of non- > encrypted zipped .exe trojans in their email. Does ClamAV simply not tag > trojans or is something merely not working? > > I will watch the logs in the mean time. > > > > ___________________________________________ > > Wess Bechard > Information Technology Manager > eliquidMEDIA International Inc. > Visit: www.eliquid.com > Office: 519.973.1930 - 1.800.561.7525 > Fax: 519.253.0337 > Cell: 519.791.9492 > ___________________________________________ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Nov 25 13:50:42 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:17 2006 Subject: Mailling List! Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would also like to offer up a home for the list. I'm sure we could fit this list on one of our mail servers. On Fri, 2005-11-25 at 13:22 +0000, Doug Hall wrote: I can provide the server for the list if you like -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Glenn Steen Sent: 23 November 2005 13:30 To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Test mail, please ignore On 23/11/05, Glenn Steen wrote: > As said, please ignore ... I'm just trying to see (with telnet) what's preventing my messages to go to the list...Sigh. > > -- Glenn > And now I know... Probably someone else have already mentioned this... Tempfail on kili.jiscmail.ac.uk ... Sigh. Since this is unlikely to reach the list I'll mail Jules too. Couldn't we move the list to something a bit more reliable? ("We" in this case would be Jules ... and possibly Mr Michele Neylon:) Transcript of communication with kili: # telnet kili.jiscmail.ac.uk 25 Trying 130.246.192.52... Connected to kili.jiscmail.ac.uk (130.246.192.52). Escape character is '^]'. 220 kili.jiscmail.ac.uk ESMTP JISCmail mailer; Wed, 23 Nov 2005 13:23:39 GMT EHLO aa.nn.se 250-kili.jiscmail.ac.uk Hello xxxx [xxxxxxxx], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL from: 452 4.4.5 Insufficient disk space; try again later quit 452 4.4.5 Insufficient disk space; try again later quit 221 2.0.0 kili.jiscmail.ac.uk closing connection Connection closed by foreign host. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ---------------------- This email including attachment/s is COMPANY CONFIDENTIAL and may contain PROPRIETARY or LEGALLY privileged information. It is intended only for use of the addressee(s). If an addressing or transmission error has misdirected this email, please notify the author by replying to this email. The contents of this e-mail are the views and opinions of the author only. If you are not the addressee or an intended recipient, you must not print, copy, amend, distribute or disclose it to anyone else or rely on the contents of this message, and you should permanently DELETE it. SANKYO PHARMA UK LTD does not accept responsibility for any unauthorised amendment which may be made to the contents of this e-mail following its dispatch. We make every effort to keep our network free from viruses. However, you need to check this email and any attachments for viruses as we can take no responsibility for any computer virus which may be transferred by this email. In any event the contents of this email shall be governed by the laws of England. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ___________________________________________ Wess Bechard Information Technology Manager eliquidMEDIA International Inc. Visit: www.eliquid.com Office: 519.973.1930 - 1.800.561.7525 Fax: 519.253.0337 Cell: 519.791.9492 ___________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Nov 25 15:00:58 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:17 2006 Subject: Zip Trojans Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > Actually, I simply need to be able to block all zip files containing > an exe, pif, etc. > Wess, In MailScanner.conf: Maximum Archive Depth = 3 (or any value greater than 0) In filename.rules.conf: deny\.exe$EXE files are dangerousEXE files are dangerous deny\.pif$PIF files are dangerousPIF files are dangerous Then restart MailScanner. Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Nov 25 15:06:47 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:17 2006 Subject: Mailling List! Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 25/11/05, Doug Hall wrote: > I can provide the server for the list if you like > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Glenn Steen > Sent: 23 November 2005 13:30 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Test mail, please ignore > > On 23/11/05, Glenn Steen wrote: > > As said, please ignore ... I'm just trying to see (with telnet) what's > preventing my messages to go to the list...Sigh. > > > > -- Glenn > > > And now I know... Probably someone else have already mentioned this... > Tempfail on kili.jiscmail.ac.uk ... Sigh. Since this is unlikely to > reach the list I'll mail Jules too. > > Couldn't we move the list to something a bit more reliable? ("We" in > this case would be Jules ... and possibly Mr Michele Neylon:) > > Transcript of communication with kili: > # telnet kili.jiscmail.ac.uk 25 > Trying 130.246.192.52... > Connected to kili.jiscmail.ac.uk (130.246.192.52). > Escape character is '^]'. > 220 kili.jiscmail.ac.uk ESMTP JISCmail mailer; Wed, 23 Nov 2005 13:23:39 > GMT EHLO aa.nn.se 250-kili.jiscmail.ac.uk Hello xxxx [xxxxxxxx], pleased > to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE > 250-DSN 250-ETRN 250-DELIVERBY 250 HELP MAIL > from: > 452 4.4.5 Insufficient disk space; try again later quit > 452 4.4.5 Insufficient disk space; try again later quit > 221 2.0.0 kili.jiscmail.ac.uk closing connection Connection closed by > foreign host. > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > Well, that took it's sweet time getting to the list. Just had a new rejection from the list (both fili and kili giving me a "connection refused"), probably from when they've restarted them... Or else they've decided to hate me for suggesting a move:-):-). Anyway, As I said in the initial mail, I CC:d Jules, who has been in contact with jisc about this. Without saying too much, there might be a hint of a possibility that things are looking to change for the list... Perhaps not a move, as such, but ... we'll see:). If you all feel like it, this would be a good spot to enumerate everything good/bad with the current list service... My #1 peeve is that it simply seems to be rather badly managed/administered... If they want to "set up and forget", they should at least monitor simple things (like disk usage) via SNMP or similar. Has someone been keeping count on the number of occasions the last year that it's been erratic/unavailable? (BTW thanks for offering an alternative home... I'm sure Julian will be very grateful, if it comes to that) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Nov 25 15:09:36 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:17 2006 Subject: Zip Trojans Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Got it. Apparently my cron daemon had decided to stop running freshclam :P. I am enabling the exe rule just in case. Thanks. On Fri, 2005-11-25 at 10:00 -0500, Denis Beauchemin wrote: Wess Bechard wrote: > Actually, I simply need to be able to block all zip files containing > an exe, pif, etc. > Wess, In MailScanner.conf: Maximum Archive Depth = 3 (or any value greater than 0) In filename.rules.conf: deny\.exe$EXE files are dangerousEXE files are dangerous deny\.pif$PIF files are dangerousPIF files are dangerous Then restart MailScanner. Denis ___________________________________________ Wess Bechard Information Technology Manager eliquidMEDIA International Inc. Visit: www.eliquid.com Office: 519.973.1930 - 1.800.561.7525 Fax: 519.253.0337 Cell: 519.791.9492 ___________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Nov 25 15:29:57 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:17 2006 Subject: any idea why this mail might still have got marked as spam? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 25/11/05, TAC Forums wrote: > > Are you sure that you're looking at the right address, the envelope > > sender? The From-address shown in your mail client is often something > > else than the actual address which MailScanner uses. > > Hi > > When you mean envelope sender, you mean return-path ... right? > > If yes, then both return-path and from address display that domain name. > Um, no. The "envelope sender" is the sender address as given in the SMTP conversation (MAIL FROM:"). It can, and often do, differ from what is given in the mail headers. Take a look at http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion for some examples of what the SMTP conversation might look like... Conversely, the envelope recipient(s) are given with the "RCPT TO:" line(s). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Nov 25 15:58:04 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:17 2006 Subject: Throughput Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 25/11/05, Wayne wrote: > Hey Guys, > > Im getting a throughput of around 35-40k messages per day max > The server is a dual p3 600Mhz with 1gig RAM > Max Children is set as 14.. > Running on Fedora Core 2 with postfix and clamav for antivirus > > Does this sound about right? Its barley keeping up with loads > And sometimes falls behind.. > Load averages are always between 3-7 > Do I need a new server or is there some way I can get more out of this one > with current hardware? > > Thanks, > Wayne > I'll chime in with the ones that tell you to do less to do more:-). During the last Sober outbreak, we avoided handling most by simply rejecting mails to non-existant user (as detailed here: http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users). Well, that's been in place for a while now (more than a year), and "saves" me from handling ... a lot of messages. I also employ some semi-harsh restrictions on how HELO/EHLO is done... I reject any non-fqdn and anyone pretending to be on my domain (works, since trusted clients, like our M-Sexchanger, are handled by a permit_mynetwork thing)... That coupled with some restrictions on senders and recipients (fqdn etc) make only really well-behaved virus and spam mails get through to MS. All it'll cost you is a little effort in configuring PF and getting hold of the existing user addresses (assuming you've not got anything like that setup already), and it might buy your machine some lifespan enhancement:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 25 16:04:58 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:17 2006 Subject: Throughput Message-ID: Wayne I presume you've been through this http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips but I'd say you pushing the limits of what the CPU's can do. My single 600mhz/512mb system I ran about a year ago would push 17k messages a day max (also ran mysql/mailwatch on the same server). Like mentioned before try reducing the number of messages by putting a filters to drop email at the MTA for non-existant users, I drop 66% of my inbound traffic that way!) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Wayne > Sent: 25 November 2005 12:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Throughput > > Hey Guys, > > Im getting a throughput of around 35-40k messages per day max > The server is a dual p3 600Mhz with 1gig RAM > Max Children is set as 14.. > Running on Fedora Core 2 with postfix and clamav for antivirus > > Does this sound about right? Its barley keeping up with loads > And sometimes falls behind.. > Load averages are always between 3-7 > Do I need a new server or is there some way I can get more out of this one > with current hardware? > > Thanks, > Wayne > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Fri Nov 25 16:05:21 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:17 2006 Subject: Throughput Message-ID: Do you use a local DNS cache? Are RBLS done at the MTA level, MailScanner level, or by spamassassin? If there are some you can reliably do before the mail gets to MailScanner, the less load. Do you spamcheck outgoing emails as well as incoming ones? There are some optimisation tips in the MAQ: http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Wayne > Sent: 25 November 2005 12:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Throughput > > Hey Guys, > > Im getting a throughput of around 35-40k messages per day max > The server is a dual p3 600Mhz with 1gig RAM Max Children is > set as 14.. > Running on Fedora Core 2 with postfix and clamav for antivirus > > Does this sound about right? Its barley keeping up with loads > And sometimes falls behind.. > Load averages are always between 3-7 > Do I need a new server or is there some way I can get more > out of this one with current hardware? > > Thanks, > Wayne > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 24 09:02:07 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:17 2006 Subject: Test mail, please ignore Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 23/11/05, Julian Field wrote: > > > Glenn Steen wrote: > (snip) > >Couldn't we move the list to something a bit more reliable? ("We" in > >this case would be Jules ... and possibly Mr Michele Neylon:) > > (snip) > > > I am investigating when their contract is up for renewal, this may all > solve itself very soon, and I don't want to move if it will solve itself > soon anyway. > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > Fair enough, we'll try to endure:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Fri Nov 25 17:14:50 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:17 2006 Subject: Anyone using F-Secure? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bates wrote on Fri, 25 Nov 2005 13:55:48 +0000: > Considering that in recent months F-Secure was the complete > opposite and double the detection rate of the other AVs, > I'm a bit surprised by this. No F-Secure here. I use Clamav and Bitdefender. They always hit at the same time it seems. There's only one thing where Clamav excells Bitdefender: Phishing. Maybe F-Secure doesn't cater for phishing? Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Fri Nov 25 17:34:17 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:17 2006 Subject: Zip Trojans Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wess Bechard wrote: > Got it. Apparently my cron daemon had decided to stop running freshclam :P. > > I am enabling the exe rule just in case. > > Thanks. MailScanner updates all configured anti-virus hourly, no need to run fresclam separately. However, it is a good idea, these times, to block on extensions, since a few virus create new variants almost everyday, so the chances that your AV signatures are not up to date are high... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Nov 25 17:55:32 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:17 2006 Subject: Zip Trojans Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just upgraded from a Janurary 05 release. I don't think the old version auto-updated... On Fri, 2005-11-25 at 12:34 -0500, Ugo Bellavance wrote: Wess Bechard wrote: > Got it. Apparently my cron daemon had decided to stop running freshclam :P. > > I am enabling the exe rule just in case. > > Thanks. MailScanner updates all configured anti-virus hourly, no need to run fresclam separately. However, it is a good idea, these times, to block on extensions, since a few virus create new variants almost everyday, so the chances that your AV signatures are not up to date are high... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ___________________________________________ Wess Bechard Information Technology Manager eliquidMEDIA International Inc. Visit: www.eliquid.com Office: 519.973.1930 - 1.800.561.7525 Fax: 519.253.0337 Cell: 519.791.9492 ___________________________________________ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 23 12:42:46 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:17 2006 Subject: clamavmodule Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 23/11/05, Rodney Green wrote: > Hello, > > With the recent Sober outbreak I have just noticed that ClamAV does not appear to be scanning. I'm using both bitdefender and ClamAV and bitdefender is listed as having detected the virus/worm but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. Any ideas why clam isn't scanning? > (snip) Nope, not a clue...:-) Using clamscan I've gotten all hits from clamav, bdc and mcafee... So any problem is perhaps due to the module(?)... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Fri Nov 25 21:03:14 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:17 2006 Subject: MailScanner on freebsd Message-ID: MailScanner is now working. 1- I modified the /etc/rc.conf file to load sendmail_enable="NO". 2- Modified the incoming_queue=/var/spool/mqueue located in /usr/local/etc/rc.d/mta.sh TO incoming_queue=/var/spool/mqueue.in 3- made sure /usr/local/etc/rc.d/mailscanner.sh loads on boot. Rebooted, and it works great so far. Now to test and fine tune. Thanks for everyones help, apppreciate it. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> Marc.Dufresne@PARKS.ON.CA 11/23/2005 1:14:08 PM >>> I have just reviewed this doc http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml I have verified that all directories have been created. Output /var/spool drwxr-x--- 4 root daemon 512 Oct 18 09:31 MailScanner drwxrwx--- 2 smmsp smmsp 512 Nov 23 10:35 clientmqueue drwxr-x--- 2 root daemon 1024 Nov 23 10:35 mqueue drwxr-x--- 5 root daemon 512 Nov 22 15:16 mqueue.in Output of /var/spool/MailScanner drwxr-x--- 7 root daemon 512 Nov 21 17:14 incoming drwxr-x--- 2 root daemon 512 Oct 18 09:31 quarantine According to the section "Change Commands that start Sendmail" Two sendmail processes are needed in order for MailScanner and sendmail to function. On FreeBSD 5.4, sendmail on boot up is loading by /etc/rc.sendmail with defaults specified under /etc/defaults/rc.conf. In order to have two sendmail processes load at startup, would I have to modify the /etc/rc.conf to override sendmail defaults by adding: #Modified /etc/rc.conf would have these lines. #This would take care of the first sendmail process. sendmail_enable="YES" sendmail_flags="-L sm-mta -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in" #Startup second sendmail process points to /var/spool/mqueue /usr/sbin/sendmail -L sm-mta -bd -q15m Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> Marc.Dufresne@PARKS.ON.CA 11/21/2005 7:08 PM >>> Sendmail is working!!!! I had to modify the DAEMON_OPTIONS in my mc file in order to have sendmail listen on any address (0.0.0.0) instead of just my public address. Recompiled sendmail, then it worked. Issuing a sendmail -v root >> Marc.Dufresne@PARKS.ON.CA 11/21/2005 12:18 pm >>> No sendmail -v root >> brent.bolin@GMAIL.COM 11/21/2005 11:57 AM >>> Don't go there yet!. Is sendmail working ? sendmail -v root wrote: > > I found this doc > http://www.sng.ecs.soton.ac.uk/mailscanner/install/sendmail.shtml > > Sendmail.cf incoming QueueDirectory is setup to > /var/spool/mqueue. > Are these the right permissions? > > Here is the output from ls -l /var/spool > > drwxr-xr-x 4 root daemon 512 Oct 18 09:31 MailScanner > drwxrwx--- 2 smmsp smmsp 52736 Nov 21 11:40 clientmqueue > drwxr-x--- 2 root wheel 512 Nov 21 11:40 mqueue > drwxr-x--- 2 root wheel 512 Oct 24 15:16 mqueue.in > > MailScanner.conf is setup as > > Incoming Queue Dir = /var/spool/mqueue > Outgoing Queue Dir = /var/spool/mqueue > > # Set where to unpack incoming messages before scanning them > Incoming Work Dir = /var/spool/MailScanner/incoming > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 12 root daemon 512 Nov 21 11:16 incoming > > # Set where to store infected and message attachments > Quarantine Dir = /var/spool/MailScanner/quarantine > > Here is output ls -l /var/spool/MailScanner > drwxr-xr-x 2 root daemon 512 Oct 18 09:31 quarantine > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > >>> brent.bolin@GMAIL.COM 11/21/2005 11:26 AM >>> > Don't care about private discussions. The list exiled me when I called > someone a "Dipswitch". > > Pretty harsh words ya think ? > > Do you show this? > > # ps auxwww|grep sendmail > root 36220 0.0 0.3 3500 2640 ?? Ss 9:59AM 0:00.03 sendmail: accepting > connections (sendmail) > root 36223 0.0 0.3 3500 2624 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/mqueue (sendmail) > smmsp 36227 0.0 0.2 3368 2520 ?? Is 9:59AM 0:00.00 sendmail: Queue > runner@00:15:00 > for /var/spool/clientmqueue (sendmail) > root 36419 0.0 0.1 1448 848 p0 S+ 10:16AM 0:00.00 grep sendmail > > Sounds to me like your sendmail submit isn't running. > > Also attaching a valid submit.cf > file > > Make sure your using both the sendmail.cf < > http://sendmail.cf> and > submit > files I'm sending you. > > > On 11/21/05, Marc Dufresne wrote: > > > > My apologies for the private discussions. Didn't realize I posted to > the > > forum. > > > > Sendmail is running on port 25. Sendmail is acting as a Relay for my > > domain. I have no problem sending/receiving internet e-mail. The two > > problems I am having are: > > > > 1- MailScanner doesn't seem to be scanning inbound mail. > > > > 2- local mail sent to root and postmaster is not being delivered. > The > > /var/spool/clientmqueue is backing up with e-mails sent to root and > > postmaster. > > > > Here's what /var/spool/maillog is saying > > > > mail sm-msp-queue[1655]: i24AKJeL005105: to=postmaster, > > delay=10:33:28, > > xdelay=00:00:00, mailer=relay, pri=1023910, > relay=[127.0.0.1 > > ], > > dsn=4.0.0, stat=Deferred: Connection refused by > [127.0.0.1 > > ] > > > > I issued the command sendmail -v root I'm > > receiving. > > > > root....connecting to [127.0.0.1 ] > via relay > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > I have modified my /etc/mail/access to reflect > > > > 127.0.0.1 RELAY > > localhost.localdomain RELAY > > localhost RELAY > > > > Issued a makemap hash /etc/mail/access.db < /etc/mail/access. > Restarted > > sendmail and still receive the Connection Refused error. > > > > Any ideas? > > > > I want to fix problem 2 first, eliminating the connection refused > > errors. Then I want to move onto the MailScanner problem. > > > > > > Marc Dufresne, Corporate IT Officer > > St. Lawrence Parks Commission > > 13740 County Road 2 > > Morrisburg, ON K0C 1X0 > > > > E-mail: Marc.Dufresne@parks.on.ca > > Voice: 613-543-3704 Ext#2455 > > Fax: 613-543-2847 > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > >>> ugob@CAMO-ROUTE.COM 11/21/2005 9:17 AM >>> > > Marc Dufresne wrote: > > > Couldn't download any of your sample files. None of the links to > > your > > > files work. > > > > Looking a the links, I'm not surprised. > > > > The way you are quoting is making it very hard to follow. Please > avoid > > > > having private discussions while using a public mailing list and > don't > > > > top-post. > > > > > > > > From the command line, if I issue sendmail -v root > > I receive this error, > > > > > > root....connecting to [127.0.0.1 ] > via relay > > > root....Deferred: Connection refused by [127.0.0.1 > ] > > > > Is sendmail running? > > > > On what port/IP is it running on? > > > > > > > > What files do I need to modify under /etc/mail? > > > > > > > Are you familiar with Sendmail or other MTAs? > > > > Regards, > > > > Ugo > > > > > > > > Marc Dufresne, Corporate IT Officer > > > St. Lawrence Parks Commission > > > 13740 County Road 2 > > > Morrisburg, ON K0C 1X0 > > > > > > E-mail: Marc.Dufresne@parks.on.ca > > > Voice: 613-543-3704 Ext#2455 > > > Fax: 613-543-2847 > > > Corporate website: www.parks.on.ca < > http://www.parks.on.ca> > > > > > >>>> BB 11/20/2005 9:38 PM >>> > > > Marc, > > > > > > I have attached working sendmail.mc < > http://sendmail.mc> < > > http://sendmail.mc> and > > > sendmail.cf < > http://sendmail.cf>files along > with > > /etc/rc.conf > > startup. > > > There are a number of things in the > > > rc.conf that you don't need just use the sendmail portion for > > examples. > > > BTW > > > /etc/defaults/rc.conf show examples and are used if /etc/rc.conf > > does > > > not > > > exist. /etc/rc.conf will override /etc/defaults/rc.conf. > > > > > > The first thing is to get a working copy of sendmail running. Make > > > your > > > edits to /etc/rc.conf with the examples sent. > > > > > > Copy sendmail.cf < > http://sendmail.cf> > /etc/mail > > > > > > Verify no sendmail processes are running and if they are kill the > > pid > > > of > > > them. Verify again they are gone. > > > > > > Run "sh /etc/rc.sendmail start" . No quotes. This should start > > > sendmail. > > > Send your self a test message from the MTA level - > > > > > > sendmail -v root > > > > > This should send a test mesage to root with no subject and > > undisclosed > > > recipients. Thats fine all we want to know is if sendmail is > > running. > > > Its > > > also a good test to check the header files. > > > > > > If its working thats great, move on to MailScanner. I've included > a > > > working > > > copy of a mailscanner.conf file. There are some things configured > > that > > > you > > > might not be using, but all the directores are in place and are > set > > to > > > defaults. > > > > > > Virus scanners set to none if not using (I'm using three) > > > Spamassassin set to no if not using (I'm using 3.1.0_3) > > > Uncomment the whitlist and blacklist file rules, I'm using > > > SQLblacklist/whitelists > > > > > > I've included another file called directories.needed. Just run, it > > > will > > > create them if they don't exist > > > > > > This should be enough to get you going. Remember you need to get > > > sendmail > > > running first. I didn't or never have used the Makefile included > > with > > > the > > > distribution. I use the m4 macro on the configuration file *.mc or > > just > > > use > > > webmin. Its in the ports or can be downloaded from > > > webmin.com > > > . > > > > > > It does not make sense to me why sendmail is running if it is > marked > > > to > > > "NONE". If that dosen't do it mark the first instance with NONE > and > > all > > > the > > > others with NO > > > > > > BTW: There is also a nice webmin modual for MailScanner. Once > setup > > > things > > > don't change much other then whitelists/blacklists. The latest > > version > > > of > > > mailwatch can do this hence > > > > > > Is Definitely Not Spam = &SQLWhitelist > > > Is Definitely Spam = &SQLBlacklist > > > > > > > > > Hang on for the ride... > > > > > > > > > > > > On 11/20/05, Marc Dufresne wrote: > > >> I am going to explain my understanding of the MailScanner setup. > > > Please > > >> reveiw and let me know if I'm understanding this correctly? > > >> > > >> When MailScanner.conf is configured, the following parameters > > should > > > be > > >> set if I'm using sendmail on FreeBSD 5.4: > > >> > > >> #MTA used for the Gateway > > >> MTA=sendmail > > >> > > >> #Set how to invoke MTA when sending messages MailScanner has > > created > > >> (e.g. to sender/recipient saying "found a virus in your > message"). > > > This > > >> can also be the filename of a ruleset. > > >> sendmail=/usr/sbin/sendmail > > >> > > >> #Incoming mail queue directory for Sendmail > > >> Incoming Queue Directory=/var/spool/mqueue > > >> > > >> #Outgoing mail queue directory for Sendmail > > >> Outgoing Queue Directory=/var/spool/mqueue > > >> > > >> #Incoming Queue Directory for MailScanner > > >> /var/spool/MailScanner/incoming > > >> > > >> #Quarantine Directory for MailScanner > > >> /var/spool/MailScanner/quaratine > > >> > > >> System Startup should be as follows: > > >> > > >> 1) #Disable sendmail from loading at system startup > > >> modify /etc/rc.conf to disable sendmail load > > >> > > >> > > > > > > > > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html > > > > > > > > >> > > >> Section 23.4.2.3 > FreeBSD > 5.0-STABLEand Later > > >> > > >> /etc/rc.conf > > >> > > >> sendmail_enable="NO" > > >> sendmail_submit_enable="NO" > > >> sendmail_outbound_enable="NO" > > >> sendmail_msp_queue_enable="NO" > > >> > > >> 2) #Load MailScanner at system startup. > > >> #Make sure mailscanner.sh file is located under > /usr/local/etc/rc.d > > >> in order to load MailScannner process at startup. Mailscanner.sh > > > should > > >> invoke sendmail and mailscanner process to start > > scanning/delivering > > >> mail. > > >> > > >> /usr/local/etc/rc.d/mailscanner.sh > > >> _________________________________ > > >> > > >> First Problem > > >> > > >> I cannot disable sendmail on bootup on FreeBSD 5.4!!!! I tried > > >> everything. Sendmail still loads at startup??????? > > >> > > >> Second Problem > > >> > > >> Once system is completly loaded and sitting at the login prompt, > I > > >> receive an error > > >> NOQUEUE:SYSERROR(root):opendaemon socket:daeomon IPv4:cannot bind > > >> address already in use > > >> > > >> I login, and run ps -ax (This is what I see) > > >> > > >> 375 ?? Ss 0:00.07 sendmail: accepting connections (sendmail) > > >> 379 ?? Is 0:00.00 sendmail: Queue runner@00:30:00 for > > >> /var/spool/client > > >> > > >> 426 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/mqueue > > >> 430 ?? Is 0:00.01 sendmail: Queue runner@00:15:00 for > > >> /var/spool/client > > >> > > >> 613 ?? Ss 0:00.02 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local 614 ?? S 0:02.33 /usr/bin/perl > > >> -I/usr/local/lib/MailScanner /usr/local > > >> 627 ?? S 0:02.19 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 630 ?? S 0:02.15 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 635 ?? S 0:02.17 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> 636 ?? S 0:00.11 /usr/bin/perl -I/usr/local/lib/MailScanner > > >> /usr/local > > >> > > >> Third Problem > > >> > > >> I run tail -f /var/log/maillog > > >> > > >> I will send test e-mails from the outside and watch sendmail > > receive > > >> and process incoming mail. Everyone receives e-mails from the > > > outside, > > >> but mailscanner does not scan any messages. > > >> > > >> I will issue a mailq to view /var/spool/mqueue directory. > Directory > > > is > > >> always empty. > > >> > > >> I'm completely stumped here as to why Sendmail refuses to disable > > at > > >> startup and MailScanner refuses to scan e-mail messages!!!!! > > >> > > >> Any ideas???? > > >> > > >> > > >> Marc Dufresne, Corporate IT Officer > > >> St. Lawrence Parks Commission > > >> 13740 County Road 2 > > >> Morrisburg, ON K0C 1X0 > > >> > > >> E-mail: Marc.Dufresne@parks.on.ca > > >> Voice: 613-543-3704 Ext#2455 > > >> Fax: 613-543-2847 > > >> Corporate website: www.parks.on.ca < > http://www.parks.on.ca> < > > http://www.parks.on.ca> > > >> > > >>>>> BB 11/19/2005 12:38 AM >>> > > >> Don't know if they ever got the list fixed for my replies, so I'm > > > doing > > >> it > > >> direct and through the list. > > >> > > >> Change /etc/rc.conf or /etc/defaults/rc.conf > > >> sendmail_enable=NONE > > >> > > >> Verify mailscanner is starting up with > > > /usr/local/etc/rc.d/mailscanner > > >> .sh > > >> > > >> Think you need to manually create some of the directores. Verify > > >> MailScanner.conf for directories. > > >> > > >> tail -f /var/log/maillog will show you the details > > >> > > >> The only reason to rebuild sendmail.cf < > http://sendmail.cf> < > > http://sendmail.cf> > > > > >>> is to > > >> remove > > >> IPv6 stuff. I would use m4 macro for that. Webmin would be a good > > >> choice to > > >> use. > > >> > > >> # SMTP daemon options > > >> > > >> O DaemonPortOptions=Name=IPv4, Family=inet > > >> O DaemonPortOptions=Name=IPv6, Family=inet6, Modifiers=O > > >> O DaemonPortOptions=Port=587, Name=MSA, M=E > > >> > > >> > > >> -- > > >> ACK and you shall receive > > >> > > >> > > >> > > > > > > > > > -- > > > ACK and you shall receive > > > > > > ------------------------ MailScanner list ------------------------ > > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > > 'leave mailscanner' in the body of the email. > > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > BEGIN:VCARD > > > VERSION:2.1 > > > X-GWTYPE:USER > > > FN:Marc Dufresne > > > TEL;WORK:613-543-3704 > > > ORG:;Information Technology > > > TEL;PREF;FAX:613-543-2847 > > > EMAIL;WORK;PREF;NGW:Marc.Dufresne@parks.on.ca > > > N:Dufresne;Marc > > > TITLE:Corporate IT Officer > > > END:VCARD > > > > > > > > > -- > > Ugo > > > > -> Please don't send a copy of your reply by e-mail. I read the > list. > > -> Please avoid top-posting, long signatures and HTML, and cut the > > irrelevant parts in your replies. > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > > -- > ACK and you shall receive > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > -- ACK and you shall receive ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From nerijus at USERS.SOURCEFORGE.NET Fri Nov 25 21:54:46 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:17 2006 Subject: Time::HiRes for MessageBatch timing Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, if/when you do it, you could do it like spamassassin does - uses Time::HiRes only when it is available. From SA INSTALL: - Time::HiRes (from CPAN) If this module is installed, the processing times are logged/reported more precisely. Nerijus On Thu, 24 Nov 2005 10:03:00 +0000 Julian Field wrote: > This just didn't happen as I haven't had the time to add a whole new > Perl module to the MailScanner distribution. > > On 4 Nov 2005, at 16:27, Jeff A. Earickson wrote: > > > Julian, > > > > Per my recent request for batch timing in the logs, please > > look at my suggested changes for MessageBatch.pm (attached, > > against 4.47.4). My changes have NOT been tested at all, so I > > don't know if this will work. The changes: > > > > * added Time::HiRes for timing the start and end timing on > > a batch of messages. > > > > * changed output of information in EndBatch from integer > > to float > > > > * Added a "Batch Completed in x.x seconds" syslog, even if > > "Log Speed" is not turned on in the config file. > > > > Please see if my idea makes sense. Since HighRes is required > > for SpamAssassin, why not use it here too to give better info? > > > > Jeff Earickson > > Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From slewis at COMPLAW.COM Sat Nov 26 15:59:33 2005 From: slewis at COMPLAW.COM (Sam Lewis) Date: Thu Jan 12 21:31:17 2006 Subject: phishing whitelist not loading Message-ID: I just upgraded to MailScanner-4.47.4-2 on CentOS and Redhat systems. The upgrade went fine, and everything seems to be working except for one minor issue. While all systems have managed to load (and update daily) the phishing.safe.sites.conf file, two of my systems refuse to read it. When MailScanner starts on those systems, I get the message in the maillog that MailScanner read 0 hostnames from the phishing whitelist. Any idea why some machines would read this file just fine, and others would not? Any suggestions for debugging this? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Sat Nov 26 16:13:06 2005 From: smhickel at CHARTERMI.NET (smhickel) Date: Thu Jan 12 21:31:17 2006 Subject: foobar intall or what? Message-ID: Boy, did I ever mess this one up. Any thoughts? Steve service MailScanner start Starting MailScanner daemons: MailScanner: Can't locate IO/Socket/INET.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner) at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/IO/Socket.pm line 21. Compilation failed in require at (eval 9) line 5. at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749 BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Compilation failed in require at /usr/sbin/MailScanner line 65. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. [ OK ] [root@mailscan mailscanner]# service MailScanner restart Shutting down MailScanner daemons: MailScanner: head: /usr/mailscanner/var/MailScanner.pid: No such file or directory [FAILED] Starting MailScanner daemons: MailScanner: Can't locate IO/Socket/INET.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . /usr/lib/MailScanner) at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/IO/Socket.pm line 21. Compilation failed in require at (eval 9) line 5. at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749 BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749. Compilation failed in require at /usr/sbin/MailScanner line 65. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. [ OK ] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 26 16:13:39 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:17 2006 Subject: phishing whitelist not loading Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Have you compared the permissions and ownership of the file? I can't remember quite when it reads that file, but it may well be after it has changed uid to the "Run As User". Are you sure it is even reading your MailScaner.conf? I have known that before and people have not actually noticed :-) Sam Lewis wrote: > I just upgraded to MailScanner-4.47.4-2 on CentOS and Redhat > systems. The upgrade went fine, and everything seems to be working > except for one minor issue. While all systems have managed to load > (and update daily) the phishing.safe.sites.conf file, two of my > systems refuse to read it. When MailScanner starts on those systems, > I get the message in the maillog that MailScanner read 0 hostnames > from the phishing whitelist. > > Any idea why some machines would read this file just fine, and others > would not? Any suggestions for debugging this? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Sat Nov 26 16:16:55 2005 From: smhickel at CHARTERMI.NET (smhickel) Date: Thu Jan 12 21:31:17 2006 Subject: Spamassassin messed up too, won't install with new script for clamav and spamassasin 3.10?? Message-ID: I installed the clamav and spamassassin 3.1 script and all went well for clamav and most perl modules. It complained about DNS modue being older than .46 even though it was .49 and it also had errors compiling spamassassin itself. It said that it wasn’t installed even though it installed it, it said. It said to fix that. I noted perl errors but failed to capture them. Thoughts? Running Centos 4.2. Thanks, Steve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Sat Nov 26 16:19:16 2005 From: smhickel at CHARTERMI.NET (smhickel) Date: Thu Jan 12 21:31:17 2006 Subject: Spamassassin messed up too, won't install with new script for clamav and spamassasin 3.10?? Message-ID: Sorry, I did have the errors: /usr/bin/perl version.h.pl version.h.pl: creating version.h spamc/configure.pl: version.h.pl: Failed to get the version from Mail::SpamAssassin. Please use the --with-version= switch to specify it manually. The error was: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: version.h.pl: Can't locate IO/Socket/INET.pm in @INC (@INC contains: ../lib /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl .) at /usr/lib/perl5/5.8.0/i386-linux-thread-multi/IO/Socket.pm line 21. Compilation failed in require at ../lib/Mail/SpamAssassin/Dns.pm line 26. BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin/Dns.pm line 26. Compilation failed in require at ../lib/Mail/SpamAssassin/EvalTests.pm line 27. BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin/EvalTests.pm line 27. Compilation failed in require at ../lib/Mail/SpamAssassin/PerMsgStatus.pm line 55. BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin/PerMsgStatus.pm line 55. Compilation failed in require at ../lib/Mail/SpamAssassin.pm line 71. BEGIN failed--compilation aborted at ../lib/Mail/SpamAssassin.pm line 71. Compilation failed in require at version.h.pl line 27. make: *** [spamc/Makefile] Error 2 Setting a soft-link from spam.assassin.prefs.conf into the SpamAssassin site rules directory. spam.assassin.prefs.conf is read directly by the SpamAssassin startup code, so make sure you have a link from the site_rules directory to this file in your MailScanner/etc directory. Perl could not find your SpamAssassin installation. Strange, I just installed it. You should fix this! Now go and edit the file /etc/mail/spamassassin/init.pre You need to uncomment (remove the #) the loadplugin lines for DCC and Razor2. I am adding 3 more loadplugin lines to init.pre to add the missing plugins for RelayCountry, SPF and URIDNSBL. -----Original Message----- From: smhickel [mailto:smhickel@chartermi.net] Sent: Saturday, November 26, 2005 11:17 AM To: 'MAILSCANNER@JISCMAIL.AC.UK' Subject: Spamassassin messed up too, won't install with new script for clamav and spamassasin 3.10?? I installed the clamav and spamassassin 3.1 script and all went well for clamav and most perl modules. It complained about DNS modue being older than .46 even though it was .49 and it also had errors compiling spamassassin itself. It said that it wasn’t installed even though it installed it, it said. It said to fix that. I noted perl errors but failed to capture them. Thoughts? Running Centos 4.2. Thanks, Steve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 26 16:20:19 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:17 2006 Subject: foobar intall or what? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Did your OS install include all the Perl modules? But the basic perl package should have included this file. Do a "locate INET.pm" command. You should get something list /usr/lib/perl5/5.8.5/IO/Socket/INET.pm Then do rpm -q --verify perl and check that the RPM installation of perl hasn't become corrupted. You should only get a couple of lines of output or thereabouts. smhickel wrote: > Boy, did I ever mess this one up. Any thoughts? > > > > Steve > > > > service MailScanner start > > Starting MailScanner daemons: > > MailScanner: Can't locate IO/Socket/INET.pm in @INC > (@INC contains: /usr/lib/MailScanner > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanner) at > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/IO/Socket.pm line 21. > > Compilation failed in require at (eval 9) line 5. > > at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749 > > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > > Compilation failed in require at /usr/sbin/MailScanner line 65. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. > > [ OK ] > > [root@mailscan mailscanner]# service MailScanner restart > > Shutting down MailScanner daemons: > > MailScanner: head: > /usr/mailscanner/var/MailScanner.pid: No such file or directory > > [FAILED] > > Starting MailScanner daemons: > > MailScanner: Can't locate IO/Socket/INET.pm in @INC > (@INC contains: /usr/lib/MailScanner > /usr/lib/perl5/5.8.0/i386-linux-thread-multi /usr/lib/perl5/5.8.0 > /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanner) at > /usr/lib/perl5/5.8.0/i386-linux-thread-multi/IO/Socket.pm line 21. > > Compilation failed in require at (eval 9) line 5. > > at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749 > > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > > Compilation failed in require at /usr/sbin/MailScanner line 65. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. > > [ OK ] > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Sat Nov 26 16:21:47 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:17 2006 Subject: foobar intall or what? Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of smhickel > Sent: Saturday, November 26, 2005 11:13 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: foobar intall or what? > > Boy, did I ever mess this one up. Any thoughts? > > > > Steve > > > > service MailScanner start > > Starting MailScanner daemons: > > MailScanner: Can't locate IO/Socket/INET.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread- > multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux- > thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanner) at /usr/lib/perl5/5.8.0/i386-linux-thread- > multi/IO/Socket.pm line 21. > > Compilation failed in require at (eval 9) line 5. > > at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749 > > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > > Compilation failed in require at /usr/sbin/MailScanner line 65. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. > > [ OK ] > > [root@mailscan mailscanner]# service MailScanner restart > > Shutting down MailScanner daemons: > > MailScanner: head: /usr/mailscanner/var/MailScanner.pid: No > such file or directory > > [FAILED] > > Starting MailScanner daemons: > > MailScanner: Can't locate IO/Socket/INET.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/lib/perl5/5.8.0/i386-linux-thread- > multi /usr/lib/perl5/5.8.0 /usr/lib/perl5/site_perl/5.8.0/i386-linux- > thread-multi /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl > /usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi > /usr/lib/perl5/vendor_perl/5.8.0 /usr/lib/perl5/vendor_perl . > /usr/lib/MailScanner) at /usr/lib/perl5/5.8.0/i386-linux-thread- > multi/IO/Socket.pm line 21. > > Compilation failed in require at (eval 9) line 5. > > at /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749 > > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/CustomConfig.pm line 749. > > Compilation failed in require at /usr/sbin/MailScanner line 65. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. > > [ OK ] It's telling you that MailScanner can't load the perl module IO::Socket. Try installing IO:Socket. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yossimor at HOTMAIL.COM Sat Nov 26 19:20:31 2005 From: yossimor at HOTMAIL.COM (Yossi Mor) Date: Thu Jan 12 21:31:17 2006 Subject: VIP list Message-ID: Hi forum, I am running MS version 4.38-10 and i am wonder if it is possible to define a "VIP list" of trusted senders /recipients so MS will exclude them from any king of testing: spam , virus, pishing, attachment blocking etc. I have read several posts in the past but did not find any comprehensive answer for that issue (for example in order to skip spam test i should modify the spam with list, but this in not enough). Regards, Yossi Mor ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 26 20:04:21 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:17 2006 Subject: VIP list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yossi Mor wrote: > Hi forum, > > I am running MS version 4.38-10 and i am wonder if it is possible to > define a "VIP list" of trusted senders /recipients so MS will exclude them > from any king of testing: spam , virus, pishing, attachment blocking etc. > > I have read several posts in the past but did not find any comprehensive > answer for that issue (for example in order to skip spam test i should > modify the spam with list, but this in not enough). > > Regards, > > Yossi Mor > Using a ruleset for the "Scan Messages = " setting will give you exactly what you are looking for. Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From maillists at CONACTIVE.COM Sat Nov 26 21:31:22 2005 From: maillists at CONACTIVE.COM (Kai Schaetzl) Date: Thu Jan 12 21:31:17 2006 Subject: Spamassassin messed up too, won't install with new script for clamav and spamassasin 3.10?? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Smhickel wrote on Sat, 26 Nov 2005 11:19:16 -0500: > Can't locate IO/Socket/INET.pm It's just the same as the other one. AS has been said, verify your Perl installation. BTW: I think CentOS contains both SA and ClamAV, just not the latest. Kai -- Kai Schätzl, Berlin, Germany Get your web at Conactive Internet Services: http://www.conactive.com IE-Center: http://ie5.de & http://msie.winware.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 26 23:21:09 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:17 2006 Subject: Ruleset tester Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I just got an idea. I know Julian is busy, but I was wondering if it would be possible to eventually create an interactive script, that would ask for the From:, the To:, and would output the result of all the actions. It would be easier to test rulesets this way. Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smhickel at CHARTERMI.NET Sun Nov 27 17:20:50 2005 From: smhickel at CHARTERMI.NET (smhickel) Date: Thu Jan 12 21:31:17 2006 Subject: After having reinstalled perl and mailscanner, I get these errors? Message-ID: Not sure what is really going on. Had issues removing perl 5.8.0 as I had installed perl 5.8.7 without doing make distclean. So, I am not sure if I should just rebuild this box from scratch or if there is a way to recover. Thoughts? Steve PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t t/test....Can't locate IO/Wrap.pm in @INC (@INC contains: /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/lib /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/arch /usr/local/lib/perl5/5.8.7/i686-linux /usr/local/lib/perl5/5.8.7 /usr/local/lib/perl5/site_perl/5.8.7/i686-linux /usr/local/lib/perl5/site_perl/5.8.7 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/vendor_perl/5.8.7/i686-linux /usr/local/lib/perl5/vendor_perl/5.8.7 /usr/local/lib/perl5/vendor_perl /usr/bin .) at /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/lib/Convert/TNEF.pm line 26. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/lib/Convert/TNEF.pm line 26. Compilation failed in require at t/test.t line 11. BEGIN failed--compilation aborted at t/test.t line 11. t/test....dubious Test returned status 2 (wstat 512, 0x200) DIED. FAILED tests 1-12 Failed 12/12 tests, 0.00% okay Failed Test Stat Wstat Total Fail Failed List of Failed ------------------------------------------------------------------------------- t/test.t 2 512 12 23 191.67% 1-12 Failed 1/1 test scripts, 0.00% okay. 12/12 subtests failed, 0.00% okay. make: *** [test_dynamic] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.6779 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.6779 (%build) /BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. BEGIN failed--compilation aborted at /usr/src/redhat/BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. Compilation failed in require at t/testUpdate.t line 11. BEGIN failed--compilation aborted at t/testUpdate.t line 11. t/testUpdate........dubious Test returned status 2 (wstat 512, 0x200) FAILED--5 test scripts could be run, alas--no output ever seen make: *** [test_dynamic] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.49408 (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.49408 (%build) And, Preparing... ########################################### [100%] package mailscanner-4.47.4-2 is already installed Please buy the MailScanner book from www.mailscanner.info! It is a very useful administration guide and introduction to MailScanner. All the proceeds go directly to making MailScanner a better supported package than it is today. [root@mailscan MailScanner-4.47.4-2]# service MailScanner start Starting MailScanner daemons: MailScanner: Can't locate Net/CIDR.pm in @INC (@INC contains: /usr/lib/MailScanner /usr/local/lib/perl5/5.8.7/i686-linux /usr/local/lib/perl5/5.8.7 /usr/local/lib/perl5/site_perl/5.8.7/i686-linux /usr/local/lib/perl5/site_perl/5.8.7 /usr/local/lib/perl5/site_perl /usr/local/lib/perl5/vendor_perl/5.8.7/i686-linux /usr/local/lib/perl5/vendor_perl/5.8.7 /usr/local/lib/perl5/vendor_perl /usr/bin . /usr/lib/MailScanner) at /usr/lib/MailScanner/MailScanner/Config.pm line 34. BEGIN failed--compilation aborted at /usr/lib/MailScanner/MailScanner/Config.pm line 34. Compilation failed in require at /usr/sbin/MailScanner line 64. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. [ OK ] ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Nov 27 17:39:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:17 2006 Subject: After having reinstalled perl and mailscanner, I get these errors? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Eek, that's a mess. Do /usr/bin/perl -v /usr/local/bin/perl -v You might need to set export PATH=/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin ./install.sh If that works, you will want to change the first line of /usr/sbin/MailScanner to #!/usr/local/bin/perl I don't guarantee that will make it all work, but it's worth a try. Have multiple versions of Perl on a box is asking for trouble if you don't know what you're doing well enough. (No insult intended) smhickel wrote: > Not sure what is really going on. Had issues removing perl 5.8.0 as I > had installed perl 5.8.7 without doing make distclean. So, I am not > sure if I should just rebuild this box from scratch or if there is a > way to recover. Thoughts? > > > > Steve > > > > PERL_DL_NONLAZY=1 /usr/bin/perl "-MExtUtils::Command::MM" "-e" > "test_harness(0, 'blib/lib', 'blib/arch')" t/*.t > > t/test....Can't locate IO/Wrap.pm in @INC (@INC contains: > /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/lib > /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/arch > /usr/local/lib/perl5/5.8.7/i686-linux /usr/local/lib/perl5/5.8.7 > /usr/local/lib/perl5/site_perl/5.8.7/i686-linux > /usr/local/lib/perl5/site_perl/5.8.7 /usr/local/lib/perl5/site_perl > /usr/local/lib/perl5/vendor_perl/5.8.7/i686-linux > /usr/local/lib/perl5/vendor_perl/5.8.7 > /usr/local/lib/perl5/vendor_perl /usr/bin .) at > /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/lib/Convert/TNEF.pm line 26. > > BEGIN failed--compilation aborted at > /usr/src/redhat/BUILD/Convert-TNEF-0.17/blib/lib/Convert/TNEF.pm line 26. > > Compilation failed in require at t/test.t line 11. > > BEGIN failed--compilation aborted at t/test.t line 11. > > t/test....dubious > > Test returned status 2 (wstat 512, 0x200) > > DIED. FAILED tests 1-12 > > Failed 12/12 tests, 0.00% okay > > Failed Test Stat Wstat Total Fail Failed List of Failed > > ------------------------------------------------------------------------------- > > t/test.t 2 512 12 23 191.67% 1-12 > > Failed 1/1 test scripts, 0.00% okay. 12/12 subtests failed, 0.00% okay. > > make: *** [test_dynamic] Error 2 > > error: Bad exit status from /var/tmp/rpm-tmp.6779 (%build) > > > > > > RPM build errors: > > Bad exit status from /var/tmp/rpm-tmp.6779 (%build) > > > > /BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. > > BEGIN failed--compilation aborted at > /usr/src/redhat/BUILD/Archive-Zip-1.14/blib/lib/Archive/Zip.pm line 24. > > Compilation failed in require at t/testUpdate.t line 11. > > BEGIN failed--compilation aborted at t/testUpdate.t line 11. > > t/testUpdate........dubious > > Test returned status 2 (wstat 512, 0x200) > > FAILED--5 test scripts could be run, alas--no output ever seen > > make: *** [test_dynamic] Error 2 > > error: Bad exit status from /var/tmp/rpm-tmp.49408 (%build) > > > > > > RPM build errors: > > Bad exit status from /var/tmp/rpm-tmp.49408 (%build) > > > > > > And, > > > > > > Preparing... > ########################################### [100%] > > package mailscanner-4.47.4-2 is already installed > > Please buy the MailScanner book from www.mailscanner.info! > > It is a very useful administration guide and introduction > > to MailScanner. All the proceeds go directly to making > > MailScanner a better supported package than it is today. > > > > [root@mailscan MailScanner-4.47.4-2]# service MailScanner start > > Starting MailScanner daemons: > > MailScanner: Can't locate Net/CIDR.pm in @INC (@INC > contains: /usr/lib/MailScanner /usr/local/lib/perl5/5.8.7/i686-linux > /usr/local/lib/perl5/5.8.7 > /usr/local/lib/perl5/site_perl/5.8.7/i686-linux > /usr/local/lib/perl5/site_perl/5.8.7 /usr/local/lib/perl5/site_perl > /usr/local/lib/perl5/vendor_perl/5.8.7/i686-linux > /usr/local/lib/perl5/vendor_perl/5.8.7 > /usr/local/lib/perl5/vendor_perl /usr/bin . /usr/lib/MailScanner) at > /usr/lib/MailScanner/MailScanner/Config.pm line 34. > > BEGIN failed--compilation aborted at > /usr/lib/MailScanner/MailScanner/Config.pm line 34. > > Compilation failed in require at /usr/sbin/MailScanner line 64. > > BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 64. > > [ OK ] > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Nov 27 18:42:45 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:17 2006 Subject: Test mail, please ignore Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] And my last posting took nearly an hour to get through their mailing list servers, on a Sunday night! If it takes an hour on a Sunday night, how long is it going to take tomorrow when things are rather more busy? Pretty poor performance. If you want to offer hosting for it, please don't flood the list with offers. It's easier if you send them off-list. And I have one favourite I would rather use, as they already host other sites for me (Blacknight Solutions) and I would rather keep it all together if possible as it makes my life easier. But feel free to send me offers of help anyway, they will all be noted in case Blacknight can't do it for any reason. Jiscmail's days are numbered... -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From slewis at COMPLAW.COM Sun Nov 27 20:36:23 2005 From: slewis at COMPLAW.COM (Sam Lewis) Date: Thu Jan 12 21:31:17 2006 Subject: phishing whitelist not loading Message-ID: Thanks for the suggestion. The problem, it seems, was far too simple. Somehow I ended up with an empty phishing.safe.sites.conf file in the /etc/MailScanner/rules directory and the MailScanner.conf file pointed to that file. When the updated phishing.safe.sites.conf file was downloaded via cron, it was placed in /etc/MailScanner. Will MailScanner try to create the phishing.safe.sites.conf file if none exists and the system is supposed to perform phishing scans? The only thing I can figure out is that on some systems, I forced the cron job to run so that an up-to-date phishing.safe.sites.conf file existed before the upgraded MailScanner was run for the first time, and on the problem systems, I did not. Regards, --Sam On Nov 26, 2005, at 11:13 AM, Julian Field wrote: > Have you compared the permissions and ownership of the file? I > can't remember quite when it reads that file, but it may well be > after it has changed uid to the "Run As User". Are you sure it is > even reading your MailScaner.conf? I have known that before and > people have not actually noticed :-) > > Sam Lewis wrote: > >> I just upgraded to MailScanner-4.47.4-2 on CentOS and Redhat >> systems. The upgrade went fine, and everything seems to be >> working except for one minor issue. While all systems have >> managed to load (and update daily) the phishing.safe.sites.conf >> file, two of my systems refuse to read it. When MailScanner >> starts on those systems, I get the message in the maillog that >> MailScanner read 0 hostnames from the phishing whitelist. >> >> Any idea why some machines would read this file just fine, and >> others would not? Any suggestions for debugging this? > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From juanrag at GMAIL.COM Sun Nov 27 21:01:16 2005 From: juanrag at GMAIL.COM ([ISO-8859-1] Juan Ramón Gonzalez) Date: Thu Jan 12 21:31:17 2006 Subject: config questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 1) How could be emails bigger than for example 10Mb been delivered without being filtered/scanned? We know about: Maximum Message Size = X but that option doesn't solve our needs (deliver with no filter/scan). 2) We have set at: filename.rules.conf delete+deny \.scr$ We want that kind of emails filtered would be deleted and not quarantined if we have "MailScanner.conf" Quarantine Infections = yes Any way to do it (delete if we have quarantine = yes)? Thank you. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From yossimor at HOTMAIL.COM Sun Nov 27 22:44:01 2005 From: yossimor at HOTMAIL.COM (Yossi Mor) Date: Thu Jan 12 21:31:17 2006 Subject: VIP list Message-ID: Thanks Ugo for the quick answer. What is the syntax of the ruleset for scan messages? Regards, Yossi ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sun Nov 27 22:56:12 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:17 2006 Subject: VIP list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yossi Mor wrote: > Thanks Ugo for the quick answer. > > What is the syntax of the ruleset for scan messages? > > Regards, > > Yossi > http://wiki.mailscanner.info/doku.php?id=maq Look for the section called "The most asked question", this will lead you to help about rulesets. I really encourage to read all this page... Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Mon Nov 28 07:48:18 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:31:17 2006 Subject: VIP list Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Yossi Mor wrote: > >> Hi forum, >> >> I am running MS version 4.38-10 and i am wonder if it is possible to >> define a "VIP list" of trusted senders /recipients so MS will exclude >> them from any king of testing: spam , virus, pishing, attachment >> blocking etc. >> >> I have read several posts in the past but did not find any >> comprehensive answer for that issue (for example in order to skip >> spam test i should modify the spam with list, but this in not enough). >> >> Regards, >> >> Yossi Mor >> > > Using a ruleset for the "Scan Messages = " setting will give you > exactly what you are looking for. > > Regards, > You can also use MailWatch and select what to scan at the domain and/or user level via the web based GUI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Mon Nov 28 10:45:26 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:17 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi All, I have read some posts in the list archive regarding phishing fraud detection and one in particular about a user who couldn't get the functionality working but there was no definitive answer so I thought I'd ask again. I have been unable to get phishing detection to trigger (insert highlight) with MS v 4.47.4 or the two previous stable releases. I have dangerous content scanning set to on and although originally had 'find phishing fraud" set to a ruleset, have also tried hard coding to '"yes" both with the same result. I have tried manually firing the phishing detection by sending hand coded html email from various external sources (not on phishing whitelist) with disparate text and URL links, and also copied examples from various "phishing sample" websites. The numeric phishing detection does also not seem to work with the most simple email I've compiled and sent containing the following entry http://www.test.net but MS lets them through without inserting the warning. The folloing entries appears in my MailScanner.conf Find Phishing Fraud = yes Also Find Numeric Phishing = yes Highlight Phishing Fraud = yes A copy of terminal output from MailScanner -v is included below in the hope that maybe I'm missing some HTML parser module which is required to do the phishing checks. Any help would be much appreciated. Tony. This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.47.4 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.01 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.23 Net::DNS 0.31 Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.19 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 28 10:56:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: Tony I'd try and trigger it manually, then run MS in Debug mode and see if you can spot anything awry...... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Tony Enderby > Sent: 28 November 2005 10:45 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Phishing problem. > > Hi All, > > I have read some posts in the list archive regarding phishing fraud > detection and one in particular about a user who couldn't get the > functionality working but there was no definitive answer so I thought I'd > ask again. > > I have been unable to get phishing detection to trigger (insert highlight) > with MS v 4.47.4 or the two previous stable releases. I have dangerous > content scanning set to on and although originally had 'find phishing > fraud" set to a ruleset, have also tried hard coding to '"yes" both with > the same result. > > I have tried manually firing the phishing detection by sending hand coded > html email from various external sources (not on phishing whitelist) with > disparate text and URL links, and also copied examples from various > "phishing sample" websites. The numeric phishing detection does also not > seem to work with the most simple email I've compiled and sent containing > the following entry http://www.test.net > but MS lets them through without inserting the warning. > > The folloing entries appears in my MailScanner.conf > > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Highlight Phishing Fraud = yes > > A copy of terminal output from MailScanner -v is included below in the > hope that maybe I'm missing some HTML parser module which is required to > do the phishing checks. > > Any help would be much appreciated. > > Tony. > > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.47.4 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.01 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000004 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.23 Net::DNS > 0.31 Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.19 URI > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 28 10:56:41 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: Tony I'd try and trigger it manually, then run MS in Debug mode and see if you can spot anything awry...... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Tony Enderby > Sent: 28 November 2005 10:45 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Phishing problem. > > Hi All, > > I have read some posts in the list archive regarding phishing fraud > detection and one in particular about a user who couldn't get the > functionality working but there was no definitive answer so I thought I'd > ask again. > > I have been unable to get phishing detection to trigger (insert highlight) > with MS v 4.47.4 or the two previous stable releases. I have dangerous > content scanning set to on and although originally had 'find phishing > fraud" set to a ruleset, have also tried hard coding to '"yes" both with > the same result. > > I have tried manually firing the phishing detection by sending hand coded > html email from various external sources (not on phishing whitelist) with > disparate text and URL links, and also copied examples from various > "phishing sample" websites. The numeric phishing detection does also not > seem to work with the most simple email I've compiled and sent containing > the following entry http://www.test.net > but MS lets them through without inserting the warning. > > The folloing entries appears in my MailScanner.conf > > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Highlight Phishing Fraud = yes > > A copy of terminal output from MailScanner -v is included below in the > hope that maybe I'm missing some HTML parser module which is required to > do the phishing checks. > > Any help would be much appreciated. > > Tony. > > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.47.4 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.01 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000004 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.23 Net::DNS > 0.31 Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.19 URI > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 28 11:00:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Try setting "Phishing Modify Subject = yes" in MailScanner.conf and let me know what happens. I have an idea of what it might be. At some point in the last month or 2, CVS "lost" an edit (CVS is the package that manages the source code tree). MessageBatch.pm was therefore missing a function. Upgrade to the latest beta and let me know what happens. This may well fix it. On 28 Nov 2005, at 10:45, Tony Enderby wrote: Hi All,   I have read some posts in the list archive regarding phishing fraud detection and one in particular about a user who couldn't get the functionality working but there was no definitive answer so I thought I'd ask again.   I have been unable to get phishing detection to trigger (insert highlight) with MS v 4.47.4 or the two previous stable releases.   I have dangerous content scanning set to on and although originally had 'find phishing fraud" set to a ruleset, have also tried hard coding to '"yes" both with the same result.   I have tried manually firing the phishing detection by sending hand coded html email from various external sources (not on phishing whitelist) with disparate text and URL links, and also copied examples from various "phishing sample" websites.  The numeric phishing detection does also not seem to work with the most simple email I've compiled and sent containing the following entry http://www.test.net but MS lets them through without inserting the warning.   The folloing entries appears in my MailScanner.conf   Find Phishing Fraud = yes Also Find Numeric Phishing = yes Highlight Phishing Fraud = yes   A copy of terminal output from MailScanner -v is included below in the hope that maybe I'm missing some HTML parser module which is required to do the phishing checks. Any help would be much appreciated.   Tony.   This is Perl version 5.008005 (5.8.5)   This is MailScanner version 4.47.4 Module versions are: 1.00    AnyDBM_File 1.14    Archive::Zip 1.03    Carp 1.119   Convert::BinHex 1.00    DirHandle 1.05    Fcntl 2.73    File::Basename 2.08    File::Copy 2.01    FileHandle 1.06    File::Path 0.14    File::Temp 1.29    HTML::Entities 3.45    HTML::Parser 2.30    HTML::TokeParser 1.21    IO 1.10    IO::File 1.123   IO::Pipe 1.50    Mail::Header 3.05    MIME::Base64 5.417   MIME::Decoder 5.417   MIME::Decoder::UU 5.417   MIME::Head 5.417   MIME::Parser 3.03    MIME::QuotedPrint 5.417   MIME::Tools 0.10    Net::CIDR 1.08    POSIX 1.77    Socket 0.05    Sys::Syslog 1.02    Time::localtime   Optional module versions are: 0.17    Convert::TNEF 1.809   DB_File 1.08    Digest 1.01    Digest::HMAC 2.33    Digest::MD5 2.01    Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004        Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.23    Net::DNS 0.31    Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42    Test::Harness 0.47    Test::Simple 1.95    Text::Balanced 1.19    URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From Peter.Bates at LSHTM.AC.UK Mon Nov 28 11:18:26 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:18 2006 Subject: Rejecting email with an informative message Message-ID: Hello all... I'm not sure which bit of MailScanner is best suited to this task, so apologies for asking here. We're getting complaints about a 'persistent offender' sending emails to a variety of recipients here, that said recipients want blocking. Normally I'd do this at the MTA, but the Postfix errors are more of the '550 No thanks' or '550 Please see http://blah/blah' order. The actual recipients would like to return a nicely formatted 'thanks, but no thanks' to this particular sender. What is the quickest way to do this in MailScanner, to deliver some custom message from the reports directory? Thanks. P.S. I know the sender could easily sign up with 101 different Hotmail addresses, but I'll cross that bridge when I come to it! ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Mon Nov 28 11:44:42 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Made the requested change to MailScanner.conf and then attempted to trigger with a well formed phish and the subject was not modified to insert (Fraud?) Would running MS in debug mode as Martin suggested be worthwhile? Tony. ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 28, 2005 10:00 PM Subject: Re: Phishing problem. Try setting "Phishing Modify Subject = yes" in MailScanner.conf and let me know what happens. I have an idea of what it might be. At some point in the last month or 2, CVS "lost" an edit (CVS is the package that manages the source code tree). MessageBatch.pm was therefore missing a function. Upgrade to the latest beta and let me know what happens. This may well fix it. On 28 Nov 2005, at 10:45, Tony Enderby wrote: Hi All, I have read some posts in the list archive regarding phishing fraud detection and one in particular about a user who couldn't get the functionality working but there was no definitive answer so I thought I'd ask again. I have been unable to get phishing detection to trigger (insert highlight) with MS v 4.47.4 or the two previous stable releases. I have dangerous content scanning set to on and although originally had 'find phishing fraud" set to a ruleset, have also tried hard coding to '"yes" both with the same result. I have tried manually firing the phishing detection by sending hand coded html email from various external sources (not on phishing whitelist) with disparate text and URL links, and also copied examples from various "phishing sample" websites. The numeric phishing detection does also not seem to work with the most simple email I've compiled and sent containing the following entry http://www.test.net but MS lets them through without inserting the warning. The folloing entries appears in my MailScanner.conf Find Phishing Fraud = yes Also Find Numeric Phishing = yes Highlight Phishing Fraud = yes A copy of terminal output from MailScanner -v is included below in the hope that maybe I'm missing some HTML parser module which is required to do the phishing checks. Any help would be much appreciated. Tony. This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.47.4 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.01 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.23 Net::DNS 0.31 Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.19 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Nov 28 11:49:36 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:18 2006 Subject: Rejecting email with an informative message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, November 28, 2005 11:18, Peter Bates wrote: > Hello all... > > I'm not sure which bit of MailScanner is best suited to this task, > so apologies for asking here. > > We're getting complaints about a 'persistent offender' sending > emails to a variety of recipients here, that said recipients want > blocking. > > Normally I'd do this at the MTA, but the Postfix errors are more of > the > '550 No thanks' or '550 Please see http://blah/blah' order. > > The actual recipients would like to return a nicely formatted > 'thanks, but no thanks' to this particular sender. > > What is the quickest way to do this in MailScanner, to deliver > some custom message from the reports directory? It is easier to do this from Postfix and will save you bandwidth as well. Just set up check_client_access under smtpd_client_restrictions (In main.cf) with something like not_wanted@nastysender.com reject Thanks but no thanks Don't forget to postmap this file and reload Postfix. Postfix will now 550 all mail from that e-mail address (Or you can use IP address, hostname, domain etc). More details can be found here http://www.postfix.org/postconf.5.html search for smtpd_client_restrictions HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 28 11:56:58 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, it's always worth trying. Certainly no reason not to. On 28 Nov 2005, at 11:44, Tony Enderby wrote: Julian,   Made the requested change to MailScanner.conf and then attempted to trigger with a well formed phish and the subject was not modified to insert (Fraud?)   Would running MS in debug mode as Martin suggested be worthwhile?   Tony. ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 28, 2005 10:00 PM Subject: Re: Phishing problem. Try setting "Phishing Modify Subject = yes" in MailScanner.conf and let me know what happens. I have an idea of what it might be. At some point in the last month or 2, CVS "lost" an edit (CVS is the package that manages the source code tree). MessageBatch.pm was therefore missing a function. Upgrade to the latest beta and let me know what happens. This may well fix it. On 28 Nov 2005, at 10:45, Tony Enderby wrote: Hi All,   I have read some posts in the list archive regarding phishing fraud detection and one in particular about a user who couldn't get the functionality working but there was no definitive answer so I thought I'd ask again.   I have been unable to get phishing detection to trigger (insert highlight) with MS v 4.47.4 or the two previous stable releases.   I have dangerous content scanning set to on and although originally had 'find phishing fraud" set to a ruleset, have also tried hard coding to '"yes" both with the same result.   I have tried manually firing the phishing detection by sending hand coded html email from various external sources (not on phishing whitelist) with disparate text and URL links, and also copied examples from various "phishing sample" websites.  The numeric phishing detection does also not seem to work with the most simple email I've compiled and sent containing the following entry http://www.test.net but MS lets them through without inserting the warning.   The folloing entries appears in my MailScanner.conf   Find Phishing Fraud = yes Also Find Numeric Phishing = yes Highlight Phishing Fraud = yes   A copy of terminal output from MailScanner -v is included below in the hope that maybe I'm missing some HTML parser module which is required to do the phishing checks. Any help would be much appreciated.   Tony.   This is Perl version 5.008005 (5.8.5)   This is MailScanner version 4.47.4 Module versions are: 1.00    AnyDBM_File 1.14    Archive::Zip 1.03    Carp 1.119   Convert::BinHex 1.00    DirHandle 1.05    Fcntl 2.73    File::Basename 2.08    File::Copy 2.01    FileHandle 1.06    File::Path 0.14    File::Temp 1.29    HTML::Entities 3.45    HTML::Parser 2.30    HTML::TokeParser 1.21    IO 1.10    IO::File 1.123   IO::Pipe 1.50    Mail::Header 3.05    MIME::Base64 5.417   MIME::Decoder 5.417   MIME::Decoder::UU 5.417   MIME::Head 5.417   MIME::Parser 3.03    MIME::QuotedPrint 5.417   MIME::Tools 0.10    Net::CIDR 1.08    POSIX 1.77    Socket 0.05    Sys::Syslog 1.02    Time::localtime   Optional module versions are: 0.17    Convert::TNEF 1.809   DB_File 1.08    Digest 1.01    Digest::HMAC 2.33    Digest::MD5 2.01    Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004        Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.23    Net::DNS 0.31    Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42    Test::Harness 0.47    Test::Simple 1.95    Text::Balanced 1.19    URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).  Support MailScanner development - buy the book off the website! --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Mon Nov 28 11:59:17 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:18 2006 Subject: Rejecting email with an informative message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, November 28, 2005 11:49, Drew Marshall wrote: > On Mon, November 28, 2005 11:18, Peter Bates wrote: >> Hello all... >> >> I'm not sure which bit of MailScanner is best suited to this task, >> so apologies for asking here. >> >> We're getting complaints about a 'persistent offender' sending >> emails to a variety of recipients here, that said recipients want >> blocking. >> >> Normally I'd do this at the MTA, but the Postfix errors are more of >> the >> '550 No thanks' or '550 Please see http://blah/blah' order. >> >> The actual recipients would like to return a nicely formatted >> 'thanks, but no thanks' to this particular sender. >> >> What is the quickest way to do this in MailScanner, to deliver >> some custom message from the reports directory? > > It is easier to do this from Postfix and will save you bandwidth as well. > > Just set up check_client_access under > smtpd_client_restrictions (In main.cf) with something like ^^^^^^ Ops, that ought to be smtpd_sender_restrictions not client (Although it will do a similar job). Rest still applies. > > not_wanted@nastysender.com reject Thanks but no thanks > > Don't forget to postmap this file and reload Postfix. Postfix will now 550 > all mail from that e-mail address (Or you can use IP address, hostname, > domain etc). > > More details can be found here http://www.postfix.org/postconf.5.html > search for smtpd_client_restrictions Again here smtpd_sender_restrictions. Sorry, must learn to engage brain before send finger! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Mon Nov 28 11:59:17 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:18 2006 Subject: Rejecting email with an informative message Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, November 28, 2005 11:49, Drew Marshall wrote: > On Mon, November 28, 2005 11:18, Peter Bates wrote: >> Hello all... >> >> I'm not sure which bit of MailScanner is best suited to this task, >> so apologies for asking here. >> >> We're getting complaints about a 'persistent offender' sending >> emails to a variety of recipients here, that said recipients want >> blocking. >> >> Normally I'd do this at the MTA, but the Postfix errors are more of >> the >> '550 No thanks' or '550 Please see http://blah/blah' order. >> >> The actual recipients would like to return a nicely formatted >> 'thanks, but no thanks' to this particular sender. >> >> What is the quickest way to do this in MailScanner, to deliver >> some custom message from the reports directory? > > It is easier to do this from Postfix and will save you bandwidth as well. > > Just set up check_client_access under > smtpd_client_restrictions (In main.cf) with something like ^^^^^^ Ops, that ought to be smtpd_sender_restrictions not client (Although it will do a similar job). Rest still applies. > > not_wanted@nastysender.com reject Thanks but no thanks > > Don't forget to postmap this file and reload Postfix. Postfix will now 550 > all mail from that e-mail address (Or you can use IP address, hostname, > domain etc). > > More details can be found here http://www.postfix.org/postconf.5.html > search for smtpd_client_restrictions Again here smtpd_sender_restrictions. Sorry, must learn to engage brain before send finger! Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Mon Nov 28 12:02:21 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:31:18 2006 Subject: Rejecting email with an informative message Message-ID: Hi Peter, I agree with the suggestion to do this from the MTA (postfix in your case) but if you really want to do this with a "nice" email back to the sender then you are probably looking at some custom code. When doing this you need to be *sure* the sending address is not forged or some poor innocent person will get swamped with your "nice" email. you'll need: 1. An SA rule that matches that sender and gives a score of 100 or so. 2. A custom pm that replaces "High Scoring Spam Action" with some code that will detect that rule being used and send you custom sender report, the default action should be the same as your current "High Scoring Spam Action". As with most MailScanner things there are other ways to do this and the approach above is how "I" would go about it. Regards, Gary MailScanner mailing list wrote: > On Mon, November 28, 2005 11:18, Peter Bates wrote: >> Hello all... >> >> I'm not sure which bit of MailScanner is best suited to this task, >> so apologies for asking here. >> >> We're getting complaints about a 'persistent offender' sending emails >> to a variety of recipients here, that said recipients want blocking. >> >> Normally I'd do this at the MTA, but the Postfix errors are more of >> the '550 No thanks' or '550 Please see http://blah/blah' order. >> >> The actual recipients would like to return a nicely formatted >> 'thanks, but no thanks' to this particular sender. >> >> What is the quickest way to do this in MailScanner, to deliver some >> custom message from the reports directory? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Mon Nov 28 12:07:43 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Ok, result from debug output at the terminal was this .. if there's another dump file with debug info in it let me know and I'll post the output from that. This terminal output was generated when I sent a phishing trigger. Starting MailScanner daemons: incoming sendmail: [ OK ] outgoing sendmail: [ OK ] MailScanner: In Debugging mode, not forking... SA bayes lock is /root/.spamassassin/bayes.lock Bayes lock is at /root/.spamassassin/bayes.lock Net::DNS version is 0.23, but need 0.34dnsavailable-1 at /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 1230. Done the parse. Counter = 0 and max = 200 commit ineffective with AutoCommit enabled at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 42. Commmit ineffective while AutoCommit is on at /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, line 42. Stopping now as you are debugging me. ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 28, 2005 10:56 PM Subject: Re: Phishing problem. Yes, it's always worth trying. Certainly no reason not to. On 28 Nov 2005, at 11:44, Tony Enderby wrote: Julian, Made the requested change to MailScanner.conf and then attempted to trigger with a well formed phish and the subject was not modified to insert (Fraud?) Would running MS in debug mode as Martin suggested be worthwhile? Tony. ----- Original Message ----- From: Julian Field To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 28, 2005 10:00 PM Subject: Re: Phishing problem. Try setting "Phishing Modify Subject = yes" in MailScanner.conf and let me know what happens. I have an idea of what it might be. At some point in the last month or 2, CVS "lost" an edit (CVS is the package that manages the source code tree). MessageBatch.pm was therefore missing a function. Upgrade to the latest beta and let me know what happens. This may well fix it. On 28 Nov 2005, at 10:45, Tony Enderby wrote: Hi All, I have read some posts in the list archive regarding phishing fraud detection and one in particular about a user who couldn't get the functionality working but there was no definitive answer so I thought I'd ask again. I have been unable to get phishing detection to trigger (insert highlight) with MS v 4.47.4 or the two previous stable releases. I have dangerous content scanning set to on and although originally had 'find phishing fraud" set to a ruleset, have also tried hard coding to '"yes" both with the same result. I have tried manually firing the phishing detection by sending hand coded html email from various external sources (not on phishing whitelist) with disparate text and URL links, and also copied examples from various "phishing sample" websites. The numeric phishing detection does also not seem to work with the most simple email I've compiled and sent containing the following entry http://www.test.net but MS lets them through without inserting the warning. The folloing entries appears in my MailScanner.conf Find Phishing Fraud = yes Also Find Numeric Phishing = yes Highlight Phishing Fraud = yes A copy of terminal output from MailScanner -v is included below in the hope that maybe I'm missing some HTML parser module which is required to do the phishing checks. Any help would be much appreciated. Tony. This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.47.4 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.01 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000004 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite 0.23 Net::DNS 0.31 Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.19 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Nov 28 12:28:03 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:18 2006 Subject: Rejecting email with an informative message Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Peter Bates > Sent: Monday, November 28, 2005 6:18 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Rejecting email with an informative message > > > Hello all... > > I'm not sure which bit of MailScanner is best suited to this task, > so apologies for asking here. > > We're getting complaints about a 'persistent offender' sending > emails to a variety of recipients here, that said recipients want > blocking. > > Normally I'd do this at the MTA, but the Postfix errors are more of > the > '550 No thanks' or '550 Please see http://blah/blah' order. > > The actual recipients would like to return a nicely formatted > 'thanks, but no thanks' to this particular sender. > > What is the quickest way to do this in MailScanner, to deliver > some custom message from the reports directory? > > Thanks. > > P.S. I know the sender could easily sign up with 101 different Hotmail > addresses, but I'll cross that bridge when I come to it! > > [...] I am not a postfix expert (Exim) but it's my guess this can still be handle by the MTA (it could with Exim). I googled some things up and it would appear that procmail can handle this. A link to an example of doing exactly what you want with procmail is: http://acs.ucsd.edu/email/procmail.php Look at the section heading "Return to sender with "reject" notice (not for spam!)" and it describes a recipe for discarding mail and sending an e-mail message back to sender. You would, of course, have to change some things regarding domain name and such but this works based on sender address and can be a list or regular expression, apparently. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 28 12:31:40 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: Tony Well for starters upgrade net::DNS to some more modern and you'll get extra SA checks working... Then I'd post the URL to the debug out so Jules can peruse it.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Tony Enderby > Sent: 28 November 2005 12:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Phishing problem. > > Julian, > > Ok, result from debug output at the terminal was this .. if there's > another dump file with debug info in it let me know and I'll post the > output from that. This terminal output was generated when I sent a > phishing trigger. > > Starting MailScanner daemons: > incoming sendmail: [ OK ] > outgoing sendmail: [ OK ] > MailScanner: In Debugging mode, not forking... > SA bayes lock is /root/.spamassassin/bayes.lock > Bayes lock is at /root/.spamassassin/bayes.lock > Net::DNS version is 0.23, but need 0.34dnsavailable-1 at > /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 1230. > Done the parse. Counter = 0 and max = 200 > commit ineffective with AutoCommit enabled at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 42. > Commmit ineffective while AutoCommit is on at > /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > line 42. > Stopping now as you are debugging me. > > > ----- Original Message ----- > From: Julian Field > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Monday, November 28, 2005 10:56 PM > Subject: Re: Phishing problem. > > > Yes, it's always worth trying. Certainly no reason not to. > > On 28 Nov 2005, at 11:44, Tony Enderby wrote: > > > > Julian, > > Made the requested change to MailScanner.conf and then > attempted to trigger with a well formed phish and the subject was not > modified to insert (Fraud?) > > Would running MS in debug mode as Martin suggested be > worthwhile? > > Tony. > > ----- Original Message ----- > From: Julian Field > To: > MAILSCANNER@JISCMAIL.AC.UK > Sent: Monday, November 28, 2005 10:00 PM > Subject: Re: Phishing problem. > > Try setting "Phishing Modify Subject = yes" in > MailScanner.conf and let me know what happens. I have an idea of what it > might be. At some point in the last month or 2, CVS "lost" an edit (CVS is > the package that manages the source code tree). MessageBatch.pm was > therefore missing a function. > > Upgrade to the latest beta and let me know what happens. > This may well fix it. > > On 28 Nov 2005, at 10:45, Tony Enderby wrote: > > > > Hi All, > > I have read some posts in the list archive > regarding phishing fraud detection and one in particular about a user who > couldn't get the functionality working but there was no definitive answer > so I thought I'd ask again. > > I have been unable to get phishing detection to > trigger (insert highlight) with MS v 4.47.4 or the two previous stable > releases. I have dangerous content scanning set to on and although > originally had 'find phishing fraud" set to a ruleset, have also tried > hard coding to '"yes" both with the same result. > > I have tried manually firing the phishing > detection by sending hand coded html email from various external sources > (not on phishing whitelist) with disparate text and URL links, and also > copied examples from various "phishing sample" websites. The numeric > phishing detection does also not seem to work with the most simple email > I've compiled and sent containing the following entry MailScanner has detected a possible fraud attempt > from "203.203.45.45" claiming to be numericlinkwarning > http://203.203.45.45> http://www.test.net but MS > lets them through without inserting the warning. > > The folloing entries appears in my > MailScanner.conf > > Find Phishing Fraud = yes > Also Find Numeric Phishing = yes > Highlight Phishing Fraud = yes > > A copy of terminal output from MailScanner -v is > included below in the hope that maybe I'm missing some HTML parser module > which is required to do the phishing checks. > > > Any help would be much appreciated. > > Tony. > > This is Perl version 5.008005 (5.8.5) > > This is MailScanner version 4.47.4 > Module versions are: > 1.00 AnyDBM_File > 1.14 Archive::Zip > 1.03 Carp > 1.119 Convert::BinHex > 1.00 DirHandle > 1.05 Fcntl > 2.73 File::Basename > 2.08 File::Copy > 2.01 FileHandle > 1.06 File::Path > 0.14 File::Temp > 1.29 HTML::Entities > 3.45 HTML::Parser > 2.30 HTML::TokeParser > 1.21 IO > 1.10 IO::File > 1.123 IO::Pipe > 1.50 Mail::Header > 3.05 MIME::Base64 > 5.417 MIME::Decoder > 5.417 MIME::Decoder::UU > 5.417 MIME::Head > 5.417 MIME::Parser > 3.03 MIME::QuotedPrint > 5.417 MIME::Tools > 0.10 Net::CIDR > 1.08 POSIX > 1.77 Socket > 0.05 Sys::Syslog > 1.02 Time::localtime > > Optional module versions are: > 0.17 Convert::TNEF > 1.809 DB_File > 1.08 Digest > 1.01 Digest::HMAC > 2.33 Digest::MD5 > 2.01 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000004 Mail::SpamAssassin > missing Mail::SPF::Query > missing Net::CIDR::Lite > 0.23 Net::DNS > 0.31 Net::LDAP > missing Parse::RecDescent > missing SAVI > missing Sys::Hostname::Long > 2.42 Test::Harness > 0.47 Test::Simple > 1.95 Text::Balanced > 1.19 URI > > > ------------------------ MailScanner list -------- > ---------------- > To unsubscribe, email jiscmail@jiscmail.ac.uk with > the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( > http://wiki.mailscanner.info/) > and the archives ( > > http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off > the website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at > www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 > 1415 B654 > > > ------------------------ MailScanner list -------------- > ---------- > To unsubscribe, email jiscmail@jiscmail.ac.uk with the > words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( > http://wiki.mailscanner.info/) > and the archives ( > > http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the > website! > > > > ------------------------ MailScanner list -------------------- > ---- > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( > http://wiki.mailscanner.info/) > and the archives ( > > http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the > website! > > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Mon Nov 28 13:02:44 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, Updating said perl module at the moment and please excuse my ignorance but where does MS dump debug info? Tony. ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, November 28, 2005 11:31 PM Subject: Re: Phishing problem. > Tony > > Well for starters upgrade net::DNS to some more modern and you'll get > extra > SA checks working... > > Then I'd post the URL to the debug out so Jules can peruse it.. > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Tony Enderby >> Sent: 28 November 2005 12:08 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] Phishing problem. >> >> Julian, >> >> Ok, result from debug output at the terminal was this .. if there's >> another dump file with debug info in it let me know and I'll post the >> output from that. This terminal output was generated when I sent a >> phishing trigger. >> >> Starting MailScanner daemons: >> incoming sendmail: [ OK ] >> outgoing sendmail: [ OK ] >> MailScanner: In Debugging mode, not forking... >> SA bayes lock is /root/.spamassassin/bayes.lock >> Bayes lock is at /root/.spamassassin/bayes.lock >> Net::DNS version is 0.23, but need 0.34dnsavailable-1 at >> /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 1230. >> Done the parse. Counter = 0 and max = 200 >> commit ineffective with AutoCommit enabled at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, >> line 42. >> Commmit ineffective while AutoCommit is on at >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, >> line 42. >> Stopping now as you are debugging me. >> >> >> ----- Original Message ----- >> From: Julian Field >> To: MAILSCANNER@JISCMAIL.AC.UK >> Sent: Monday, November 28, 2005 10:56 PM >> Subject: Re: Phishing problem. >> >> >> Yes, it's always worth trying. Certainly no reason not to. >> >> On 28 Nov 2005, at 11:44, Tony Enderby wrote: >> >> >> >> Julian, >> >> Made the requested change to MailScanner.conf and then >> attempted to trigger with a well formed phish and the subject was not >> modified to insert (Fraud?) >> >> Would running MS in debug mode as Martin suggested be >> worthwhile? >> >> Tony. >> >> ----- Original Message ----- >> From: Julian > Field >> To: >> MAILSCANNER@JISCMAIL.AC.UK >> Sent: Monday, November 28, 2005 10:00 PM >> Subject: Re: Phishing problem. >> >> Try setting "Phishing Modify Subject = yes" in >> MailScanner.conf and let me know what happens. I have an idea of what it >> might be. At some point in the last month or 2, CVS "lost" an edit (CVS >> is >> the package that manages the source code tree). MessageBatch.pm was >> therefore missing a function. >> >> Upgrade to the latest beta and let me know what > happens. >> This may well fix it. >> >> On 28 Nov 2005, at 10:45, Tony Enderby wrote: >> >> >> >> Hi All, >> >> I have read some posts in the list archive >> regarding phishing fraud detection and one in particular about a user who >> couldn't get the functionality working but there was no definitive answer >> so I thought I'd ask again. >> >> I have been unable to get phishing detection > to >> trigger (insert highlight) with MS v 4.47.4 or the two previous stable >> releases. I have dangerous content scanning set to on and although >> originally had 'find phishing fraud" set to a ruleset, have also tried >> hard coding to '"yes" both with the same result. >> >> I have tried manually firing the phishing >> detection by sending hand coded html email from various external sources >> (not on phishing whitelist) with disparate text and URL links, and also >> copied examples from various "phishing sample" websites. The numeric >> phishing detection does also not seem to work with the most simple email >> I've compiled and sent containing the following entry > MailScanner has detected a possible fraud attempt >> from "203.203.45.45" claiming to be numericlinkwarning >> http://203.203.45.45> http://www.test.net but >> MS >> lets them through without inserting the warning. >> >> The folloing entries appears in my >> MailScanner.conf >> >> Find Phishing Fraud = yes >> Also Find Numeric Phishing = yes >> Highlight Phishing Fraud = yes >> >> A copy of terminal output from MailScanner > -v is >> included below in the hope that maybe I'm missing some HTML parser module >> which is required to do the phishing checks. >> >> >> Any help would be much appreciated. >> >> Tony. >> >> This is Perl version 5.008005 (5.8.5) >> >> This is MailScanner version 4.47.4 >> Module versions are: >> 1.00 AnyDBM_File >> 1.14 Archive::Zip >> 1.03 Carp >> 1.119 Convert::BinHex >> 1.00 DirHandle >> 1.05 Fcntl >> 2.73 File::Basename >> 2.08 File::Copy >> 2.01 FileHandle >> 1.06 File::Path >> 0.14 File::Temp >> 1.29 HTML::Entities >> 3.45 HTML::Parser >> 2.30 HTML::TokeParser >> 1.21 IO >> 1.10 IO::File >> 1.123 IO::Pipe >> 1.50 Mail::Header >> 3.05 MIME::Base64 >> 5.417 MIME::Decoder >> 5.417 MIME::Decoder::UU >> 5.417 MIME::Head >> 5.417 MIME::Parser >> 3.03 MIME::QuotedPrint >> 5.417 MIME::Tools >> 0.10 Net::CIDR >> 1.08 POSIX >> 1.77 Socket >> 0.05 Sys::Syslog >> 1.02 Time::localtime >> >> Optional module versions are: >> 0.17 Convert::TNEF >> 1.809 DB_File >> 1.08 Digest >> 1.01 Digest::HMAC >> 2.33 Digest::MD5 >> 2.01 Digest::SHA1 >> missing Inline >> missing Mail::ClamAV >> 3.000004 Mail::SpamAssassin >> missing Mail::SPF::Query >> missing Net::CIDR::Lite >> 0.23 Net::DNS >> 0.31 Net::LDAP >> missing Parse::RecDescent >> missing SAVI >> missing Sys::Hostname::Long >> 2.42 Test::Harness >> 0.47 Test::Simple >> 1.95 Text::Balanced >> 1.19 URI >> >> >> ------------------------ MailScanner list > -------- >> ---------------- >> To unsubscribe, email > jiscmail@jiscmail.ac.uk with >> the words: >> 'leave mailscanner' in the body of the > email. >> Before posting, read the Wiki ( >> http://wiki.mailscanner.info/) >> and the archives ( >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the > book off >> the website! >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at >> www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 > 5947 >> 1415 B654 >> >> >> ------------------------ MailScanner list > -------------- >> ---------- >> To unsubscribe, email jiscmail@jiscmail.ac.uk with > the >> words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki ( >> http://wiki.mailscanner.info/) >> and the archives ( >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off > the >> website! >> >> >> >> ------------------------ MailScanner list > -------------------- >> ---- >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the > words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki ( >> http://wiki.mailscanner.info/) >> and the archives ( >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the >> website! >> >> >> >> -- >> Julian Field >> www.MailScanner.info >> Buy the MailScanner book at www.MailScanner.info/store >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ----------------------------------------------------------------------------------- > This message has been scanned by Mailwash Australia. > > Premier Anti-Virus, Anti-Spam and Identity Theft protection > for Corporations and End Users. > > Log into http://www.mailwash.com.au to check your message > store for blocked content. > > Please visit http://www.mailwash.com.au for an overview. > ----------------------------------------------------------------------------------- > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 28 13:48:38 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: Tony Should dump the screen. I presume you set BOTH debug statements in MailScanner.conf to true??? -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Tony Enderby > Sent: 28 November 2005 13:03 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Phishing problem. > > Martin, > > Updating said perl module at the moment and please excuse my ignorance but > where does MS dump debug info? > > Tony. > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Monday, November 28, 2005 11:31 PM > Subject: Re: Phishing problem. > > > > Tony > > > > Well for starters upgrade net::DNS to some more modern and you'll get > > extra > > SA checks working... > > > > Then I'd post the URL to the debug out so Jules can peruse it.. > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Tony Enderby > >> Sent: 28 November 2005 12:08 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: [MAILSCANNER] Phishing problem. > >> > >> Julian, > >> > >> Ok, result from debug output at the terminal was this .. if there's > >> another dump file with debug info in it let me know and I'll post the > >> output from that. This terminal output was generated when I sent a > >> phishing trigger. > >> > >> Starting MailScanner daemons: > >> incoming sendmail: [ OK ] > >> outgoing sendmail: [ OK ] > >> MailScanner: In Debugging mode, not forking... > >> SA bayes lock is /root/.spamassassin/bayes.lock > >> Bayes lock is at /root/.spamassassin/bayes.lock > >> Net::DNS version is 0.23, but need 0.34dnsavailable-1 at > >> /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 1230. > >> Done the parse. Counter = 0 and max = 200 > >> commit ineffective with AutoCommit enabled at > >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > >> line 42. > >> Commmit ineffective while AutoCommit is on at > >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, > >> line 42. > >> Stopping now as you are debugging me. > >> > >> > >> ----- Original Message ----- > >> From: Julian Field > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Sent: Monday, November 28, 2005 10:56 PM > >> Subject: Re: Phishing problem. > >> > >> > >> Yes, it's always worth trying. Certainly no reason not to. > >> > >> On 28 Nov 2005, at 11:44, Tony Enderby wrote: > >> > >> > >> > >> Julian, > >> > >> Made the requested change to MailScanner.conf and then > >> attempted to trigger with a well formed phish and the subject was not > >> modified to insert (Fraud?) > >> > >> Would running MS in debug mode as Martin suggested be > >> worthwhile? > >> > >> Tony. > >> > >> ----- Original Message ----- > >> From: Julian > > Field > >> To: > >> MAILSCANNER@JISCMAIL.AC.UK > >> Sent: Monday, November 28, 2005 10:00 PM > >> Subject: Re: Phishing problem. > >> > >> Try setting "Phishing Modify Subject = yes" in > >> MailScanner.conf and let me know what happens. I have an idea of what > it > >> might be. At some point in the last month or 2, CVS "lost" an edit (CVS > >> is > >> the package that manages the source code tree). MessageBatch.pm was > >> therefore missing a function. > >> > >> Upgrade to the latest beta and let me know what > > happens. > >> This may well fix it. > >> > >> On 28 Nov 2005, at 10:45, Tony Enderby wrote: > >> > >> > >> > >> Hi All, > >> > >> I have read some posts in the list archive > >> regarding phishing fraud detection and one in particular about a user > who > >> couldn't get the functionality working but there was no definitive > answer > >> so I thought I'd ask again. > >> > >> I have been unable to get phishing detection > > to > >> trigger (insert highlight) with MS v 4.47.4 or the two previous stable > >> releases. I have dangerous content scanning set to on and although > >> originally had 'find phishing fraud" set to a ruleset, have also tried > >> hard coding to '"yes" both with the same result. > >> > >> I have tried manually firing the phishing > >> detection by sending hand coded html email from various external > sources > >> (not on phishing whitelist) with disparate text and URL links, and also > >> copied examples from various "phishing sample" websites. The numeric > >> phishing detection does also not seem to work with the most simple > email > >> I've compiled and sent containing the following entry >> MailScanner has detected a possible fraud > attempt > >> from "203.203.45.45" claiming to be numericlinkwarning > >> http://203.203.45.45> http://www.test.net but > >> MS > >> lets them through without inserting the warning. > >> > >> The folloing entries appears in my > >> MailScanner.conf > >> > >> Find Phishing Fraud = yes > >> Also Find Numeric Phishing = yes > >> Highlight Phishing Fraud = yes > >> > >> A copy of terminal output from MailScanner > > -v is > >> included below in the hope that maybe I'm missing some HTML parser > module > >> which is required to do the phishing checks. > >> > >> > >> Any help would be much appreciated. > >> > >> Tony. > >> > >> This is Perl version 5.008005 (5.8.5) > >> > >> This is MailScanner version 4.47.4 > >> Module versions are: > >> 1.00 AnyDBM_File > >> 1.14 Archive::Zip > >> 1.03 Carp > >> 1.119 Convert::BinHex > >> 1.00 DirHandle > >> 1.05 Fcntl > >> 2.73 File::Basename > >> 2.08 File::Copy > >> 2.01 FileHandle > >> 1.06 File::Path > >> 0.14 File::Temp > >> 1.29 HTML::Entities > >> 3.45 HTML::Parser > >> 2.30 HTML::TokeParser > >> 1.21 IO > >> 1.10 IO::File > >> 1.123 IO::Pipe > >> 1.50 Mail::Header > >> 3.05 MIME::Base64 > >> 5.417 MIME::Decoder > >> 5.417 MIME::Decoder::UU > >> 5.417 MIME::Head > >> 5.417 MIME::Parser > >> 3.03 MIME::QuotedPrint > >> 5.417 MIME::Tools > >> 0.10 Net::CIDR > >> 1.08 POSIX > >> 1.77 Socket > >> 0.05 Sys::Syslog > >> 1.02 Time::localtime > >> > >> Optional module versions are: > >> 0.17 Convert::TNEF > >> 1.809 DB_File > >> 1.08 Digest > >> 1.01 Digest::HMAC > >> 2.33 Digest::MD5 > >> 2.01 Digest::SHA1 > >> missing Inline > >> missing Mail::ClamAV > >> 3.000004 Mail::SpamAssassin > >> missing Mail::SPF::Query > >> missing Net::CIDR::Lite > >> 0.23 Net::DNS > >> 0.31 Net::LDAP > >> missing Parse::RecDescent > >> missing SAVI > >> missing Sys::Hostname::Long > >> 2.42 Test::Harness > >> 0.47 Test::Simple > >> 1.95 Text::Balanced > >> 1.19 URI > >> > >> > >> ------------------------ MailScanner list > > -------- > >> ---------------- > >> To unsubscribe, email > > jiscmail@jiscmail.ac.uk with > >> the words: > >> 'leave mailscanner' in the body of the > > email. > >> Before posting, read the Wiki ( > >> http://wiki.mailscanner.info/) > >> and the archives ( > >> > >> http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the > > book off > >> the website! > >> > >> > >> > >> -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at > >> www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 > > 5947 > >> 1415 B654 > >> > >> > >> ------------------------ MailScanner list > > -------------- > >> ---------- > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with > > the > >> words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki ( > >> http://wiki.mailscanner.info/) > >> and the archives ( > >> > >> http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off > > the > >> website! > >> > >> > >> > >> ------------------------ MailScanner list > > -------------------- > >> ---- > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the > > words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki ( > >> http://wiki.mailscanner.info/) > >> and the archives ( > >> > >> http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the > >> website! > >> > >> > >> > >> -- > >> Julian Field > >> www.MailScanner.info > >> Buy the MailScanner book at www.MailScanner.info/store > >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------------------------------------------------------ > ----------- > > This message has been scanned by Mailwash Australia. > > > > Premier Anti-Virus, Anti-Spam and Identity Theft protection > > for Corporations and End Users. > > > > Log into http://www.mailwash.com.au to check your message > > store for blocked content. > > > > Please visit http://www.mailwash.com.au for an overview. > > ------------------------------------------------------------------------ > ----------- > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Mon Nov 28 14:26:17 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Martin, The first debug session was configured with only the MS debug option set .. are you referring to the Spam Assassin debug flag as well? Tony. ----- Original Message ----- From: "Martin Hepworth" To: Sent: Tuesday, November 29, 2005 12:48 AM Subject: Re: Phishing problem. > Tony > > Should dump the screen. > > I presume you set BOTH debug statements in MailScanner.conf to true??? > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Tony Enderby >> Sent: 28 November 2005 13:03 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] Phishing problem. >> >> Martin, >> >> Updating said perl module at the moment and please excuse my ignorance >> but >> where does MS dump debug info? >> >> Tony. >> ----- Original Message ----- >> From: "Martin Hepworth" >> To: >> Sent: Monday, November 28, 2005 11:31 PM >> Subject: Re: Phishing problem. >> >> >> > Tony >> > >> > Well for starters upgrade net::DNS to some more modern and you'll get >> > extra >> > SA checks working... >> > >> > Then I'd post the URL to the debug out so Jules can peruse it.. >> > >> > -- >> > Martin Hepworth >> > Snr Systems Administrator >> > Solid State Logic >> > Tel: +44 (0)1865 842300 >> > >> >> -----Original Message----- >> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> Behalf Of Tony Enderby >> >> Sent: 28 November 2005 12:08 >> >> To: MAILSCANNER@JISCMAIL.AC.UK >> >> Subject: Re: [MAILSCANNER] Phishing problem. >> >> >> >> Julian, >> >> >> >> Ok, result from debug output at the terminal was this .. if there's >> >> another dump file with debug info in it let me know and I'll post the >> >> output from that. This terminal output was generated when I sent a >> >> phishing trigger. >> >> >> >> Starting MailScanner daemons: >> >> incoming sendmail: [ OK ] >> >> outgoing sendmail: [ OK ] >> >> MailScanner: In Debugging mode, not forking... >> >> SA bayes lock is /root/.spamassassin/bayes.lock >> >> Bayes lock is at /root/.spamassassin/bayes.lock >> >> Net::DNS version is 0.23, but need 0.34dnsavailable-1 at >> >> /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 1230. >> >> Done the parse. Counter = 0 and max = 200 >> >> commit ineffective with AutoCommit enabled at >> >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, >> >> line 42. >> >> Commmit ineffective while AutoCommit is on at >> >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line 93, >> >> line 42. >> >> Stopping now as you are debugging me. >> >> >> >> >> >> ----- Original Message ----- >> >> From: Julian Field >> >> To: MAILSCANNER@JISCMAIL.AC.UK >> >> Sent: Monday, November 28, 2005 10:56 PM >> >> Subject: Re: Phishing problem. >> >> >> >> >> >> Yes, it's always worth trying. Certainly no reason not to. >> >> >> >> On 28 Nov 2005, at 11:44, Tony Enderby wrote: >> >> >> >> >> >> >> >> Julian, >> >> >> >> Made the requested change to MailScanner.conf and then >> >> attempted to trigger with a well formed phish and the subject was not >> >> modified to insert (Fraud?) >> >> >> >> Would running MS in debug mode as Martin suggested be >> >> worthwhile? >> >> >> >> Tony. >> >> >> >> ----- Original Message ----- >> >> From: Julian >> > Field >> >> To: >> >> MAILSCANNER@JISCMAIL.AC.UK >> >> Sent: Monday, November 28, 2005 10:00 PM >> >> Subject: Re: Phishing problem. >> >> >> >> Try setting "Phishing Modify Subject = yes" in >> >> MailScanner.conf and let me know what happens. I have an idea of what >> it >> >> might be. At some point in the last month or 2, CVS "lost" an edit >> >> (CVS >> >> is >> >> the package that manages the source code tree). MessageBatch.pm was >> >> therefore missing a function. >> >> >> >> Upgrade to the latest beta and let me know what >> > happens. >> >> This may well fix it. >> >> >> >> On 28 Nov 2005, at 10:45, Tony Enderby wrote: >> >> >> >> >> >> >> >> Hi All, >> >> >> >> I have read some posts in the list archive >> >> regarding phishing fraud detection and one in particular about a user >> who >> >> couldn't get the functionality working but there was no definitive >> answer >> >> so I thought I'd ask again. >> >> >> >> I have been unable to get phishing detection >> > to >> >> trigger (insert highlight) with MS v 4.47.4 or the two previous stable >> >> releases. I have dangerous content scanning set to on and although >> >> originally had 'find phishing fraud" set to a ruleset, have also tried >> >> hard coding to '"yes" both with the same result. >> >> >> >> I have tried manually firing the phishing >> >> detection by sending hand coded html email from various external >> sources >> >> (not on phishing whitelist) with disparate text and URL links, and >> >> also >> >> copied examples from various "phishing sample" websites. The numeric >> >> phishing detection does also not seem to work with the most simple >> email >> >> I've compiled and sent containing the following entry > >> MailScanner has detected a possible fraud >> attempt >> >> from "203.203.45.45" claiming to be numericlinkwarning >> >> http://203.203.45.45> http://www.test.net >> >> but >> >> MS >> >> lets them through without inserting the warning. >> >> >> >> The folloing entries appears in my >> >> MailScanner.conf >> >> >> >> Find Phishing Fraud = yes >> >> Also Find Numeric Phishing = yes >> >> Highlight Phishing Fraud = yes >> >> >> >> A copy of terminal output from MailScanner >> > -v is >> >> included below in the hope that maybe I'm missing some HTML parser >> module >> >> which is required to do the phishing checks. >> >> >> >> >> >> Any help would be much appreciated. >> >> >> >> Tony. >> >> >> >> This is Perl version 5.008005 (5.8.5) >> >> >> >> This is MailScanner version 4.47.4 >> >> Module versions are: >> >> 1.00 AnyDBM_File >> >> 1.14 Archive::Zip >> >> 1.03 Carp >> >> 1.119 Convert::BinHex >> >> 1.00 DirHandle >> >> 1.05 Fcntl >> >> 2.73 File::Basename >> >> 2.08 File::Copy >> >> 2.01 FileHandle >> >> 1.06 File::Path >> >> 0.14 File::Temp >> >> 1.29 HTML::Entities >> >> 3.45 HTML::Parser >> >> 2.30 HTML::TokeParser >> >> 1.21 IO >> >> 1.10 IO::File >> >> 1.123 IO::Pipe >> >> 1.50 Mail::Header >> >> 3.05 MIME::Base64 >> >> 5.417 MIME::Decoder >> >> 5.417 MIME::Decoder::UU >> >> 5.417 MIME::Head >> >> 5.417 MIME::Parser >> >> 3.03 MIME::QuotedPrint >> >> 5.417 MIME::Tools >> >> 0.10 Net::CIDR >> >> 1.08 POSIX >> >> 1.77 Socket >> >> 0.05 Sys::Syslog >> >> 1.02 Time::localtime >> >> >> >> Optional module versions are: >> >> 0.17 Convert::TNEF >> >> 1.809 DB_File >> >> 1.08 Digest >> >> 1.01 Digest::HMAC >> >> 2.33 Digest::MD5 >> >> 2.01 Digest::SHA1 >> >> missing Inline >> >> missing Mail::ClamAV >> >> 3.000004 Mail::SpamAssassin >> >> missing Mail::SPF::Query >> >> missing Net::CIDR::Lite >> >> 0.23 Net::DNS >> >> 0.31 Net::LDAP >> >> missing Parse::RecDescent >> >> missing SAVI >> >> missing Sys::Hostname::Long >> >> 2.42 Test::Harness >> >> 0.47 Test::Simple >> >> 1.95 Text::Balanced >> >> 1.19 URI >> >> >> >> >> >> ------------------------ MailScanner list >> > -------- >> >> ---------------- >> >> To unsubscribe, email >> > jiscmail@jiscmail.ac.uk with >> >> the words: >> >> 'leave mailscanner' in the body of the >> > email. >> >> Before posting, read the Wiki ( >> >> http://wiki.mailscanner.info/) >> >> and the archives ( >> >> >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >> >> Support MailScanner development - buy the >> > book off >> >> the website! >> >> >> >> >> >> >> >> -- >> >> Julian Field >> >> www.MailScanner.info >> >> Buy the MailScanner book at >> >> www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 >> > 5947 >> >> 1415 B654 >> >> >> >> >> >> ------------------------ MailScanner list >> > -------------- >> >> ---------- >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with >> > the >> >> words: >> >> 'leave mailscanner' in the body of the email. >> >> Before posting, read the Wiki ( >> >> http://wiki.mailscanner.info/) >> >> and the archives ( >> >> >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >> >> Support MailScanner development - buy the book off >> > the >> >> website! >> >> >> >> >> >> >> >> ------------------------ MailScanner list >> > -------------------- >> >> ---- >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the >> > words: >> >> 'leave mailscanner' in the body of the email. >> >> Before posting, read the Wiki ( >> >> http://wiki.mailscanner.info/) >> >> and the archives ( >> >> >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >> >> Support MailScanner development - buy the book off the >> >> website! >> >> >> >> >> >> >> >> -- >> >> Julian Field >> >> www.MailScanner.info >> >> Buy the MailScanner book at www.MailScanner.info/store >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >> >> >> >> ------------------------ MailScanner list ------------------------ >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> >> 'leave mailscanner' in the body of the email. >> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >> >> Support MailScanner development - buy the book off the website! >> >> >> >> >> >> >> >> ------------------------ MailScanner list ------------------------ >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> >> 'leave mailscanner' in the body of the email. >> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> >> >> Support MailScanner development - buy the book off the website! >> > >> > >> > >> > ********************************************************************** >> > >> > This email and any files transmitted with it are confidential and >> > intended solely for the use of the individual or entity to whom they >> > are addressed. If you have received this email in error please notify >> > the system manager. >> > >> > This footnote confirms that this email message has been swept >> > for the presence of computer viruses and is believed to be clean. >> > >> > ********************************************************************** >> > >> > ------------------------ MailScanner list ------------------------ >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> > 'leave mailscanner' in the body of the email. >> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> > >> > Support MailScanner development - buy the book off the website! >> > >> > ------------------------------------------------------------------------ >> ----------- >> > This message has been scanned by Mailwash Australia. >> > >> > Premier Anti-Virus, Anti-Spam and Identity Theft protection >> > for Corporations and End Users. >> > >> > Log into http://www.mailwash.com.au to check your message >> > store for blocked content. >> > >> > Please visit http://www.mailwash.com.au for an overview. >> > ------------------------------------------------------------------------ >> ----------- >> > >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ----------------------------------------------------------------------------------- > This message has been scanned by Mailwash Australia. > > Premier Anti-Virus, Anti-Spam and Identity Theft protection > for Corporations and End Users. > > Log into http://www.mailwash.com.au to check your message > store for blocked content. > > Please visit http://www.mailwash.com.au for an overview. > ----------------------------------------------------------------------------------- > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 28 14:40:05 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: Yes - you need a message in the inbound queue so it will actually do something useful as well.. Hmm I see you're running the mail stop/start script..... Stop MailScanner only (how ever that's done with the RPM version of the init script). Have a look at the script. Then run check_mailscanner ... that will ONLY run mailscanner and not try and start any of the MTA daemons.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Tony Enderby > Sent: 28 November 2005 14:26 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Phishing problem. > > Martin, > > The first debug session was configured with only the MS debug option set > .. > are you referring to the Spam Assassin debug flag as well? > > Tony. > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Tuesday, November 29, 2005 12:48 AM > Subject: Re: Phishing problem. > > > > Tony > > > > Should dump the screen. > > > > I presume you set BOTH debug statements in MailScanner.conf to true??? > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Tony Enderby > >> Sent: 28 November 2005 13:03 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: [MAILSCANNER] Phishing problem. > >> > >> Martin, > >> > >> Updating said perl module at the moment and please excuse my ignorance > >> but > >> where does MS dump debug info? > >> > >> Tony. > >> ----- Original Message ----- > >> From: "Martin Hepworth" > >> To: > >> Sent: Monday, November 28, 2005 11:31 PM > >> Subject: Re: Phishing problem. > >> > >> > >> > Tony > >> > > >> > Well for starters upgrade net::DNS to some more modern and you'll get > >> > extra > >> > SA checks working... > >> > > >> > Then I'd post the URL to the debug out so Jules can peruse it.. > >> > > >> > -- > >> > Martin Hepworth > >> > Snr Systems Administrator > >> > Solid State Logic > >> > Tel: +44 (0)1865 842300 > >> > > >> >> -----Original Message----- > >> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] > On > >> >> Behalf Of Tony Enderby > >> >> Sent: 28 November 2005 12:08 > >> >> To: MAILSCANNER@JISCMAIL.AC.UK > >> >> Subject: Re: [MAILSCANNER] Phishing problem. > >> >> > >> >> Julian, > >> >> > >> >> Ok, result from debug output at the terminal was this .. if there's > >> >> another dump file with debug info in it let me know and I'll post > the > >> >> output from that. This terminal output was generated when I sent a > >> >> phishing trigger. > >> >> > >> >> Starting MailScanner daemons: > >> >> incoming sendmail: [ OK ] > >> >> outgoing sendmail: [ OK ] > >> >> MailScanner: In Debugging mode, not forking... > >> >> SA bayes lock is /root/.spamassassin/bayes.lock > >> >> Bayes lock is at /root/.spamassassin/bayes.lock > >> >> Net::DNS version is 0.23, but need 0.34dnsavailable-1 at > >> >> /usr/lib/perl5/vendor_perl/5.8.5/Mail/SpamAssassin/Dns.pm line 1230. > >> >> Done the parse. Counter = 0 and max = 200 > >> >> commit ineffective with AutoCommit enabled at > >> >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line > 93, > >> >> line 42. > >> >> Commmit ineffective while AutoCommit is on at > >> >> /usr/lib/MailScanner/MailScanner/CustomFunctions/MailWatch.pm line > 93, > >> >> line 42. > >> >> Stopping now as you are debugging me. > >> >> > >> >> > >> >> ----- Original Message ----- > >> >> From: Julian Field > >> >> To: MAILSCANNER@JISCMAIL.AC.UK > >> >> Sent: Monday, November 28, 2005 10:56 PM > >> >> Subject: Re: Phishing problem. > >> >> > >> >> > >> >> Yes, it's always worth trying. Certainly no reason not to. > >> >> > >> >> On 28 Nov 2005, at 11:44, Tony Enderby wrote: > >> >> > >> >> > >> >> > >> >> Julian, > >> >> > >> >> Made the requested change to MailScanner.conf and then > >> >> attempted to trigger with a well formed phish and the subject was > not > >> >> modified to insert (Fraud?) > >> >> > >> >> Would running MS in debug mode as Martin suggested be > >> >> worthwhile? > >> >> > >> >> Tony. > >> >> > >> >> ----- Original Message ----- > >> >> From: Julian > >> > Field > >> >> To: > >> >> MAILSCANNER@JISCMAIL.AC.UK > >> >> Sent: Monday, November 28, 2005 10:00 PM > >> >> Subject: Re: Phishing problem. > >> >> > >> >> Try setting "Phishing Modify Subject = yes" in > >> >> MailScanner.conf and let me know what happens. I have an idea of > what > >> it > >> >> might be. At some point in the last month or 2, CVS "lost" an edit > >> >> (CVS > >> >> is > >> >> the package that manages the source code tree). MessageBatch.pm was > >> >> therefore missing a function. > >> >> > >> >> Upgrade to the latest beta and let me know what > >> > happens. > >> >> This may well fix it. > >> >> > >> >> On 28 Nov 2005, at 10:45, Tony Enderby wrote: > >> >> > >> >> > >> >> > >> >> Hi All, > >> >> > >> >> I have read some posts in the list archive > >> >> regarding phishing fraud detection and one in particular about a > user > >> who > >> >> couldn't get the functionality working but there was no definitive > >> answer > >> >> so I thought I'd ask again. > >> >> > >> >> I have been unable to get phishing detection > >> > to > >> >> trigger (insert highlight) with MS v 4.47.4 or the two previous > stable > >> >> releases. I have dangerous content scanning set to on and although > >> >> originally had 'find phishing fraud" set to a ruleset, have also > tried > >> >> hard coding to '"yes" both with the same result. > >> >> > >> >> I have tried manually firing the phishing > >> >> detection by sending hand coded html email from various external > >> sources > >> >> (not on phishing whitelist) with disparate text and URL links, and > >> >> also > >> >> copied examples from various "phishing sample" websites. The > numeric > >> >> phishing detection does also not seem to work with the most simple > >> email > >> >> I've compiled and sent containing the following entry >> >> MailScanner has detected a possible fraud > >> attempt > >> >> from "203.203.45.45" claiming to be numericlinkwarning > >> >> http://203.203.45.45> http://www.test.net > >> >> but > >> >> MS > >> >> lets them through without inserting the warning. > >> >> > >> >> The folloing entries appears in my > >> >> MailScanner.conf > >> >> > >> >> Find Phishing Fraud = yes > >> >> Also Find Numeric Phishing = yes > >> >> Highlight Phishing Fraud = yes > >> >> > >> >> A copy of terminal output from MailScanner > >> > -v is > >> >> included below in the hope that maybe I'm missing some HTML parser > >> module > >> >> which is required to do the phishing checks. > >> >> > >> >> > >> >> Any help would be much appreciated. > >> >> > >> >> Tony. > >> >> > >> >> This is Perl version 5.008005 (5.8.5) > >> >> > >> >> This is MailScanner version 4.47.4 > >> >> Module versions are: > >> >> 1.00 AnyDBM_File > >> >> 1.14 Archive::Zip > >> >> 1.03 Carp > >> >> 1.119 Convert::BinHex > >> >> 1.00 DirHandle > >> >> 1.05 Fcntl > >> >> 2.73 File::Basename > >> >> 2.08 File::Copy > >> >> 2.01 FileHandle > >> >> 1.06 File::Path > >> >> 0.14 File::Temp > >> >> 1.29 HTML::Entities > >> >> 3.45 HTML::Parser > >> >> 2.30 HTML::TokeParser > >> >> 1.21 IO > >> >> 1.10 IO::File > >> >> 1.123 IO::Pipe > >> >> 1.50 Mail::Header > >> >> 3.05 MIME::Base64 > >> >> 5.417 MIME::Decoder > >> >> 5.417 MIME::Decoder::UU > >> >> 5.417 MIME::Head > >> >> 5.417 MIME::Parser > >> >> 3.03 MIME::QuotedPrint > >> >> 5.417 MIME::Tools > >> >> 0.10 Net::CIDR > >> >> 1.08 POSIX > >> >> 1.77 Socket > >> >> 0.05 Sys::Syslog > >> >> 1.02 Time::localtime > >> >> > >> >> Optional module versions are: > >> >> 0.17 Convert::TNEF > >> >> 1.809 DB_File > >> >> 1.08 Digest > >> >> 1.01 Digest::HMAC > >> >> 2.33 Digest::MD5 > >> >> 2.01 Digest::SHA1 > >> >> missing Inline > >> >> missing Mail::ClamAV > >> >> 3.000004 Mail::SpamAssassin > >> >> missing Mail::SPF::Query > >> >> missing Net::CIDR::Lite > >> >> 0.23 Net::DNS > >> >> 0.31 Net::LDAP > >> >> missing Parse::RecDescent > >> >> missing SAVI > >> >> missing Sys::Hostname::Long > >> >> 2.42 Test::Harness > >> >> 0.47 Test::Simple > >> >> 1.95 Text::Balanced > >> >> 1.19 URI > >> >> > >> >> > >> >> ------------------------ MailScanner list > >> > -------- > >> >> ---------------- > >> >> To unsubscribe, email > >> > jiscmail@jiscmail.ac.uk with > >> >> the words: > >> >> 'leave mailscanner' in the body of the > >> > email. > >> >> Before posting, read the Wiki ( > >> >> http://wiki.mailscanner.info/) > >> >> and the archives ( > >> >> > >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> >> > >> >> Support MailScanner development - buy the > >> > book off > >> >> the website! > >> >> > >> >> > >> >> > >> >> -- > >> >> Julian Field > >> >> www.MailScanner.info > >> >> Buy the MailScanner book at > >> >> www.MailScanner.info/store > >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 > >> > 5947 > >> >> 1415 B654 > >> >> > >> >> > >> >> ------------------------ MailScanner list > >> > -------------- > >> >> ---------- > >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with > >> > the > >> >> words: > >> >> 'leave mailscanner' in the body of the email. > >> >> Before posting, read the Wiki ( > >> >> http://wiki.mailscanner.info/) > >> >> and the archives ( > >> >> > >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> >> > >> >> Support MailScanner development - buy the book off > >> > the > >> >> website! > >> >> > >> >> > >> >> > >> >> ------------------------ MailScanner list > >> > -------------------- > >> >> ---- > >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the > >> > words: > >> >> 'leave mailscanner' in the body of the email. > >> >> Before posting, read the Wiki ( > >> >> http://wiki.mailscanner.info/) > >> >> and the archives ( > >> >> > >> >> http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> >> > >> >> Support MailScanner development - buy the book off the > >> >> website! > >> >> > >> >> > >> >> > >> >> -- > >> >> Julian Field > >> >> www.MailScanner.info > >> >> Buy the MailScanner book at www.MailScanner.info/store > >> >> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> >> > >> >> > >> >> ------------------------ MailScanner list ------------------------ > >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> >> 'leave mailscanner' in the body of the email. > >> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> >> > >> >> Support MailScanner development - buy the book off the website! > >> >> > >> >> > >> >> > >> >> ------------------------ MailScanner list ------------------------ > >> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> >> 'leave mailscanner' in the body of the email. > >> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> >> > >> >> Support MailScanner development - buy the book off the website! > >> > > >> > > >> > > >> > > ********************************************************************** > >> > > >> > This email and any files transmitted with it are confidential and > >> > intended solely for the use of the individual or entity to whom they > >> > are addressed. If you have received this email in error please notify > >> > the system manager. > >> > > >> > This footnote confirms that this email message has been swept > >> > for the presence of computer viruses and is believed to be clean. > >> > > >> > > ********************************************************************** > >> > > >> > ------------------------ MailScanner list ------------------------ > >> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> > 'leave mailscanner' in the body of the email. > >> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > > >> > Support MailScanner development - buy the book off the website! > >> > > >> > --------------------------------------------------------------------- > --- > >> ----------- > >> > This message has been scanned by Mailwash Australia. > >> > > >> > Premier Anti-Virus, Anti-Spam and Identity Theft protection > >> > for Corporations and End Users. > >> > > >> > Log into http://www.mailwash.com.au to check your message > >> > store for blocked content. > >> > > >> > Please visit http://www.mailwash.com.au for an overview. > >> > --------------------------------------------------------------------- > --- > >> ----------- > >> > > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------------------------------------------------------ > ----------- > > This message has been scanned by Mailwash Australia. > > > > Premier Anti-Virus, Anti-Spam and Identity Theft protection > > for Corporations and End Users. > > > > Log into http://www.mailwash.com.au to check your message > > store for blocked content. > > > > Please visit http://www.mailwash.com.au for an overview. > > ------------------------------------------------------------------------ > ----------- > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gborders at jlewiscooper.com Mon Nov 28 14:27:01 2005 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Jan 12 21:31:18 2006 Subject: config questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Juan Ramón Gonzalez wrote: > 1) How could be emails bigger than for example 10Mb been delivered > without being filtered/scanned? > We know about: > Maximum Message Size = X > but that option doesn't solve our needs (deliver with no filter/scan). > > 2) We have set at: > filename.rules.conf > delete+deny \.scr$ > > We want that kind of emails filtered would be deleted and not > quarantined if we have > "MailScanner.conf" > Quarantine Infections = yes > > Any way to do it (delete if we have quarantine = yes)? > > Thank you. I've got a system in place that does the basics. I thought I'd share my efforts with the MailScanner community, to help make it easier for the next person to implement. The MailScanner.conf file has a "Quarantine Permissions" variable that mentions setting it to 644 for allowing the web server to have access to the files. (It caused me a lot of frustration until I found that setting.) The MailScanner.conf also has the "Maximum Attachment Size" setting. This is typically set to -1 for unlimited size, or any number of bytes for a system wide restriction. Of course being a SysAdmin, we don't want to limit ourselves, so I created a separate rule set for indivduals / groups. So the MailScanner.conf line looks like : Maximum Attachment Size = %rules-dir%/max.attachment.size.rules And the rules file contains: #list of users and the max file bytes they can receive before they are quarantined. #Fred 100meg for special courier file FromOrTo: fred@comany-x.com 104857600 #test user max size for testuser 1 meg! FromOrTo: testuser@company-x.com 1048576 #everybodyelse gets default (no scan=-1) FromOrTo: default -1 Note you can set various levels of file sizes depending on what you want. I tested my settings with my testuser account, and it didn't affect the live users. Later I can set the default to a comfortable limit. Next, we need to change a couple of reports in /etc/MailScanner/reports/en/ From my tests, send.error.report.txt and stored.virus.message.txt were sent to the sender / recipient respectively when the "Attachment is too large" flag is tripped.. I included some lines in the stored.virus.message.txt that recreated the URL to the file. The available perl variables make this a cinch. URL: for direct download: http://www.company-x/pickup/$datenumber/$id/$filename Lastly, Note the above url path doesn't have the full /var/spool/MailScanner/quarantine/ in it. For Apache users. this is easy to do. With an alias in the httpd.conf file, you can better protect the quarantine area from malicious types. Alias /pickup/ "/var/spool/MailScanner/quarantine/" Options Indexes MultiViews AllowOverride None Order allow,deny Allow from all Restart your MS and HTTPD daemons and all is good. Hope this helps anyone that needs to have automated access to their quarantine files! -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 28 14:46:38 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 28 Nov 2005, at 14:40, Martin Hepworth wrote: > Yes - you need a message in the inbound queue so it will actually do > something useful as well.. > > Hmm I see you're running the mail stop/start script..... > > Stop MailScanner only (how ever that's done with the RPM version of > the init > script). Have a look at the script. Shortest way is this: service MailScanner stop service MailScanner startin service MailScanner startout Then do check_MailScanner with some messages in /var/spool/mqueue.in and both Debug options set in MailScanner.conf and watch the output spew past. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4sYUPw32o+k+q+hAQF5eQf/UTY1r4KXyFJ+NIUMvlqctwrMpLuHjrda QkJsX0mCUoHv8asvdiZQlNNPgVeIM+HDZvFwoH2hvVVWeV3OrY+oJu/Q3D/31BoB 1V10AvGZ7mqL+yZawwtQT2kHNxk9Dw6H4BXm4V3VCR0bvmdcyt8zR0/mX3WifuK4 bKVx13s8S0dJ8tEDN9u2QWbcIb1ZrFNPYBYGx0Wy1eknIqEdjNZGQdKgrcXWyK3B BvbyNn+CLYcU89fSumyYUY7NYXnaFWGGNKofG6fNMWKaQAfozFuto8SmxPwVp8IJ 1XtUdb0hWcT46rb7gjbSDQK3FlrPIuj71QQIJCn3UiTY97HKa2Gygg== =A1WB -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Mon Nov 28 14:51:00 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:18 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, Martin, thanks for your assistance with this. It's 1:45am here in Oz and I need to sleep :) Will debug tomorrow morning and send the ouput to the list. I'd love to use the phishing fraud check feature so hopefully the debug output will turn up why this doesn't seem to be working for me. Again, many thanks. Tony. ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, November 29, 2005 1:46 AM Subject: Re: Phishing problem. > -----BEGIN PGP SIGNED MESSAGE----- > > > On 28 Nov 2005, at 14:40, Martin Hepworth wrote: > >> Yes - you need a message in the inbound queue so it will actually do >> something useful as well.. >> >> Hmm I see you're running the mail stop/start script..... >> >> Stop MailScanner only (how ever that's done with the RPM version of >> the init >> script). Have a look at the script. > > Shortest way is this: > service MailScanner stop > service MailScanner startin > service MailScanner startout > > Then do > check_MailScanner > with some messages in /var/spool/mqueue.in and both Debug options set > in MailScanner.conf and watch the output spew past. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ4sYUPw32o+k+q+hAQF5eQf/UTY1r4KXyFJ+NIUMvlqctwrMpLuHjrda > QkJsX0mCUoHv8asvdiZQlNNPgVeIM+HDZvFwoH2hvVVWeV3OrY+oJu/Q3D/31BoB > 1V10AvGZ7mqL+yZawwtQT2kHNxk9Dw6H4BXm4V3VCR0bvmdcyt8zR0/mX3WifuK4 > bKVx13s8S0dJ8tEDN9u2QWbcIb1ZrFNPYBYGx0Wy1eknIqEdjNZGQdKgrcXWyK3B > BvbyNn+CLYcU89fSumyYUY7NYXnaFWGGNKofG6fNMWKaQAfozFuto8SmxPwVp8IJ > 1XtUdb0hWcT46rb7gjbSDQK3FlrPIuj71QQIJCn3UiTY97HKa2Gygg== > =A1WB > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 28 14:51:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: config questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- We are still intending to publish a lightweight system based on this idea. The one major extra feature is that it requires a mouse click by a sysadmin to confirm the file release request, so you can stop your users collecting viruses out of the quarantine, or any other file you don't want them to get access to. You can give a reason for your decision as well. They collect their attachment from a web server URL. It works with multiple MailScanner servers and is pretty intelligent about finding all the log files and so on. Only snag is that the poor guy who is writing it is incredibly busy doing his day job and doesn't have much spare time to devote to this at the moment. He is horribly overworked, which of course isn't helped by me giving him a constant stream of extra jobs to do as well :-) Sorry Andy! Jules. On 28 Nov 2005, at 14:27, Greg Borders wrote: > Juan Ramón Gonzalez wrote: >> 1) How could be emails bigger than for example 10Mb been delivered >> without being filtered/scanned? >> We know about: >> Maximum Message Size = X >> but that option doesn't solve our needs (deliver with no filter/ >> scan). >> >> 2) We have set at: >> filename.rules.conf >> delete+deny \.scr$ >> >> We want that kind of emails filtered would be deleted and not >> quarantined if we have >> "MailScanner.conf" >> Quarantine Infections = yes >> >> Any way to do it (delete if we have quarantine = yes)? >> >> Thank you. > I've got a system in place that does the basics. I thought I'd > share my efforts with the MailScanner community, to help make it > easier for the next person to implement. > > The MailScanner.conf file has a "Quarantine Permissions" variable > that mentions setting it to 644 for allowing the web server to have > access to the files. (It caused me a lot of frustration until I > found that setting.) > > The MailScanner.conf also has the "Maximum Attachment Size" > setting. This is typically set to -1 for unlimited size, or any > number of bytes for a system wide restriction. Of course being a > SysAdmin, we don't want to limit ourselves, so I created a separate > rule set for indivduals / groups. So the MailScanner.conf line > looks like : > Maximum Attachment Size = %rules-dir%/max.attachment.size.rules > > And the rules file contains: > > #list of users and the max file bytes they can receive before they > are quarantined. > #Fred 100meg for special courier file > FromOrTo: fred@comany-x.com 104857600 > > #test user max size for testuser 1 meg! > FromOrTo: testuser@company-x.com 1048576 > > #everybodyelse gets default (no scan=-1) > FromOrTo: default -1 > > Note you can set various levels of file sizes depending on what you > want. I tested my settings with my testuser account, and it didn't > affect the live users. Later I can set the default to a > comfortable limit. > > Next, we need to change a couple of reports in > /etc/MailScanner/reports/en/ > > From my tests, send.error.report.txt and stored.virus.message.txt > were sent to the sender / recipient respectively when the > "Attachment is too large" flag is tripped.. I included some lines > in the stored.virus.message.txt that recreated the URL to the file. > The available perl variables make this a cinch. > > URL: for direct download: > http://www.company-x/pickup/$datenumber/$id/$filename > > Lastly, Note the above url path doesn't have the full /var/spool/ > MailScanner/quarantine/ in it. For Apache users. this is easy to > do. With an alias in the httpd.conf file, you can better protect > the quarantine area from malicious types. > > Alias /pickup/ "/var/spool/MailScanner/quarantine/" > > Options Indexes MultiViews > AllowOverride None > Order allow,deny > Allow from all > > > Restart your MS and HTTPD daemons and all is good. > Hope this helps anyone that needs to have automated access to their > quarantine files! > > > -- > This transmission may contain information that is privileged, > confidential > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, > copying, > distribution, or use of the information contained herein (including > any > reliance thereon) is STRICTLY PROHIBITED. If you received this > transmission > in error, please immediately contact the sender and destroy the > material in > its entirety, whether in electronic or hard copy format. Thank you. > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ4sZfvw32o+k+q+hAQGosAf/bXY2/NXnqm6jmh13CdY+vqvCKo2NdqWS RSgApZbp5doOZvIRHQS17FpABC47Jbf2V+RGRH39QpBUxUXTSVO1nB736abhi+yO SsZdU3iDVZMUZbHbpgcdhB+TGk/cjBWKg0d8ixFZEYINj5fy13Rw7I7qIeqPMgd8 J49dRHs2sgleUjzvJm5KmJxpce0W9fOB3PjZUfg/sqFGWn0KmomozKf5kDsry78Q Z2x0enagYGNf1oWq4FYz96Yy02koPUzQZDDiOz/dgaki2hv8LW9VKcFLmEk+H6VQ VYwJ0gKybHw+Mfo8Itg/zeawtVQW7RnauVbYsuYg9oJQMfr9nKJ4+Q== =dM4j -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Mon Nov 28 15:09:16 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:31:18 2006 Subject: config questions Message-ID: >Alias /pickup/ "/var/spool/MailScanner/quarantine/" > > Options Indexes MultiViews > AllowOverride None > Order allow,deny > Allow from all > I think you'd want to set the above to -Indexes not Indexes. Using Indexes would anyone to list the contents of directories and retrieve any file in your quarantine without any previous knowledge. Try the URL http://whatever/pickup/, doesn't that allow you to see all directories in /var/spool/MailScanner/quarantine/? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From juanrag at GMAIL.COM Mon Nov 28 17:37:15 2005 From: juanrag at GMAIL.COM ([ISO-8859-1] Juan Ramón Gonzalez) Date: Thu Jan 12 21:31:18 2006 Subject: config questions Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] So... for the moment, there is no way to do what I want, isn't it? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Tue Nov 29 00:49:16 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi all. a simple question, is possible to sign outgoing messages to the banner of mailscanner? when i try to sign messages all messages are signed incomming and outgoing. i need only sign the outgoing messages. thanks -- .- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Nov 29 00:24:54 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pablo Allietti wrote: > hi all. a simple question, is possible to sign outgoing messages to the > banner of mailscanner? > > when i try to sign messages all messages are signed incomming and > outgoing. i need only sign the outgoing messages. thanks It is possible via a ruleset. You might want to check the list's archives as I think I asked about this about 2 years ago and I'm pretty sure other people have asked since.. Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Tue Nov 29 01:27:16 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, Nov 29, 2005 at 12:24:54AM +0000, Michele Neylon:: Blacknight.ie wrote: > Pablo Allietti wrote: > > hi all. a simple question, is possible to sign outgoing messages to the > > banner of mailscanner? > > > > when i try to sign messages all messages are signed incomming and > > outgoing. i need only sign the outgoing messages. thanks > It is possible via a ruleset. You might want to check the list's > archives as I think I asked about this about 2 years ago and I'm pretty > sure other people have asked since.. and you can post your ruleset about sign the messages ? please please? > > Michele > > -- > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- .- Pablo Allietti LACNIC ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Nov 29 00:29:25 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pablo Allietti wrote: > > and you can post your ruleset about sign the messages ? please please? I can't - as I stopped using it - sorry :( -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 29 00:15:33 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pablo Allietti wrote: > hi all. a simple question, is possible to sign outgoing messages to the > banner of mailscanner? > > when i try to sign messages all messages are signed incomming and > outgoing. i need only sign the outgoing messages. thanks You need to create a ruleset for this parameter: Sign Clean Messages = no See http://wiki.mailscanner.info/doku.php?id=maq:index for more info... -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pablo at LACNIC.NET Tue Nov 29 01:34:33 2005 From: pablo at LACNIC.NET (Pablo Allietti) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, Nov 28, 2005 at 07:15:33PM -0500, Ugo Bellavance wrote: > Pablo Allietti wrote: > >hi all. a simple question, is possible to sign outgoing messages to the > >banner of mailscanner? > > > >when i try to sign messages all messages are signed incomming and > >outgoing. i need only sign the outgoing messages. thanks > > You need to create a ruleset for this parameter: > > Sign Clean Messages = no yes but this solution is only for didnt sign clean messages but i need to sign outgoing messages anyway :( > > See http://wiki.mailscanner.info/doku.php?id=maq:index for more info... > > -- > Ugo > > -> Please don't send a copy of your reply by e-mail. I read the list. > -> Please avoid top-posting, long signatures and HTML, and cut the > irrelevant parts in your replies. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ---end quoted text--- -- .- Pablo Allietti LACNIC ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 29 00:28:40 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pablo Allietti spake the following on 11/28/2005 4:49 PM: > hi all. a simple question, is possible to sign outgoing messages to the > banner of mailscanner? > > when i try to sign messages all messages are signed incomming and > outgoing. i need only sign the outgoing messages. thanks Use a ruleset. http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:examples -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 29 08:56:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: Specifically example 3.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Scott Silva > Sent: 29 November 2005 00:29 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] sign outgoing messages > > Pablo Allietti spake the following on 11/28/2005 4:49 PM: > > hi all. a simple question, is possible to sign outgoing messages to the > > banner of mailscanner? > > > > when i try to sign messages all messages are signed incomming and > > outgoing. i need only sign the outgoing messages. thanks > Use a ruleset. > > http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rules > ets:examples > > -- > > /-----------------------\ |~~\_____/~~\__ | > | MailScanner; The best |___________ \N1____====== )-+ > | protection on the net!| ~~~|/~~ | > \-----------------------/ () > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Jan-Peter.Koopmann at SECEIDOS.DE Tue Nov 29 09:33:14 2005 From: Jan-Peter.Koopmann at SECEIDOS.DE (Koopmann, Jan-Peter) Date: Thu Jan 12 21:31:18 2006 Subject: ending the spam.assassin.prefs.conf madness. Message-ID: On Tuesday, November 22, 2005 1:23 PM YAN wrote: > On my Freebsd 4.10-RELEASE system with SA 3.10 this gives the > following output > > site rules is "/etc/mail/spamassassin" Interesting. From memory this should be /usr/local/etc/mail/spamassassin if you installed SpamAssassin from the ports which you should have. Kind regards, JP ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at masonc.com Tue Nov 29 13:24:07 2005 From: lists at masonc.com (Chris Mason (Lists)) Date: Thu Jan 12 21:31:18 2006 Subject: Procmail all mail? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a server that only handles traffic to a ticket system. We have been bombarded with spam and have problems with false positives. Is it possible to pass all mail through Procmail before MailScanner gets it? All our mail originates from a form and contain a limited range of subjects, I can rewrite the forms to have one word always be present such as the company name, and deny any other mail. Is that possible? -- Chris Mason NetConcepts (264) 497-5670 Fax: (264) 497-8463 Int: (305) 704-7249 Fax: (815)301-9759 Cell: 264-235-5670 Yahoo IM: netconcepts_anguilla@yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From h.g.eriksen at USIT.UIO.NO Tue Nov 29 14:24:43 2005 From: h.g.eriksen at USIT.UIO.NO (Haakon Eriksen) Date: Thu Jan 12 21:31:18 2006 Subject: Procmail all mail? Message-ID: "Chris Mason (Lists)" writes: > I have a server that only handles traffic to a ticket system. We have > been bombarded with spam and have problems with false positives. > Is it possible to pass all mail through Procmail before MailScanner > gets it? All our mail originates from a form and contain a limited > range of subjects, I can rewrite the forms to have one word always be > present such as the company name, and deny any other mail. > Is that possible? You'd save resources if you'd just reject unwanted messages at the MTA level. -- - haakon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 29 13:54:40 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:18 2006 Subject: sign outgoing messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Pablo Allietti wrote: > On Mon, Nov 28, 2005 at 07:15:33PM -0500, Ugo Bellavance wrote: >> Pablo Allietti wrote: >>> hi all. a simple question, is possible to sign outgoing messages to the >>> banner of mailscanner? >>> >>> when i try to sign messages all messages are signed incomming and >>> outgoing. i need only sign the outgoing messages. thanks >> You need to create a ruleset for this parameter: >> >> Sign Clean Messages = no > > yes but this solution is only for didnt sign clean messages but i need > to sign outgoing messages anyway :( Could you re-phrase that? I don't understand why a ruleset for "Sign Clean Messages" wouldn't work. For your internal IPs, you use "yes" and for the default, you use "no". Did you actually read the link? > >> See http://wiki.mailscanner.info/doku.php?id=maq:index for more info... >> >> -- >> Ugo >> >> -> Please don't send a copy of your reply by e-mail. I read the list. >> -> Please avoid top-posting, long signatures and HTML, and cut the >> irrelevant parts in your replies. >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > ---end quoted text--- > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mgt at STELLARCORE.NET Tue Nov 29 15:15:00 2005 From: mgt at STELLARCORE.NET (Mike Tremaine) Date: Thu Jan 12 21:31:18 2006 Subject: Best method to use clamav [4.47+ & 0.87.1] Message-ID: Thought I'd ask what people are doing now. In the past I've always installed Mail::ClamAV to use the clamavmodule method to interface with ClamAV. I'm wondering if this is still the best way to go when setting up MailScanner+ClamAV[+Sendmail]... I have one machine that is load sensitive [50K+ mails on PII 2x400mhz] so I'm always interested in getting the best setting with the least load. Last night I had 151 timeouts 151 virus scanner timeout(s) clamavmodule: 151 Time(s) Which was something new to me. Any input would be appreciated. [It is also possbile that my Mail::ClamAV is a few versions old I'm checking that out right now.] -Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 29 14:11:05 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:18 2006 Subject: Debian Sarge update_virus_scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Using MailScanner on Sarge, I found out that my anti-virus engines don't get updated, so I created a symlink in /etc/cron.daily/ to /usr/sbin/update_virus_scanners, without success. Even running the script manually only logs this: Nov 29 09:02:08 leadpipe update.virus.scanners: Found bitdefender installed Nov 29 09:02:08 leadpipe update.virus.scanners: Found clamav installed Nov 29 09:02:08 leadpipe update.virus.scanners: Found generic installed but no actual update happens, I must update manually. Ideas? Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Nov 29 15:46:20 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:18 2006 Subject: Debian Sarge update_virus_scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Hi, > > Using MailScanner on Sarge, I found out that my anti-virus engines > don't get updated, so I created a symlink in /etc/cron.daily/ to > /usr/sbin/update_virus_scanners, without success. Even running the > script manually only logs this: > > Nov 29 09:02:08 leadpipe update.virus.scanners: Found bitdefender installed > Nov 29 09:02:08 leadpipe update.virus.scanners: Found clamav installed > Nov 29 09:02:08 leadpipe update.virus.scanners: Found generic installed > > but no actual update happens, I must update manually. What happen when you manually run the individual scripts? /path/to/bitdefender-autoupdate /opt/bdc [replace with install path] /path/to/clamav-autoupdate /usr [replace with install path] I get something like this.. [root@sauron ~]# /usr/lib/MailScanner/bitdefender-autoupdate /opt/bdc BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. No update available. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Nov 29 15:50:34 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:18 2006 Subject: clamavmodule Message-ID: Gang, I boosted the Clamavmodule Recursion level to 8, applied the patch below, switched from clamav to clamavmodule and back again -- nothing. Clam refuses to catch the Sober.U/Sober-Z virus for me. Sophos is on the job though. My setup: Solaris 9, ClamAV 0.87.1, MS 4.47.4, sophos 3.99. Jeff Earickson Colby College On Wed, 23 Nov 2005, Rick Cooper wrote: > Date: Wed, 23 Nov 2005 10:22:41 -0500 > From: Rick Cooper > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamavmodule > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On Behalf Of Rodney Green > Sent: Wednesday, November 23, 2005 7:15 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: clamavmodule > > > Hello, > > With the recent Sober outbreak I have just noticed that ClamAV does not appear to be scanning. I'm using both bitdefender and ClamAV and bitdefender is listed as having detected the virus/worm but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. Any ideas why clam isn't scanning? [snip] > > [Rick Cooper] > > Ok I noted a couple of things that could cause a problem. MailScanner.conf > > ClamAVmodule Maximum Recursion Level should be at least 8, don't know what the default is > ClamAVmodule Maximum Compression Ratio should be at least 250, don't know what the default is > > Apply the following patch, if Julian ok's it of course, to SweepViruses.pm. It adds CL_SCAN_BLOCKBROKEN() because, apparently, if this is not set it may not handle several viruses correctly. The clam author (tomitz?) was mostly concerned about the user's maxrecursion being below 8 and flatly state at his current setting (I think it was one) Clam would miss a large number of malware. > > Julian, do you think CL_SCAN_BLOCKBROKEN() should be a default or a config option. Broken PE files are pretty much always malware anyway. > > ================================= Cut below ========== > --- SweepViruses.pm Wed Nov 23 10:08:36 2005 > +++ SweepVirusesClamFix.pm Wed Nov 23 10:09:10 2005 > @@ -1023,15 +1023,17 @@ > $results = $Clam->scan("$dirname/$childname/$filename", > Mail::ClamAV::CL_SCAN_STDOPT() | > Mail::ClamAV::CL_SCAN_ARCHIVE() | > Mail::ClamAV::CL_SCAN_PE() | > + Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | > Mail::ClamAV::CL_SCAN_OLE2()); > } else { > $results = $Clam->scan("$dirname/$childname/$filename", > Mail::ClamAV::CL_SCAN_STDOPT() | > Mail::ClamAV::CL_SCAN_ARCHIVE() | > Mail::ClamAV::CL_SCAN_PE() | > Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | > + Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | > Mail::ClamAV::CL_SCAN_OLE2()); > } > > unless ($results) { > > ======================== End Cut ====================== > > Rick > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 29 15:59:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: clamavmodule Message-ID: -----BEGIN PGP SIGNED MESSAGE----- If you quarantine the attachment, then run clamscan on it by hand, what do you get? On 29 Nov 2005, at 15:50, Jeff A. Earickson wrote: > Gang, > > I boosted the Clamavmodule Recursion level to 8, applied the patch > below, switched from clamav to clamavmodule and back again -- nothing. > Clam refuses to catch the Sober.U/Sober-Z virus for me. Sophos is > on the job though. My setup: Solaris 9, ClamAV 0.87.1, MS 4.47.4, > sophos 3.99. > > Jeff Earickson > Colby College > > On Wed, 23 Nov 2005, Rick Cooper wrote: > >> Date: Wed, 23 Nov 2005 10:22:41 -0500 >> From: Rick Cooper >> Reply-To: MailScanner mailing list >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: clamavmodule >> >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >> On Behalf Of Rodney Green >> Sent: Wednesday, November 23, 2005 7:15 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: clamavmodule >> >> >> Hello, >> >> With the recent Sober outbreak I have just noticed that ClamAV >> does not appear to be scanning. I'm using both bitdefender and >> ClamAV and bitdefender is listed as having detected the virus/worm >> but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, >> ClamAV version 0.87.1. Any ideas why clam isn't scanning? > [snip] >> >> [Rick Cooper] >> >> Ok I noted a couple of things that could cause a problem. >> MailScanner.conf >> >> ClamAVmodule Maximum Recursion Level should be at least 8, don't >> know what the default is >> ClamAVmodule Maximum Compression Ratio should be at least 250, >> don't know what the default is >> >> Apply the following patch, if Julian ok's it of course, to >> SweepViruses.pm. It adds CL_SCAN_BLOCKBROKEN() because, >> apparently, if this is not set it may not handle several viruses >> correctly. The clam author (tomitz?) was mostly concerned about >> the user's maxrecursion being below 8 and flatly state at his >> current setting (I think it was one) Clam would miss a large >> number of malware. >> >> Julian, do you think CL_SCAN_BLOCKBROKEN() should be a default or >> a config option. Broken PE files are pretty much always malware >> anyway. >> >> ================================= Cut below ========== >> --- SweepViruses.pm Wed Nov 23 10:08:36 2005 >> +++ SweepVirusesClamFix.pm Wed Nov 23 10:09:10 2005 >> @@ -1023,15 +1023,17 @@ >> $results = $Clam->scan("$dirname/$childname/$filename", >> Mail::ClamAV::CL_SCAN_STDOPT() | >> Mail::ClamAV::CL_SCAN_ARCHIVE() | >> Mail::ClamAV::CL_SCAN_PE() | >> + Mail::ClamAV::CL_SCAN_BLOCKBROKEN >> () | >> Mail::ClamAV::CL_SCAN_OLE2()); >> } else { >> $results = $Clam->scan("$dirname/$childname/$filename", >> Mail::ClamAV::CL_SCAN_STDOPT() | >> Mail::ClamAV::CL_SCAN_ARCHIVE() | >> Mail::ClamAV::CL_SCAN_PE() | >> >> Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | >> + Mail::ClamAV::CL_SCAN_BLOCKBROKEN >> () | >> Mail::ClamAV::CL_SCAN_OLE2()); >> } >> >> unless ($results) { >> >> ======================== End Cut ====================== >> >> Rick - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ4x6zvw32o+k+q+hAQFYHQf/cvoJ2n2ZxBHm+PAwEEsMoq4ifxh0FtX3 GD1qCwo62Kuxk0cRygGJoQi0J/h4VPmakv1KJeM6tqAxXMWI8P6ms4j6m8+KLccY 25NPTGszvRdYU7d1zDEdPkKT0wQ9MEGji7PSCrutKPBx8pyXCeYNAynf5XO+5qyg 32cRMR6NrdV6XyTFFtPlX5rWMRncoMIesGfk2ENcNuxIm+Llyp6HMki0HrsU9ana yfc7dsm1KX55PBj06SnLUGPLzJis+FhQUzZ+LvlepX6IhoVIj2o1RkPYf0gMKwbD Mxv5Ea4286UyFVgogbN+xVccr48F6oEYRvXLVxbVRsYim+5jBB+HMA== =Eh/9 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Tue Nov 29 16:20:14 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:18 2006 Subject: clamavmodule Message-ID: You are probably running with an ancient libclamav.so somewhere, so I'd advise uninstalling clamav, cleaning up any orphaned clamav files, then reinstalling clamav. Make sure there is really only one version of ClamAV installed on your system: $ whereis freshclam $ whereis clamscan Also make sure that you haven't got old libraries (libclamav.so*) lying around your filesystem. You can verify it using: $ ldd `which freshclam` Also, find / -name *clam* will also help remove all of this stuff (move or delete your choice) then re-install. Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jeff A. Earickson > Sent: 29 November 2005 15:51 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamavmodule > > Gang, > > I boosted the Clamavmodule Recursion level to 8, applied the > patch below, switched from clamav to clamavmodule and back > again -- nothing. > Clam refuses to catch the Sober.U/Sober-Z virus for me. > Sophos is on the job though. My setup: Solaris 9, ClamAV > 0.87.1, MS 4.47.4, sophos 3.99. > > Jeff Earickson > Colby College > > On Wed, 23 Nov 2005, Rick Cooper wrote: > > > Date: Wed, 23 Nov 2005 10:22:41 -0500 > > From: Rick Cooper > > Reply-To: MailScanner mailing list > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: clamavmodule > > > > > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > > Behalf Of Rodney Green > > Sent: Wednesday, November 23, 2005 7:15 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: clamavmodule > > > > > > Hello, > > > > With the recent Sober outbreak I have just noticed that > ClamAV does not appear to be scanning. I'm using both > bitdefender and ClamAV and bitdefender is listed as having > detected the virus/worm but ClamAV is not. I'm using > clamavmodule, MailScanner 4.37.7, ClamAV version 0.87.1. Any > ideas why clam isn't scanning? > [snip] > > > > [Rick Cooper] > > > > Ok I noted a couple of things that could cause a problem. > > MailScanner.conf > > > > ClamAVmodule Maximum Recursion Level should be at least 8, > don't know > > what the default is ClamAVmodule Maximum Compression Ratio > should be > > at least 250, don't know what the default is > > > > Apply the following patch, if Julian ok's it of course, to > SweepViruses.pm. It adds CL_SCAN_BLOCKBROKEN() because, > apparently, if this is not set it may not handle several > viruses correctly. The clam author (tomitz?) was mostly > concerned about the user's maxrecursion being below 8 and > flatly state at his current setting (I think it was one) Clam > would miss a large number of malware. > > > > Julian, do you think CL_SCAN_BLOCKBROKEN() should be a > default or a config option. Broken PE files are pretty much > always malware anyway. > > > > ================================= Cut below ========== > > --- SweepViruses.pm Wed Nov 23 10:08:36 2005 > > +++ SweepVirusesClamFix.pm Wed Nov 23 10:09:10 2005 > > @@ -1023,15 +1023,17 @@ > > $results = $Clam->scan("$dirname/$childname/$filename", > > Mail::ClamAV::CL_SCAN_STDOPT() | > > Mail::ClamAV::CL_SCAN_ARCHIVE() | > > Mail::ClamAV::CL_SCAN_PE() | > > + > Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | > > Mail::ClamAV::CL_SCAN_OLE2()); > > } else { > > $results = $Clam->scan("$dirname/$childname/$filename", > > Mail::ClamAV::CL_SCAN_STDOPT() | > > Mail::ClamAV::CL_SCAN_ARCHIVE() | > > Mail::ClamAV::CL_SCAN_PE() | > > > Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | > > + > Mail::ClamAV::CL_SCAN_BLOCKBROKEN() | > > Mail::ClamAV::CL_SCAN_OLE2()); > > } > > > > unless ($results) { > > > > ======================== End Cut ====================== > > > > Rick > > > > > > -- > > This message has been scanned for viruses and dangerous content by > > MailScanner, and is believed to be clean. > > > > > > > > ------------------------ MailScanner list > ------------------------ To > > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 29 16:07:50 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:18 2006 Subject: Debian Sarge update_virus_scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Ugo Bellavance wrote: >> Hi, >> >> Using MailScanner on Sarge, I found out that my anti-virus engines >> don't get updated, so I created a symlink in /etc/cron.daily/ to >> /usr/sbin/update_virus_scanners, without success. Even running the >> script manually only logs this: >> >> Nov 29 09:02:08 leadpipe update.virus.scanners: Found bitdefender >> installed >> Nov 29 09:02:08 leadpipe update.virus.scanners: Found clamav installed >> Nov 29 09:02:08 leadpipe update.virus.scanners: Found generic installed >> >> but no actual update happens, I must update manually. > > What happen when you manually run the individual scripts? > /path/to/bitdefender-autoupdate /opt/bdc [replace with install path] > /path/to/clamav-autoupdate /usr [replace with install path] > Hmmm... none of the scripts in /etc/MailScanner/autoupdate is executable... is that normal? > I get something like this.. > [root@sauron ~]# /usr/lib/MailScanner/bitdefender-autoupdate /opt/bdc > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > No update available. > > - dhawal > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Tue Nov 29 16:45:32 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:18 2006 Subject: Debian Sarge update_virus_scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Dhawal Doshy wrote: >> Ugo Bellavance wrote: >> >>> Hi, >>> >>> Using MailScanner on Sarge, I found out that my anti-virus >>> engines don't get updated, so I created a symlink in /etc/cron.daily/ >>> to /usr/sbin/update_virus_scanners, without success. Even running >>> the script manually only logs this: >>> >>> but no actual update happens, I must update manually. >> >> What happen when you manually run the individual scripts? >> /path/to/bitdefender-autoupdate /opt/bdc [replace with install path] >> /path/to/clamav-autoupdate /usr [replace with install path] > > Hmmm... none of the scripts in /etc/MailScanner/autoupdate is > executable... is that normal? Doesn't look normal.. [root@sauron ~]# cd /usr/lib/MailScanner [root@sauron MailScanner]# ll clamav-autoupdate bitdefender-autoupdate -rwxr-xr-x 1 root root 22523 Sep 1 14:16 bitdefender-autoupdate -rwxr-xr-x 1 root root 2104 Sep 1 14:16 clamav-autoupdate - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Nov 29 16:57:00 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:31:18 2006 Subject: spam.assassin.prefs.conf contents Message-ID: Julian Field wrote: > Here are all the current settings in spam.assassin.prefs.conf. > Please tell me what settings you think should be removed. > I am assuming at the point that we keep all of it in 1 file. 1 versus > 2 files can go in a separate thread. > snip > lock_method flock I was on vacation for most of this discussion, but since you all were talking about me (clueless email administrator ) I figured I may as well post even if it is late in the game. One thing I've never been clear on is using the "lock method flock" is SA, and using posix locking for MS/sendmail. I left the SA lock method set to flock but changed the MailScanner.conf setting to posix based on previous discussion on the list. (Apparently flock is wonky in Linux when running sendmail.) So the question is, does it matter if SA is using flock and MailScanner is set to posix? If they can/should be mixed, maybe some verbage in one or the other config files to clarify that what the lock setting refers to and is doing. It's probably intuitively obvious to experience email admins, but for folks still trying to make sense of all the individual pieces is fuzzy... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Nov 29 17:01:57 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:31:18 2006 Subject: f-secure Message-ID: Last week or so someone posted asking about F-Secure, and it's catch rate being way down compared to other scanners. Just got this post this morning, mentioning that a new version is out: ======================================================================== ===== Dear Customer, According to our records, you have a valid support and maintenance agreement with F-Secure. The agreement entitles you to complimentary product updates, which you can download from our website. Before downloading and installing the product, please read the license terms according to which you can install and use F-Secure software: . We have released a new version of F-Secure Anti-Virus for Linux Servers. WHAT IS NEW IN THIS UPDATE? F-Secure Anti-Virus for Linux Servers, version 4.64 --------------------------------------------------- Version 4.64 contains updated getdbhtp to version 1.31.11320. Also all broken zip archives are now being reported as scan errors. For more information, please see the Release Notes. ======================================================================== ===== At times they've failed to notify me of updates, so this is just an FYI in case any others are running F-Secure but didn't get notified... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 29 17:07:12 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:18 2006 Subject: spam.assassin.prefs.conf contents Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > So the question is, does it matter if SA is using flock and MailScanner > is set to posix? No.. This locking is only for SA to negotiate how to lock the bayes and AWL databases amongst instances of itself. It has nothing to do with sharing files with your MTA, or any other program. Note however that ALL instances of SA (including sa-learn) must use the same method for it to work properly. If MailScanner's instance of SA is using flock, and sa-learn is using nfssafe (the default) you can corrupt your bayes database. This is why it's generally inadvisable to put this in user_prefs files. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 29 17:10:07 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: spam.assassin.prefs.conf contents Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 29 Nov 2005, at 17:07, Matt Kettler wrote: > Kevin Miller wrote: > >> So the question is, does it matter if SA is using flock and >> MailScanner >> is set to posix? > > No.. This locking is only for SA to negotiate how to lock the bayes > and AWL > databases amongst instances of itself. > > It has nothing to do with sharing files with your MTA, or any other > program. > > Note however that ALL instances of SA (including sa-learn) must use > the same > method for it to work properly. If MailScanner's instance of SA is > using flock, > and sa-learn is using nfssafe (the default) you can corrupt your > bayes database. > This is why it's generally inadvisable to put this in user_prefs > files. How do you make sure sa-learn is using the same setting as the main SA engine? Or how do you tell sa-learn to use flock? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ4yLcfw32o+k+q+hAQGs5wgAiUy7TCviQKIG4XNhR8ClkJLViHhAY6NB +Ps3dHyjzbwzXSy/KPcWSSGianLi0UEL8tMnDgnqpbemhqD8M/w7O5sppizT7Sg9 cMcbOrhdgO2GEE14tE74WSk2ArI0bfe2uYh78wCoUfhU/xet4n77ZDvtO47t0WBK EUXdQ33fIi70espcOzRDVE68pD8drKQAz3wyn9J0bIQMQ+r+qzCYs5gYwZbiiIPQ tzuZYtNDjxHJ5FCu0ZOeIdAEgT/IsQ4qtZ+w703ahwaL6RwnNTyrmSyJNCWXs3sx 7PxPGtGnZpIPSi6MOL65RbMuGbDEAN1dqj8gQHj6m0VJig7TXolpDg== =7L2u -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 29 17:15:28 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: Maxsec: stuff about install.sh and FreeBSD Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Maxsec, I don't know your email address or anything, so have to spam the list :-( Don't understand your last comment in IRC this afternoon. the new install.sh you sent me for the FreeBSD mailscanner.cf sym link to /opt/MailScanner/etc/spam.assassi n.pref.conf needs to be included since the last beta What install.sh do you need? Just the standard install.sh from the MailScanner-install-......tar.gz? If so, this is probably the code you're looking for: echo echo Linking into SpamAssassin if you have it installed. echo SADIR=`$PERL -MMail::SpamAssassin -e 'printMail::SpamAssassin->new->first_existing_path(@Mail::SpamAssassin::site_rules_pa h)' 2>/dev/null` if [ "x$SADIR" = "x" ]; then   echo No SpamAssassin installation found. else   if [ -d /opt/MailScanner/etc ]; then     ln -s -f /opt/MailScanner/etc/spam.assassin.prefs.conf ${SADIR}/mailscanner.cf     echo Good, the link was created to /opt/MailScanner/etc   elif [ -d /usr/local/MailScanner/etc ]; then     ln -s -f /usr/local/MailScanner/etc/spam.assassin.prefs.conf ${SADIR}/mailscanner.cf     echo Good, the link was created to /usr/local/MailScanner/etc   elif [ -d /etc/MailScanner ]; then     ln -s -f /etc/MailScanner/spam.assassin.prefs.conf ${SADIR}/mailscanner.cf     echo Good, the link was created to /etc/MailScanner   elif [ -d /usr/local/etc/MailScanner ]; then     ln -s -f /usr/local/etc/MailScanner/spam.assassin.prefs.conf ${SADIR}/mailscanner.cf     echo Good, the link was created to /usr/local/etc/MailScanner   else     echo     echo 'WARNING: Could not find MailScanner installation directory.'     echo  WARNING: You must create a link in ${SADIR} called mailscanner.cf     echo  WARNING: which points to the spam.assassin.prefs.conf file in the     echo  WARNING: MailScanner etc directory.     echo     sleep 10   fi fi timewait 5 --  Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/PGP-SIGNATURE 498bytes. ] [ Unable to print this part. ] From Kevin_Miller at CI.JUNEAU.AK.US Tue Nov 29 17:31:02 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:31:18 2006 Subject: spam.assassin.prefs.conf contents Message-ID: Matt Kettler wrote: > Kevin Miller wrote: > >> So the question is, does it matter if SA is using flock and >> MailScanner is set to posix? > > No.. This locking is only for SA to negotiate how to lock the bayes > and AWL databases amongst instances of itself. > It has nothing to do with sharing files with your MTA, or any other > program. > That's pretty much what I assumed, but wanted to confirm, thanks. > Note however that ALL instances of SA (including sa-learn) must use > the same method for it to work properly. If MailScanner's instance of > SA is using flock, and sa-learn is using nfssafe (the default) you > can corrupt your bayes database. This is why it's generally > inadvisable to put this in user_prefs files. Oh great, something else to be confused about! This is the first I've heard of nfssafe locking. Per the recommendations in spam.assassin.prefs.conf I set 'lock_method flock' in /etc/mail/spamassassin/local.cf (see below) Note that it is commented out in spam.assassin.prefs.conf. If it should be uncommented as well as added perhaps that should be added to the commments as it's not clear to me at least if they're co-dependent or if one overrides the other. snippet from spam.assassin.prefs.conf: ======================================================================== == # If you are using a UNIX machine with all database files on local disks, # and no sharing of those databases across NFS filesystems, you can use a # more efficient, but non-NFS-safe, locking mechanism. Do this by adding # the line "lock_method flock" to the /etc/mail/spamassassin/local.cf # file. This is strongly recommended if you're not using NFS, as it is # much faster than the NFS-safe locker. #lock_method flock ======================================================================== == Julian wrote: >How do you make sure sa-learn is using the same setting as the main >SA engine? >Or how do you tell sa-learn to use flock? I guess from the above settings. Are there other settings I should be looking at? Suspect I have something screwy somewhere because I generally have a bayes.mutex file, and the bayes_journal file seems to appear now and again, but rapidly disappear. If I delete the bayes.mutex file it comes back rather soon. The two outputs below were seconds apart. mxg:/etc/MailScanner/bayes # l total 35653 drwxrws--- 2 root www 144 2005-11-29 08:27 ./ drwxr-xr-x 6 root root 448 2005-08-30 07:37 ../ -rw-rw---- 1 root www 30 2005-11-29 08:27 bayes.mutex -rw-rw---- 1 root www 41996288 2005-11-29 08:27 bayes_seen -rw-rw---- 1 root www 5283840 2005-11-29 08:18 bayes_toks mxg:/etc/MailScanner/bayes # l total 35657 drwxrws--- 2 root www 176 2005-11-29 08:28 ./ drwxr-xr-x 6 root root 448 2005-08-30 07:37 ../ -rw-rw---- 1 root www 984 2005-11-29 08:28 bayes_journal -rw-rw---- 1 root www 30 2005-11-29 08:27 bayes.mutex -rw-rw---- 1 root www 41996288 2005-11-29 08:27 bayes_seen -rw-rw---- 1 root www 5283840 2005-11-29 08:18 bayes_toks mxg:/etc/MailScanner/bayes # Thanks guys... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 29 18:38:27 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:18 2006 Subject: spam.assassin.prefs.conf contents Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > How do you make sure sa-learn is using the same setting as the main > SA engine? > Or how do you tell sa-learn to use flock? Have your lock_method declared in a site-config .cf file instead of a user_prefs. (sa-learn parses all the same configs as any other SA instance.) The recent change to using mailscanner.cf should fix any related issues. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 29 18:49:58 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:18 2006 Subject: spam.assassin.prefs.conf contents Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: > > Oh great, something else to be confused about! This is the first > I've heard of nfssafe locking. That's because it's the default, and the only other option besides flock. Most people don't bother to re-declare the default setting. Instead, most change it because they know they don't use NFS and want the speed gains of flock. Very few people use NFS, but SA defaults to nfssafe in order to err on the side of caution. > Per the recommendations in > spam.assassin.prefs.conf I set 'lock_method flock' in > /etc/mail/spamassassin/local.cf (see below) Note that it is commented > out in spam.assassin.prefs.conf. That's fine. You'll only get into trouble if spam.assassin.prefs.conf has a lock_method declared and local.cf doesn't have a matching one. It's perfectly fine if it only exists in local.cf, as all SA processes will parse that. > If it should be uncommented as well as > added perhaps that should be added to the commments as it's not clear to > me at least if they're co-dependent or if one overrides the other. > They over-ride. For the most part options in SA config files over-ride each other with the last-parsed file being the winner. The parse order is: 1) pre-init files (/etc/mail/spamassassin/*.pre on most sites. Should only do things like loadplugins that must be done before the general rules are parsed 2) default rules (/usr/share/spamassassin/*.cf on most sites) 3) site rules (/etc/mail/spamassassin/*.cf on most sites) 4) user_prefs files (~/.spamassassin/user_prefs for normal SA processes, spam.assassin.prefs.conf for MailScanner's SA instances.) You can get into trouble with locks if a user_prefs changes it. This is why the official docs state you can't change it in user_prefs, and SA's spamd actually enforces this. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Tue Nov 29 19:13:18 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:31:18 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Running 4.47.4, but this may affect previous versions as well. Basically, when you have it set to assign a certain score to a message that hits a MailScanner-checked DNSBL _and_ use the _SCORE_ variable in your Subject line tag, ones that hit the DNSBL always show a score of 0 even though they should be getting the arbitrary score of 5 or whatever.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 29 19:28:35 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:18 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Mike Bacher wrote: > Running 4.47.4, but this may affect previous versions as well. > Basically, when you have it set to assign a certain score to a message > that hits a MailScanner-checked DNSBL _and_ use the _SCORE_ variable in > your Subject line tag, ones that hit the DNSBL always show a score of 0 > even though they should be getting the arbitrary score of 5 or whatever.. > IMHO, that's a good thing. It makes it clear that the message wasn't tagged because of the SA score. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Tue Nov 29 19:35:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:18 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: >Mike Bacher wrote: > > >>Running 4.47.4, but this may affect previous versions as well. >>Basically, when you have it set to assign a certain score to a message >>that hits a MailScanner-checked DNSBL _and_ use the _SCORE_ variable in >>your Subject line tag, ones that hit the DNSBL always show a score of 0 >>even though they should be getting the arbitrary score of 5 or whatever.. >> >> >> > >IMHO, that's a good thing. It makes it clear that the message wasn't tagged >because of the SA score. > > As Matt says, I'm unwilling to change this. It's a case of implementation depending on how you think of it, rather than a straight bug. What do others think? -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Tue Nov 29 19:39:52 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:19 2006 Subject: clamavmodule Message-ID: Julian, I'm working on Phil Randal's suggestion of a search-and-destroy for all clam files, followed by a re-install. I found a bunch of directories in /var/tmp, eg /var/tmp/clamav-98764cfb85182039, with zip files therein. So I ran them thru sophos sweep and clamscan by hand: === Checking reg_pass-data.zipynaOYP with Sophos sweep SWEEP virus detection utility Version 3.99.0 [Solaris/SPARC] Virus data version 3.99, November 2005 Includes detection for 113565 viruses, trojans and worms Copyright (c) 1989-2005 Sophos Plc, www.sophos.com System time 14:04:31, System date 29 November 2005 Command line qualifiers are: -sc -f -all -rec -archive -cab -loopback --no-follow-symlinks --no-reset-atime -tnef IDE directory is: /opt/sophos/ide Using IDE file iefea-ar.ide [snip] Full Sweeping >>> Virus 'W32/Sober-Z' found in file reg_pass-data.zipynaOYP/File-packed_dataInfo.exe >>> Virus 'W32/Sober-Z' found in file reg_pass-data.zipynaOYP 1 file swept in 9 seconds. 2 viruses were discovered. 1 file out of 1 was infected. End of Sweep. sweep return code = 3 === Checking reg_pass-data.zipynaOYP with ClamAV clamscan Scanning reg_pass-data.zipynaOYP /home/admin/jaearick/bin/virus.scan[19]: 20848 Bus Error clamscan return code = 138 Ka-BOOOM! The relevant line in my "virus.scan" script is: /opt/clamav/bin/clamscan -v -d /opt/clamav/share/clamav -r "$1" Now attempting to debug this... I also upgraded my unrar from 3.4.3 to 3.5.4 (http://files5.rarlab.com/rar/), no help. Jeff Earickson Colby College On Tue, 29 Nov 2005, Julian Field wrote: > Date: Tue, 29 Nov 2005 15:59:08 +0000 > From: Julian Field > Reply-To: MailScanner mailing list > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: clamavmodule > > -----BEGIN PGP SIGNED MESSAGE----- > > If you quarantine the attachment, then run clamscan on it by hand, > what do you get? > > On 29 Nov 2005, at 15:50, Jeff A. Earickson wrote: > >> Gang, >> >> I boosted the Clamavmodule Recursion level to 8, applied the patch >> below, switched from clamav to clamavmodule and back again -- nothing. >> Clam refuses to catch the Sober.U/Sober-Z virus for me. Sophos is >> on the job though. My setup: Solaris 9, ClamAV 0.87.1, MS 4.47.4, >> sophos 3.99. >> >> Jeff Earickson >> Colby College >> >> On Wed, 23 Nov 2005, Rick Cooper wrote: >> >>> Date: Wed, 23 Nov 2005 10:22:41 -0500 >>> From: Rick Cooper >>> Reply-To: MailScanner mailing list >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: clamavmodule >>> >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>> On Behalf Of Rodney Green >>> Sent: Wednesday, November 23, 2005 7:15 AM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: clamavmodule >>> >>> >>> Hello, >>> >>> With the recent Sober outbreak I have just noticed that ClamAV >>> does not appear to be scanning. I'm using both bitdefender and >>> ClamAV and bitdefender is listed as having detected the virus/worm >>> but ClamAV is not. I'm using clamavmodule, MailScanner 4.37.7, >>> ClamAV version 0.87.1. Any ideas why clam isn't scanning? >> [snip] >>> >>> [Rick Cooper] >>> >>> Ok I noted a couple of things that could cause a problem. >>> MailScanner.conf >>> >>> ClamAVmodule Maximum Recursion Level should be at least 8, don't >>> know what the default is >>> ClamAVmodule Maximum Compression Ratio should be at least 250, >>> don't know what the default is >>> >>> Apply the following patch, if Julian ok's it of course, to >>> SweepViruses.pm. It adds CL_SCAN_BLOCKBROKEN() because, >>> apparently, if this is not set it may not handle several viruses >>> correctly. The clam author (tomitz?) was mostly concerned about >>> the user's maxrecursion being below 8 and flatly state at his >>> current setting (I think it was one) Clam would miss a large >>> number of malware. >>> >>> Julian, do you think CL_SCAN_BLOCKBROKEN() should be a default or >>> a config option. Broken PE files are pretty much always malware >>> anyway. >>> >>> ================================= Cut below ========== >>> --- SweepViruses.pm Wed Nov 23 10:08:36 2005 >>> +++ SweepVirusesClamFix.pm Wed Nov 23 10:09:10 2005 >>> @@ -1023,15 +1023,17 @@ >>> $results = $Clam->scan("$dirname/$childname/$filename", >>> Mail::ClamAV::CL_SCAN_STDOPT() | >>> Mail::ClamAV::CL_SCAN_ARCHIVE() | >>> Mail::ClamAV::CL_SCAN_PE() | >>> + Mail::ClamAV::CL_SCAN_BLOCKBROKEN >>> () | >>> Mail::ClamAV::CL_SCAN_OLE2()); >>> } else { >>> $results = $Clam->scan("$dirname/$childname/$filename", >>> Mail::ClamAV::CL_SCAN_STDOPT() | >>> Mail::ClamAV::CL_SCAN_ARCHIVE() | >>> Mail::ClamAV::CL_SCAN_PE() | >>> >>> Mail::ClamAV::CL_SCAN_BLOCKENCRYPTED() | >>> + Mail::ClamAV::CL_SCAN_BLOCKBROKEN >>> () | >>> Mail::ClamAV::CL_SCAN_OLE2()); >>> } >>> >>> unless ($results) { >>> >>> ======================== End Cut ====================== >>> >>> Rick > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.3 (Build 2932) > > iQEVAwUBQ4x6zvw32o+k+q+hAQFYHQf/cvoJ2n2ZxBHm+PAwEEsMoq4ifxh0FtX3 > GD1qCwo62Kuxk0cRygGJoQi0J/h4VPmakv1KJeM6tqAxXMWI8P6ms4j6m8+KLccY > 25NPTGszvRdYU7d1zDEdPkKT0wQ9MEGji7PSCrutKPBx8pyXCeYNAynf5XO+5qyg > 32cRMR6NrdV6XyTFFtPlX5rWMRncoMIesGfk2ENcNuxIm+Llyp6HMki0HrsU9ana > yfc7dsm1KX55PBj06SnLUGPLzJis+FhQUzZ+LvlepX6IhoVIj2o1RkPYf0gMKwbD > Mxv5Ea4286UyFVgogbN+xVccr48F6oEYRvXLVxbVRsYim+5jBB+HMA== > =Eh/9 > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 29 19:45:17 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:19 2006 Subject: Debian Sarge update_virus_scanners Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dhawal Doshy wrote: > Ugo Bellavance wrote: >> Dhawal Doshy wrote: >>> Ugo Bellavance wrote: >>> >>>> Hi, >>>> >>>> Using MailScanner on Sarge, I found out that my anti-virus >>>> engines don't get updated, so I created a symlink in >>>> /etc/cron.daily/ to /usr/sbin/update_virus_scanners, without >>>> success. Even running the script manually only logs this: >>>> >>>> but no actual update happens, I must update manually. >>> >>> What happen when you manually run the individual scripts? >>> /path/to/bitdefender-autoupdate /opt/bdc [replace with install path] >>> /path/to/clamav-autoupdate /usr [replace with install path] >> >> Hmmm... none of the scripts in /etc/MailScanner/autoupdate is >> executable... is that normal? > > Doesn't look normal.. > > [root@sauron ~]# cd /usr/lib/MailScanner > [root@sauron MailScanner]# ll clamav-autoupdate bitdefender-autoupdate > -rwxr-xr-x 1 root root 22523 Sep 1 14:16 bitdefender-autoupdate > -rwxr-xr-x 1 root root 2104 Sep 1 14:16 clamav-autoupdate > > - dhawal > Is there a way, with debian, to know what was supposed to be the permissions in the .deb package? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Kevin_Miller at CI.JUNEAU.AK.US Tue Nov 29 20:29:29 2005 From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller) Date: Thu Jan 12 21:31:19 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: Julian Field wrote: > Matt Kettler wrote: > >> Mike Bacher wrote: >> >>> Running 4.47.4, but this may affect previous versions as well. >>> Basically, when you have it set to assign a certain score to a >>> message that hits a MailScanner-checked DNSBL _and_ use the _SCORE_ >>> variable in your Subject line tag, ones that hit the DNSBL always >>> show a score of 0 even though they should be getting the arbitrary >>> score of 5 or whatever.. >>> >> >> IMHO, that's a good thing. It makes it clear that the message wasn't >> tagged because of the SA score. >> >> > As Matt says, I'm unwilling to change this. It's a case of > implementation depending on how you think of it, rather than a > straight bug. > > What do others think? How hard would it be to post the score, but append "DNSBL" to the subject line too. Would give the admin an idea of where things are scoring, but still be obvious why it triggered. Perhaps it could even be displayed something like {Spam: 4.63/5.0, DNSBL subject} indicating both the score and the spam trigger level. Spam that exceeds the high scoring trigger would have /8.0 (or whatever the level is set to) rather than the normal metric. Another one of those things that can confuse folks new to MailScanner - I recall being caught off guard by it a couple years ago but don't think twice about it now as I understand the behavior. I don't think of it as a bug in any sense - just a design decision. If it would be painful to modify the code as above (or someone elses better idea) I guess I don't have a strong opinion either way but tend to lean towards leaving it. I think a score of 0 is more indicative of something else going on, than a valid score that is below the spam level. That would tend to look like a false positive to me. S'later... ...Kevin -- Kevin Miller Registered Linux User No: 307357 CBJ MIS Dept. Network Systems Admin., Mail Admin. 155 South Seward Street ph: (907) 586-0242 Juneau, Alaska 99801 fax: (907 586-4500 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Tue Nov 29 22:18:59 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:31:19 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > As Matt says, I'm unwilling to change this. It's a case of > implementation depending on how you think of it, rather than a straight > bug. > > What do others think? > Not a huge deal if this was on purpose, it just works differently than I would have expected since a score is being assigned. It also breaks anyone that use the Subject line score value to do filtering.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Tue Nov 29 22:20:50 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:31:19 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller wrote: >Julian Field wrote: > > >>Matt Kettler wrote: >> >> >> >>>Mike Bacher wrote: >>> >>> >>> >>>>Running 4.47.4, but this may affect previous versions as well. >>>>Basically, when you have it set to assign a certain score to a >>>>message that hits a MailScanner-checked DNSBL _and_ use the _SCORE_ >>>>variable in your Subject line tag, ones that hit the DNSBL always >>>>show a score of 0 even though they should be getting the arbitrary >>>>score of 5 or whatever.. >>>> >>>> >>>> >>>IMHO, that's a good thing. It makes it clear that the message wasn't >>>tagged because of the SA score. >>> >>> >>> >>> >>As Matt says, I'm unwilling to change this. It's a case of >>implementation depending on how you think of it, rather than a >>straight bug. >> >>What do others think? >> >> > >How hard would it be to post the score, but append "DNSBL" to the >subject line too. Would give the admin an idea of where things are >scoring, but still be obvious why it triggered. Perhaps it could even >be displayed something like {Spam: 4.63/5.0, DNSBL subject} indicating >both the score and the spam trigger level. Spam that exceeds the high >scoring trigger would have /8.0 (or whatever the level is set to) rather >than the normal metric. > >Another one of those things that can confuse folks new to MailScanner - >I recall being caught off guard by it a couple years ago but don't think >twice about it now as I understand the behavior. I don't think of it as >a bug in any sense - just a design decision. > >If it would be painful to modify the code as above (or someone elses >better idea) I guess I don't have a strong opinion either way but tend >to lean towards leaving it. I think a score of 0 is more indicative of >something else going on, than a valid score that is below the spam >level. That would tend to look like a false positive to me. > >S'later... > >...Kevin > > To users, if they're marked as {Spam}, they're spam. Users don't care about the score, at least most of them. To admin, they can always look at the headers to find out more. And the indication is good because if DNSBL marked as spam in MailScanner, it's defined as spam, no matter of the scores. Filling so much on the subject line, to me, is not a good idea. Cheers Raylund ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From technician at CENPAC.NET.NR Tue Nov 29 22:40:53 2005 From: technician at CENPAC.NET.NR (Jon Leeman) Date: Thu Jan 12 21:31:19 2006 Subject: Mail::ClamAV Install problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Group, I have recently installed MS on a Mandrake 10.0 machine from "install-Clam-SA.tar.gz" and "MailScanner-4.47.4-2.rpm.tar.gz". (I have a production MDK 10.0 machine I installed about 7 months ago running MS 4.40.6 / ClamAV 0.83 / 0.17 Mail::ClamAV.) When I try to install Mail::ClamAV - either from the tar.gz or CPAN I am receiving; at /home/install/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 193 BEGIN failed--compilation aborted at /home/install/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 537. Compilation failed in require. A search pointed out that; > Had the exact problem on ES4, someone from this list posted to do the > following, worked for me > > add /usr/local/lib to /etc/ld.so.conf and then run ldconfig which I did - even though /usr/local/lib was already in ld.so.conf. A MailScanner -v on both machines is below. I'd appreciate pointers to solve the problem. Regards, Jon ******************************************************************* NEW INSTALLATION This is Mandrake Linux release 10.0 (Community) for i586 This is Perl version 5.008003 (5.8.3) This is MailScanner version 4.47.4 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.122 IO::Pipe 1.59 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.07 POSIX 1.76 Socket 0.04 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.806 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI ********************************************************** EXISTING INSTALLATION This is Mandrake Linux release 10.0 (Community) for i586 This is Perl version 5.008003 (5.8.3) This is MailScanner version 4.40.6 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.01 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.122 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.07 POSIX 1.76 Socket 0.04 Sys::Syslog 1.02 Time::localtime Optional module versions are: missing Convert::TNEF 1.806 DB_File 1.05 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.04 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.000002 Mail::SpamAssassin missing Mail::SPF::Query 0.18 Net::CIDR::Lite 0.51 Net::DNS 0.31 Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Tue Nov 29 22:50:48 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Greetings list... Since my last update I've noticed no viruses being flagged (I normally get postmaster notifications). I was running only ClamAV. So today I thought I'd add the command line bitdefender (BDC) scanner and then take my time to figure out why ClamAV was not working as usual. (Luckily MailScanner's filename and filetype rules are hitting and quarantining the viruses). Installed BDC successfully. Then edited virus.scanners.conf to reflect this: (pertinent lines only shown) bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc clamav /usr/lib/MailScanner/clamav-wrapper /usr Then an unsuccessful test of the wrapper: [root@gw-mail bdc]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc /var/spool/MailScanner/quarantine/ (may wrap... there is a space between /opt/bdc and /var) cat: /tmp/log.bdc.29564: No such file or directory rm: cannot lstat `/tmp/log.bdc.29564': No such file or directory Perhaps a permissions problem??? I'm clueless... So I thought I'd insure the BDC scanner was working ok from the command line: [root@gw-mail bdc]# bdc /var/spool/MailScanner//quarantine/ BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. Warning: no scan option defined; using defaults A bunch of lines snipped here... all the files that MS had quarantined due to filetype/name rules... thanks Julian! Results: Folders :228 Files :436 Packed :9 Infected files :208 Suspect files :0 Warnings :0 Identified viruses:5 I/O errors :0 Files/second :18 Scan time :00:00:24 Appears to be fine but I see no mentions of BDC in the maillog even after doing an update_virus_scanners (I do see "found ClamAV installed and that it doesn't need an update but no mention of BDC.) So then I thought I'd try the ClamAV wrapper... [root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr /var/spool/MailScanner/quarantine/ ----------- SCAN SUMMARY ----------- Known viruses: 30684 Engine version: 0.87.1 Scanned directories: 1 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Time: 3.543 sec (0 m 3 s) [root@gw-mail MailScanner]# I/O errors :1 Files/second :20 Scan time :00:00:37 Seems to work but doesn't catch anything and the quarantine directory is full of viruses.... Not sure how to test clamav from the command line. Maybe clamdscan? But wasn't sure if that was how MailScanner called it so I thought I'd stick with the wrapper for now. Can anyone tell me where to start? It seems that neither virus scanner is working and I've fallen and I can't get up. BTW... I have modified MailScanner.conf to insure clamav and bitdefender were added (space between) to the virus scanners : Virus Scanners = clamav bitdefender TIA! Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 29 22:41:55 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:19 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Kevin Miller spake the following on 11/29/2005 12:29 PM: > Julian Field wrote: > >>Matt Kettler wrote: >> >> >>>Mike Bacher wrote: >>> >>> >>>>Running 4.47.4, but this may affect previous versions as well. >>>>Basically, when you have it set to assign a certain score to a >>>>message that hits a MailScanner-checked DNSBL _and_ use the _SCORE_ >>>>variable in your Subject line tag, ones that hit the DNSBL always >>>>show a score of 0 even though they should be getting the arbitrary >>>>score of 5 or whatever.. >>>> >>> >>>IMHO, that's a good thing. It makes it clear that the message wasn't >>>tagged because of the SA score. >>> >>> >> >>As Matt says, I'm unwilling to change this. It's a case of >>implementation depending on how you think of it, rather than a >>straight bug. >> >>What do others think? > > > How hard would it be to post the score, but append "DNSBL" to the > subject line too. Would give the admin an idea of where things are > scoring, but still be obvious why it triggered. Perhaps it could even > be displayed something like {Spam: 4.63/5.0, DNSBL subject} indicating > both the score and the spam trigger level. Spam that exceeds the high > scoring trigger would have /8.0 (or whatever the level is set to) rather > than the normal metric. > > Another one of those things that can confuse folks new to MailScanner - > I recall being caught off guard by it a couple years ago but don't think > twice about it now as I understand the behavior. I don't think of it as > a bug in any sense - just a design decision. > > If it would be painful to modify the code as above (or someone elses > better idea) I guess I don't have a strong opinion either way but tend > to lean towards leaving it. I think a score of 0 is more indicative of > something else going on, than a valid score that is below the spam > level. That would tend to look like a false positive to me. > > S'later... > > ...Kevin It all comes down to one thing; If you want scores, let spamassassin do the DNSBL's. Mailscanner just kicks it as spam if it is there, it doesn't care what the score is. If you are letting Mailscanner do the DNSBL's, then the scores aren't as important to you as the spam detection. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Tue Nov 29 23:14:52 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:31:19 2006 Subject: _SCORE_ bug in 4.47.4 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Mailscanner just > kicks it as spam if it is there, it doesn't care what the score is. Exactly. Which reduces load on the box as sending a message through SA takes a lot more resources than MS alone. > If you are letting Mailscanner do the DNSBL's, then the scores aren't as > important to you as the spam detection. Depends on how much control you give your end-users over what is/isn't spam -- we allow ours to match the Spam-Score header to determine at what value they want to consider a message spam/not spam. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 30 00:01:39 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods spake the following on 11/29/2005 2:50 PM: > Greetings list... > > Since my last update I've noticed no viruses being flagged (I normally get > postmaster notifications). I was running only ClamAV. > > So today I thought I'd add the command line bitdefender (BDC) scanner and > then take my time to figure out why ClamAV was not working as usual. > (Luckily MailScanner's filename and filetype rules are hitting and > quarantining the viruses). > > Installed BDC successfully. Then edited virus.scanners.conf to reflect this: > (pertinent lines only shown) > bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > clamav /usr/lib/MailScanner/clamav-wrapper /usr > > Then an unsuccessful test of the wrapper: > > [root@gw-mail bdc]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > /var/spool/MailScanner/quarantine/ (may wrap... there is a space between > /opt/bdc and /var) > cat: /tmp/log.bdc.29564: No such file or directory > rm: cannot lstat `/tmp/log.bdc.29564': No such file or directory > > Perhaps a permissions problem??? I'm clueless... > > So I thought I'd insure the BDC scanner was working ok from the command > line: > > > [root@gw-mail bdc]# bdc /var/spool/MailScanner//quarantine/ > BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. > > Warning: no scan option defined; using defaults > > A bunch of lines snipped here... all the files that MS had quarantined due > to filetype/name rules... thanks Julian! > > Results: > Folders :228 > Files :436 > Packed :9 > Infected files :208 > Suspect files :0 > Warnings :0 > Identified viruses:5 > I/O errors :0 > Files/second :18 > Scan time :00:00:24 > > Appears to be fine but I see no mentions of BDC in the maillog even after > doing an update_virus_scanners (I do see "found ClamAV installed and that it > doesn't need an update but no mention of BDC.) > > So then I thought I'd try the ClamAV wrapper... > > [root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr > /var/spool/MailScanner/quarantine/ > > ----------- SCAN SUMMARY ----------- > Known viruses: 30684 > Engine version: 0.87.1 > Scanned directories: 1 > Scanned files: 0 > Infected files: 0 > Data scanned: 0.00 MB > Time: 3.543 sec (0 m 3 s) > [root@gw-mail MailScanner]# > I/O errors :1 > Files/second :20 > Scan time :00:00:37 > > Seems to work but doesn't catch anything and the quarantine directory is > full of viruses.... > > Not sure how to test clamav from the command line. Maybe clamdscan? But > wasn't sure if that was how MailScanner called it so I thought I'd stick > with the wrapper for now. > > Can anyone tell me where to start? It seems that neither virus scanner is > working and I've fallen and I can't get up. > > BTW... I have modified MailScanner.conf to insure clamav and bitdefender > were added (space between) to the virus scanners : > > Virus Scanners = clamav bitdefender > To test clamav you could try; clamscan -r /var/spool/MailScanner/quarantine/ I got the following ( after snipping the output); ----------- SCAN SUMMARY ----------- Known viruses: 41292 Engine version: 0.87.1 Scanned directories: 46 Scanned files: 10556 Infected files: 98 Data scanned: 994.46 MB Time: 1017.698 sec (16 m 57 s) -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Nov 30 00:40:47 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:19 2006 Subject: (OT) Postfix Virtual Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi there, this is slightly OT question about postfix virtual alias maps/domains. We have a Domino network that we no longer to receive mail, all forwarded to an Exchange environment. Domino had 2 domains names for each username. So user1@domain1.com and user1@domain2.com mail was delivered to the same mailbox. Now i will to use Postfix on my mailscanner gateway to redirect either of those examples to a third domain. eg virtual_alias_map user1@domain2.com, user1@domain2.com user2@domain3.com But since user1 is the same for 2 domains, is there any easy way to do this without specifying the 2 domains for each entry? So any mail for domain1.com or domain2.com lookup the same alias map, eg user1 user2@domain3.com I hope this makes sense, and some one can help me. Appreciate any comments/suggestions Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Wed Nov 30 01:01:15 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: > Ken Goods spake the following on 11/29/2005 2:50 PM: >> Greetings list... >> snip... >> > To test clamav you could try; > clamscan -r /var/spool/MailScanner/quarantine/ > > I got the following ( after snipping the output); > > ----------- SCAN SUMMARY ----------- > Known viruses: 41292 > Engine version: 0.87.1 > Scanned directories: 46 > Scanned files: 10556 > Infected files: 98 > Data scanned: 994.46 MB > Time: 1017.698 sec (16 m 57 s) > Thanks Scott, Figured that out between this post and last. That seemed to work ok. So I did a clamscan all the way to an individual file and that also seemed to work. The I did one using the wrapper all the way to the same individual file and it wasn't picked up. Any ideas? [root@gw-mail MailScanner]# clamscan /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe: Worm.Sober.U FOUND ----------- SCAN SUMMARY ----------- Known viruses: 41292 Engine version: 0.87.1 Scanned directories: 0 Scanned files: 1 Infected files: 1 Data scanned: 0.18 MB Time: 6.388 sec (0 m 6 s) [root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe: OK ----------- SCAN SUMMARY ----------- Known viruses: 30684 Engine version: 0.87.1 Scanned directories: 0 Scanned files: 1 Infected files: 0 Data scanned: 0.24 MB Time: 3.745 sec (0 m 3 s) [root@gw-mail MailScanner]# So it seems that clamscan works fine but the virus is not detected using the wrapper. Thanks for any clues, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 30 05:13:24 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods wrote: > Scott Silva wrote: >> Ken Goods spake the following on 11/29/2005 2:50 PM: >>> Greetings list... >>> > snip... >> To test clamav you could try; >> clamscan -r /var/spool/MailScanner/quarantine/ >> >> I got the following ( after snipping the output); >> >> ----------- SCAN SUMMARY ----------- >> Known viruses: 41292 >> Engine version: 0.87.1 >> Scanned directories: 46 >> Scanned files: 10556 >> Infected files: 98 >> Data scanned: 994.46 MB >> Time: 1017.698 sec (16 m 57 s) >> > > Thanks Scott, > Figured that out between this post and last. That seemed to work ok. So I > did a clamscan all the way to an individual file and that also seemed to > work. The I did one using the wrapper all the way to the same individual > file and it wasn't picked up. > > Any ideas? > > [root@gw-mail MailScanner]# clamscan > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe: Worm.Sober.U FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 41292 > Engine version: 0.87.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.18 MB > Time: 6.388 sec (0 m 6 s) > [root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 30684 > Engine version: 0.87.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.24 MB > Time: 3.745 sec (0 m 3 s) > [root@gw-mail MailScanner]# > > > So it seems that clamscan works fine but the virus is not detected using the > wrapper. > > Thanks for any clues, > Ken > > Ken Goods > Network Administrator > AIA/CropUSA Insurance, Inc. > Is your /etc/MailScanner/virus.scanners.conf file configured correctly? Is your AV updating correctly? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tenderby at MAILWASH.COM.AU Wed Nov 30 06:45:49 2005 From: tenderby at MAILWASH.COM.AU (Tony Enderby) Date: Thu Jan 12 21:31:19 2006 Subject: Phishing problem. Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ok, installed the latest Beta today and retested the phishing feature with some hand crafted emails / phishing site sample emails and unforunately the result was the same. Could not get MailScanner to trigger on the incoming mail, insert the highlight or modify the subject. I know some debug output would be helpful and am happy to post somewhere however I need to know how to grab the output from the terminal as it spews past rather quickly with ms and sa set to debug. This is probably a pretty rudimentary question but how do I redirect the debug output to a file somewhere? .. the normal console redirect doesn't seem to work. Many thanks in advance. Tony. ----- Original Message ----- From: "Julian Field" To: Sent: Tuesday, November 29, 2005 1:46 AM Subject: Re: Phishing problem. > -----BEGIN PGP SIGNED MESSAGE----- > > > On 28 Nov 2005, at 14:40, Martin Hepworth wrote: > >> Yes - you need a message in the inbound queue so it will actually do >> something useful as well.. >> >> Hmm I see you're running the mail stop/start script..... >> >> Stop MailScanner only (how ever that's done with the RPM version of >> the init >> script). Have a look at the script. > > Shortest way is this: > service MailScanner stop > service MailScanner startin > service MailScanner startout > > Then do > check_MailScanner > with some messages in /var/spool/mqueue.in and both Debug options set > in MailScanner.conf and watch the output spew past. > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2425) > > iQEVAwUBQ4sYUPw32o+k+q+hAQF5eQf/UTY1r4KXyFJ+NIUMvlqctwrMpLuHjrda > QkJsX0mCUoHv8asvdiZQlNNPgVeIM+HDZvFwoH2hvVVWeV3OrY+oJu/Q3D/31BoB > 1V10AvGZ7mqL+yZawwtQT2kHNxk9Dw6H4BXm4V3VCR0bvmdcyt8zR0/mX3WifuK4 > bKVx13s8S0dJ8tEDN9u2QWbcIb1ZrFNPYBYGx0Wy1eknIqEdjNZGQdKgrcXWyK3B > BvbyNn+CLYcU89fSumyYUY7NYXnaFWGGNKofG6fNMWKaQAfozFuto8SmxPwVp8IJ > 1XtUdb0hWcT46rb7gjbSDQK3FlrPIuj71QQIJCn3UiTY97HKa2Gygg== > =A1WB > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ----------------------------------------------------------------------------------- > This message has been scanned by Mailwash Australia. > > Premier Anti-Virus, Anti-Spam and Identity Theft protection > for Corporations and End Users. > > Log into http://www.mailwash.com.au to check your message > store for blocked content. > > Please visit http://www.mailwash.com.au for an overview. > ----------------------------------------------------------------------------------- > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 30 09:05:26 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:19 2006 Subject: Phishing problem. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- check_MailScanner > /tmp/debug.output 2>&1 On 30 Nov 2005, at 06:45, Tony Enderby wrote: > I know some debug output would be helpful and am happy to post > somewhere however I need to know how to grab the output from the > terminal as it spews past rather quickly with ms and sa set to > debug. This is probably a pretty rudimentary question but how do I > redirect the debug output to a file somewhere? .. the normal > console redirect doesn't seem to work. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ41rWPw32o+k+q+hAQGhnAf/Xq3x5H3FhC2ICFhEneHFQc2F8KzUBFh1 YOrNh+mjnaPQ/hE7DPFVIgAgTXMT6fi2+SrX8FChobYC/LMJPyssW3Q6+QSaodoX jU3Mt/aWxHO+mKQvxqCRr/pugdV1I0cjOsUBlIWBeOjGOcKZinjzXwnd9i+RiOaJ itNC92VDu6cwGI1dmq/5MDWdjzDdUXf6ro2Mz8LeLWaEkIKEFHRFhz+v3WJuYuXd BIK5xi76EqYl5FkZXjIJTLVaJ/BcjVlfbMgPsWQIbzkNLM7RxMj59hap4mIbfZji XV8xAuzI+M9dLNsG33YuOr1VEfSqqocd7Qc+V25GhOCcfNFf0rOESA== =od6W -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 10:19:11 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: Mail::ClamAV Install problem Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/11/05, Jon Leeman wrote: > Group, > > I have recently installed MS on a Mandrake 10.0 machine from > "install-Clam-SA.tar.gz" and "MailScanner-4.47.4-2.rpm.tar.gz". > > (I have a production MDK 10.0 machine I installed about 7 months ago > running MS 4.40.6 / ClamAV 0.83 / 0.17 Mail::ClamAV.) Why would you stay with dreary ol' 10.0? I've installed exactly this on a LE2005 (10.2) with no problems whatsoever... And will probably move up to 10.3 (2006) when I get a free timeslot or two...:-) > When I try to install Mail::ClamAV - either from the tar.gz or CPAN I am > receiving; > > at /home/install/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 193 > BEGIN failed--compilation aborted at > /home/install/Mail-ClamAV-0.17/blib/lib/Mail/ClamAV.pm line 537. > Compilation failed in require. > > A search pointed out that; > > > Had the exact problem on ES4, someone from this list posted to do the > > following, worked for me > > > > add /usr/local/lib to /etc/ld.so.conf and then run ldconfig > > which I did - even though /usr/local/lib was already in ld.so.conf. Kind of points to your problem not being the same, wouldn't you say? > > A MailScanner -v on both machines is below. > > I'd appreciate pointers to solve the problem. > > Regards, > > Jon > (snip) Do you have any other errors that might pertain to this? That "failed in require" indicate that you can't get hold of the libclamav functions somehow (assuming I read the code correctly:-), one option of which would be for it to fail to build at all... BTW, you should really update that Clamav install on the "old (working) system" regardless of this problem, since 0.83 will fail to get signature updates (run a "freshclam -v" if you need "proof":). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 30 11:17:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:19 2006 Subject: Maxsec: stuff about install.sh and FreeBSD Message-ID: Jules You sent a new copy of the install.sh to me as the original one didn't create the link from /etc/mail/spamassassin/mailscanner.cf to /opt/MailScanner/etc/spam.assassin.prefs.conf correctly. Here's the file you send me... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: 29 November 2005 17:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Maxsec: stuff about install.sh and FreeBSD > > Maxsec, > > I don't know your email address or anything, so have to spam the list :-( > > Don't understand your last comment in IRC this afternoon. > > the new install.sh you sent me for the FreeBSD mailscanner.cf sym link to > /opt/MailScanner/etc/spam.assassi n.pref.conf needs to be included since > the last beta > > > What install.sh do you need? Just the standard install.sh from the > MailScanner-install-......tar.gz? > > > If so, this is probably the code you're looking for: > > > echo > echo Linking into SpamAssassin if you have it installed. > echo > > SADIR=`$PERL -MMail::SpamAssassin -e 'print Mail::SpamAssassin->new- > >first_existing_path(@Mail::SpamAssassin::site_rules_path)' 2>/dev/null` > > if [ "x$SADIR" = "x" ]; then > echo No SpamAssassin installation found. > else > if [ -d /opt/MailScanner/etc ]; then > ln -s -f /opt/MailScanner/etc/spam.assassin.prefs.conf > ${SADIR}/mailscanner.cf > echo Good, the link was created to /opt/MailScanner/etc > elif [ -d /usr/local/MailScanner/etc ]; then > ln -s -f /usr/local/MailScanner/etc/spam.assassin.prefs.conf > ${SADIR}/mailscanner.cf > echo Good, the link was created to /usr/local/MailScanner/etc > elif [ -d /etc/MailScanner ]; then > ln -s -f /etc/MailScanner/spam.assassin.prefs.conf > ${SADIR}/mailscanner.cf > echo Good, the link was created to /etc/MailScanner > elif [ -d /usr/local/etc/MailScanner ]; then > ln -s -f /usr/local/etc/MailScanner/spam.assassin.prefs.conf > ${SADIR}/mailscanner.cf > echo Good, the link was created to /usr/local/etc/MailScanner > else > echo > echo 'WARNING: Could not find MailScanner installation directory.' > echo WARNING: You must create a link in ${SADIR} called > mailscanner.cf > echo WARNING: which points to the spam.assassin.prefs.conf file in > the > echo WARNING: MailScanner etc directory. > echo > sleep 10 > fi > fi > timewait 5 > > > -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Application/X-STUFFIT 5.6KB. ] [ Unable to print this part. ] From glenn.steen at GMAIL.COM Wed Nov 30 12:26:33 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: (OT) Postfix Virtual Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Peter Russell wrote: > Hi there, this is slightly OT question about postfix virtual alias > maps/domains. > > We have a Domino network that we no longer to receive mail, all > forwarded to an Exchange environment. > > Domino had 2 domains names for each username. So user1@domain1.com and > user1@domain2.com mail was delivered to the same mailbox. > > Now i will to use Postfix on my mailscanner gateway to redirect either > of those examples to a third domain. eg > > virtual_alias_map > user1@domain2.com, user1@domain2.com user2@domain3.com > > But since user1 is the same for 2 domains, is there any easy way to do > this without specifying the 2 domains for each entry? So any mail for > domain1.com or domain2.com lookup the same alias map, eg > > user1 user2@domain3.com > > I hope this makes sense, and some one can help me. > Appreciate any comments/suggestions > Pete Look at the following excerpt from the /etc/postfix/virtual file: ... # @domain address, address, ... # Mail for any user in domain is redirected to # address. This form has the lowest precedence. # # In all the above forms, when address has the form @other- # domain, the result is the same user in otherdomain. This # works for the first address in the expansion only. ... This rather implies that you should be able to do: @domain1.tld @domain3.tld @domain2.tld @domain3.tld .... to get the job done. Of course, anything other than this (being more specific) would take precedence... If the user part differ between the domains (at least between domain[12] and domain3), you lose unfortunately. Or perhaps you could do something with the RE type table(s)? /(.*)@domain[12].tld/ $1@domain3.tld ... In this, the hash-or-dbm table from above would of course be one of regexp or pcre (as needed). I haven't tested any of these (I lack a functioning test environment ATM), but I'm sure you'll see what works/doesn't:-). Or else Drew will correct any misapprehensions:-):-) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 13:00:17 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: (OT) Postfix Virtual Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Glenn Steen wrote: (snip) > @domain1.tld @domain3.tld > @domain2.tld @domain3.tld (snip) > /(.*)@domain[12].tld/ $1@domain3.tld (snip) those two would be rather equivalent... probably not what you're looking for. You might be more interrested in something like: /user1@.*/ user2@domain3.tld although that would assume that user1 could never exist in any but the affected domains. I'm sure you can imagine the permutations... -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 13:32:26 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Ken Goods wrote: (snip) > [root@gw-mail MailScanner]# clamscan > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe: Worm.Sober.U FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 41292 > Engine version: 0.87.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.18 MB > Time: 6.388 sec (0 m 6 s) > [root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 30684 > Engine version: 0.87.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.24 MB > Time: 3.745 sec (0 m 3 s) > [root@gw-mail MailScanner]# > > > So it seems that clamscan works fine but the virus is not detected using the > wrapper. > > Thanks for any clues, > Ken > > Ken Goods > Network Administrator > AIA/CropUSA Insurance, Inc. Does "which clamscan" give "/usr/bin/clamscan"? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KevinS at BMRB.CO.UK Wed Nov 30 13:49:06 2005 From: KevinS at BMRB.CO.UK (Spicer, Kevin) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: Hmmm, On 30/11/05, Ken Goods wrote: > [root@gw-mail MailScanner]# clamscan > Known viruses: 41292 > [root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr > Known viruses: 30684 I wonder if both are using the same virus data... if you do a... clamscan --debug 2>&1 | head -n 1 that will tell you where the virus data is. ================================================================= BMRB wins two BMRA awards - http://www.bmrb.co.uk _________________________________________________________________ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 14:25:23 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 29/11/05, Ken Goods wrote: > Greetings list... > > Since my last update I've noticed no viruses being flagged (I normally get > postmaster notifications). I was running only ClamAV. > (snip) > Then an unsuccessful test of the wrapper: > > [root@gw-mail bdc]# /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc > /var/spool/MailScanner/quarantine/ (may wrap... there is a space between > /opt/bdc and /var) > cat: /tmp/log.bdc.29564: No such file or directory > rm: cannot lstat `/tmp/log.bdc.29564': No such file or directory > > Perhaps a permissions problem??? I'm clueless... Well, something is defuinitely up... The perinent part of the script looks like: ---------- umask 077 ${PackageDir}/$prog --log=$LogFile "$@" >/dev/null 2>&1 cat $LogFile rm $LogFile exit 0 ---------- So if the bdc program ($prog) is unable to create the file $LogFile (/tmp/log.bdc.$$ more or less), you will not see why because of the ">/dev/null 2>&1" construct (which will print any direct output to STDOUT and STDERR to the bit-bucket). Try running /opt/bdc/bdc --log=/tmp/anyfilename --all /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataInfo.exe .... and see what it carps about. > > So I thought I'd insure the BDC scanner was working ok from the command > line: > > > [root@gw-mail bdc]# bdc /var/spool/MailScanner//quarantine/ > BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. > > Warning: no scan option defined; using defaults You need specify a scan option ... "--all" isn't a bad choice:-) > > A bunch of lines snipped here... all the files that MS had quarantined due > to filetype/name rules... thanks Julian! > > Results: > Folders :228 > Files :436 > Packed :9 > Infected files :208 > Suspect files :0 > Warnings :0 > Identified viruses:5 > I/O errors :0 > Files/second :18 > Scan time :00:00:24 > > Appears to be fine but I see no mentions of BDC in the maillog even after > doing an update_virus_scanners (I do see "found ClamAV installed and that it > doesn't need an update but no mention of BDC.) Probably due to your initial troubles... Which we can hope are related to permissions on /tmp. (snip) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Wed Nov 30 14:56:34 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:19 2006 Subject: New feature: "Reject Message" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- When you want to reject messages to or from a particular address, the usual answer is "do it in the MTA". The hazard with this is that the rejection message sent back to the sender is very brief and very technical. Somewhere in it, the message will probably say "550 Access denied" or some equally unhelpful message. So now there is a "Reject Message" setting which you should use with a ruleset. When this evaluates to "yes", then the "Rejection Report" message is sent back to the sender, and the message is dropped. If you want to archive mail that gets this treatment, then use an equal ruleset on the "Archive Mail" setting. The "Rejection Report" can also be a ruleset, so you can different reports back to different places. This allows you to produce a readable report instead of the unhelpful technical garbage produced by most MTAs. - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.3 (Build 2932) iQEVAwUBQ429pPw32o+k+q+hAQEg+Af/a5ZQ3PwuK0Kh34TkB+lM8djwN6h2E0Wx seo/+w/XqFSpzFZj/vV3sKeQAaZ+UpYa8kVRFIaB75/SB2yCMs7M6gRCtObwt0pM QcfdA7YsY5k18E8KAAzrDXca0RM4QIJW2V00/jmLdOJkW7VT08lJr3Q7TMCHswBW 2EGL2b45zBqeXxr/NF9XKpCK8TAEVmLgEz1Uh4uMpiHQrzZvxXxm5dvdulvPaE/k zsfLuoj8XiNE4JosEnw4lf9sLVCh8hhy08xp5lJuYVy7N/WpD6A2d06dRxN96pL2 Fv+/4kWz93Yf4qA2UIVPqw9PZtXxMq2csMgmkkPkDXQVrrZXtZ9RYA== =hl16 -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Wed Nov 30 15:04:20 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:19 2006 Subject: followup on Clam and Sober.U Message-ID: Gang, The latest CVS version of Clam (devel-20051130/1198) solved my problem of Clam not detecting the Sober-Z (sophos) or Sober.U (clam) virus. My setup is on Solaris 9. Note that I could not get this CVS to build with Sun's Forte compiler, just with gcc. I'm currently running MailScanner with Virus Scanners = sophossavi clamav I am going to leave clamavmodule out of the mix for a while. Those of you who are getting low hit rates with ClamAV might want to try the CVS code. Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at masonc.com Wed Nov 30 16:41:23 2005 From: lists at masonc.com (Chris Mason (Lists)) Date: Thu Jan 12 21:31:19 2006 Subject: Cannot create directory /var/spool/MailScanner/archive/20051130 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have a new MailScanner installation, a Redhat ES3 server with Sendmail. Everything else seems fine but I see this in the logs a lot. Cannot create directory /var/spool/MailScanner/archive/20051130 Any ideas? The permissions seem fine. Chris ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Wed Nov 30 16:47:05 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 29/11/05, Ken Goods wrote: >> Greetings list... >> snip.... > > Well, something is defuinitely up... The perinent part of the script > looks like: ---------- > umask 077 > ${PackageDir}/$prog --log=$LogFile "$@" >/dev/null 2>&1 > cat $LogFile > rm $LogFile > exit 0 > ---------- > So if the bdc program ($prog) is unable to create the file $LogFile > (/tmp/log.bdc.$$ more or less), you will not see why because of the > ">/dev/null 2>&1" construct (which will print any direct output to > STDOUT and STDERR to the bit-bucket). Try running > /opt/bdc/bdc --log=/tmp/anyfilename --all > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe > .... and see what it carps about. > snip... > You need specify a scan option ... "--all" isn't a bad choice:-) > > Probably due to your initial troubles... Which we can hope are related > to permissions on /tmp. > > (snip) First.. thanks to all who responded and for the excellent suggestions for debugging. Update.. bitdefender is working and caught it's first virus through MailScanner at 10:18pm PST last night. I thought I had restarted MS after making a change to virus.scanners.conf but maybe not. I had mistakenly entered the path all the way to the bdc program instead of just the path.. i.e. bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc/bdc <- *here* Must have got going after MailScanner's normal restart. But for ClamAV still no joy. I'll answer everyone's questions here. Ugo, virus.scanners.conf looks good and ClamAV seems to be updating fine according to the output of update_virus_scanners in the log. Nov 30 08:09:06 gw-mail update.virus.scanners: Found bitdefender installed Nov 30 08:09:06 gw-mail update.virus.scanners: Running autoupdate for bitdefender Nov 30 08:09:33 gw-mail BitDefender-autoupdate[14702]: BitDefender starting update Nov 30 08:09:37 gw-mail BitDefender-autoupdate[14702]: BitDefender updated Nov 30 08:10:24 gw-mail update.virus.scanners: Found clamav installed Nov 30 08:10:24 gw-mail update.virus.scanners: Running autoupdate for clamav Nov 30 08:10:25 gw-mail ClamAV-autoupdate[14719]: ClamAV did not need updating Glenn, [root@gw-mail root]# which clamscan /usr/local/bin/clamscan Could this be a problem? I installed ClamAV & SA using Julian's script thinking that this would take care of the path problems that I have ran into before. I'm running RH9.0 if it matters... [root@gw-mail root]# /opt/bdc/bdc --log=/tmp/testbdc --all /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. Warning: unknown parameter: --all /var/spool/MailScanner ... le-packed_dataInfo.exe infected: Win32.Sober.AD@mm Results: Folders :0 Files :1 Packed :0 Infected files :1 Suspect files :0 Warnings :0 Identified viruses:1 I/O errors :0 Works fine but seems like it doesn't like the --all parameter for some reason... I had tried that yesterday. And the testbdc file looks like this... [root@gw-mail tmp]# cat testbdc // // BDC scan report // // Time: Wed Nov 30 07:49:14 2005 // Command line: --log=/tmp/testbdc --all /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe // Core: AVCORE v1.0 (build 2266) (i386) (Mar 1 2005 19:34:16) // Engines: scan: 13, unpack: 4, archive: 39, mail: 6 // Total signatures: 236610 // /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn fo.exe infected: Win32.Sober.AD@mm Results: Folders :0 Files :1 Packed :0 Infected files :1 Suspect files :0 Warnings :0 Identified viruses:1 I/O errors :0 But like I said, bitdefender seems to be working through MailScanner this morning. So all is hopefully well with bdc... Kevin, [root@gw-mail root]# clamscan --debug 2>&1 | head -n 1 LibClamAV debug: Loading databases from /var/clamav and an ls -l gives: [root@gw-mail log]# cd /var/clamav [root@gw-mail clamav]# ls -l total 8200 -rw-r--r-- 1 clamav clamav 175561 Nov 29 02:15 daily.cvd -rw-r--r-- 1 clamav clamav 177776 Nov 9 2004 daily.cvd.old -rw-r--r-- 1 clamav clamav 154914 May 16 2005 daily.cvd.rpmnew -rw-r--r-- 1 clamav clamav 198913 Apr 10 2005 daily.cvd.rpmsave -rw-r--r-- 1 clamav clamav 2560365 Sep 10 07:08 main.cvd -rw-r--r-- 1 clamav clamav 1284637 Sep 16 2004 main.cvd.old -rw-r--r-- 1 clamav clamav 2014018 May 16 2005 main.cvd.rpmnew -rw-r--r-- 1 clamav clamav 1784802 Mar 7 2005 main.cvd.rpmsave [root@gw-mail clamav]# I assume this is ok. Where are the paths to the databases and clamscan configured for MailScanner? I should probably double check that they are correct. Thanks all, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at pbco.ca Wed Nov 30 16:59:09 2005 From: jstork at pbco.ca (Johnny Stork) Date: Thu Jan 12 21:31:19 2006 Subject: Spam Subject lines not getting modified? Message-ID: Seems like I keep having strange new problems with both mailscanner and mailwatch? I just noticed all sorts of spam lately ending up in my in-box instead of the filtered "Spam" folder. Checking in mailwatch I see the messages are scoring well beyond my limit of 5.0, some into double digits, but they are not getting the subject line changed? It seems that I have this set in mailscanner.conf, but it does not appear to be working? # If the message is spam, do you want to modify the subject line? # This makes filtering in Outlook very easy. # This can also be the filename of a ruleset. Spam Modify Subject = yes # This is the text to add to the start of the subject if the # "Spam Modify Subject" option is set. # The exact string "_SCORE_" will be replaced by the numeric # SpamAssassin score. # The exact string "_STARS_" will be replaced by a row of stars # whose length is the SpamAssassin score. # This can also be the filename of a ruleset. Spam Subject Text = {Possible Spam} # This is just like the "Spam Modify Subject" option above, except that # it applies when the score from SpamAssassin is higher than the # "High SpamAssassin Score" value. # This can also be the filename of a ruleset. High Scoring Spam Modify Subject = yes # This is just like the "Spam Subject Text" option above, except that # it applies when the score from SpamAssassin is higher than the # "High SpamAssassin Score" value. # The exact string "_SCORE_" will be replaced by the numeric # SpamAssassin score. # The exact string "_STARS_" will be replaced by a row of stars # whose length is the SpamAssassin score. # This can also be the filename of a ruleset. High Scoring Spam Subject Text = {Most Likely Spam} _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at pbco.ca Wed Nov 30 17:22:21 2005 From: jstork at pbco.ca (Johnny Stork) Date: Thu Jan 12 21:31:19 2006 Subject: Ignore previous post...I think its a mailwatch issue. RE: Spam Subject lines not getting modified? Message-ID: I think I found it, it seems to be a mailwatch issue and not a mailscanner issue. I am not sure how to fix it yet though. Here is the post I just sent to the mailwatch list. I have gotten lost now on all the changes made to my system lately and so I dont know where or why at some point I changed the "Required SpamAssassin Score" lines from an integer to the &SQLSpamScores setting below. But now spam does not get the message subhject changed and if I go into the mailscanner db in the spamscores table, there is no content? So I guess this is where the scores now need to go, but what goes in the user column? Is this simply a Mailwatch user? and if so how does the correct score setting only get applied to specific email coming to that user? If a users name is "MyName" how does that score know to be applied to that user...there is no email attached to a mailwatch user? Or do I even need to use the &SQLSpamScores setting at all? And where does the high and normal spam scores settings go? In the spamscores table or in the users table? I am confused now # This replaces the SpamAssassin configuration value 'required_hits'. # If a message achieves a SpamAssassin score higher than this value, # it is spam. See also the High SpamAssassin Score configuration option. # This can also be the filename of a ruleset, so the SpamAssassin # required_hits value can be set to different values for different messages. Required SpamAssassin Score = &SQLSpamScores # If a message achieves a SpamAssassin score higher than this value, # then the "High Scoring Spam Actions" are used. You may want to use # this to deliver moderate scores, while deleting very high scoring messsages. # This can also be the filename of a ruleset. High SpamAssassin Score = &SQLHighSpamScores _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 17:36:31 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Ken Goods wrote: > Glenn Steen wrote: > > On 29/11/05, Ken Goods wrote: > >> Greetings list... (snip) > > First.. thanks to all who responded and for the excellent suggestions for > debugging. > > Update.. bitdefender is working and caught it's first virus through > MailScanner at 10:18pm PST last night. I thought I had restarted MS after > making a change to virus.scanners.conf but maybe not. > I had mistakenly entered the path all the way to the bdc program instead of > just the path.. i.e. > > bitdefender /usr/lib/MailScanner/bitdefender-wrapper /opt/bdc/bdc <- > *here* > > Must have got going after MailScanner's normal restart. Ah, good. > > But for ClamAV still no joy. > > I'll answer everyone's questions here. > > Ugo, > virus.scanners.conf looks good and ClamAV seems to be updating fine > according to the output of update_virus_scanners in the log. > Nov 30 08:09:06 gw-mail update.virus.scanners: Found bitdefender installed > Nov 30 08:09:06 gw-mail update.virus.scanners: Running autoupdate for > bitdefender > Nov 30 08:09:33 gw-mail BitDefender-autoupdate[14702]: BitDefender starting > update > Nov 30 08:09:37 gw-mail BitDefender-autoupdate[14702]: BitDefender updated > Nov 30 08:10:24 gw-mail update.virus.scanners: Found clamav installed > Nov 30 08:10:24 gw-mail update.virus.scanners: Running autoupdate for clamav > Nov 30 08:10:25 gw-mail ClamAV-autoupdate[14719]: ClamAV did not need > updating > Yes, but which one is it updating? > Glenn, > [root@gw-mail root]# which clamscan > /usr/local/bin/clamscan > Could this be a problem? I installed ClamAV & SA using Julian's script > thinking that this would take care of the path problems that I have ran into > before. I'm running RH9.0 if it matters... Just to be "specific", this is what you've reported having in the virus.scanners.conf: clamav /usr/lib/MailScanner/clamav-wrapper /usr And as you've shown above, the wrapper can use this to find a (probably RPM-installed) clamav (actually clamscan) in /usr/bin ... However, the above shows that /usr/local/bin comes before /usr/bin in your PATH, and there you have another install of clamav... Which is used when invoking clamscan from the command line. If you are to use the same clamscan as from the command line, you need change that to clamav /usr/lib/MailScanner/clamav-wrapper /usr/local .... I would recommend that you also remove every last trace of any clamav RPM install and, after doing that, reinstall Jules package (in case the rpm -e has ... made something crucial ... go away:). Which signature files are used is the next thing to look at... I don't remember if the RPM versions of clamav floating around are split into one program package and one "database" package, or if it's a monolithic thing (I've been building this from source a long time now... Can't really wait for someone to package it for me... Well, perhaps excepting Jules;). If it is a separate package, remove that one too.... Probably should do that at the same time the program goes. > > [root@gw-mail root]# /opt/bdc/bdc --log=/tmp/testbdc --all > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe > BDC/Linux-Console v7.1 (build 2559) (i386) (Jul 6 2005 16:28:53) > Copyright (C) 1996-2004 SOFTWIN SRL. All rights reserved. > Warning: unknown parameter: --all (snip) > Works fine but seems like it doesn't like the --all parameter for some > reason... I had tried that yesterday. Quirky... Oh well, probably nothing to worry about (I've checked, and mine accept both "--all" and "-all", without the citation marks (of course)). (snip) > But like I said, bitdefender seems to be working through MailScanner this > morning. So all is hopefully well with bdc... > > Kevin, > [root@gw-mail root]# clamscan --debug 2>&1 | head -n 1 > LibClamAV debug: Loading databases from /var/clamav > > and an ls -l gives: > [root@gw-mail log]# cd /var/clamav > [root@gw-mail clamav]# ls -l > total 8200 > -rw-r--r-- 1 clamav clamav 175561 Nov 29 02:15 daily.cvd > -rw-r--r-- 1 clamav clamav 177776 Nov 9 2004 daily.cvd.old > -rw-r--r-- 1 clamav clamav 154914 May 16 2005 daily.cvd.rpmnew > -rw-r--r-- 1 clamav clamav 198913 Apr 10 2005 daily.cvd.rpmsave > -rw-r--r-- 1 clamav clamav 2560365 Sep 10 07:08 main.cvd > -rw-r--r-- 1 clamav clamav 1284637 Sep 16 2004 main.cvd.old > -rw-r--r-- 1 clamav clamav 2014018 May 16 2005 main.cvd.rpmnew > -rw-r--r-- 1 clamav clamav 1784802 Mar 7 2005 main.cvd.rpmsave > [root@gw-mail clamav]# > > I assume this is ok. Where are the paths to the databases and clamscan > configured for MailScanner? I should probably double check that they are > correct. > > Thanks all, > Ken (snip) I wouldn't be so sure that it's OK. What does /usr/bin/clamscan --version and /usr/local/bin/clamscan --version give? I'm pretty sure it'll show a less than optimal combination in the first instance... Which is why you probably should take my advice above and go for "only one clamav on this system";-). Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From KGoods at AIAINSURANCE.COM Wed Nov 30 17:54:13 2005 From: KGoods at AIAINSURANCE.COM (Ken Goods) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > On 30/11/05, Ken Goods wrote: snip.... > I wouldn't be so sure that it's OK. What does > /usr/bin/clamscan --version > and > /usr/local/bin/clamscan --version > give? I'm pretty sure it'll show a less than optimal combination in > the first instance... Which is why you probably should take my advice > above and go for "only one clamav on this system";-). > > Cheers Bingo, oh wise one! [root@gw-mail mail]# /usr/bin/clamscan --version ClamAV 0.85.1/705/Fri Feb 11 08:51:32 2005 [root@gw-mail mail]# /usr/local/bin/clamscan --version ClamAV 0.87.1/1198/Tue Nov 29 02:05:20 2005 Ouch! Thanks a ton Glenn! I have been fighting this off and on through every upgrade I've done. All because I had a problem with an install about a year ago and strayed from Julian's install script and installed from someone else's RPMs. Then when that didn't work well I went back to Jule's script. Thought I had got rid of everything back then but obviously not! I'll figure this *nix thing out eventually! :) Thanks to everyone who responded. Kind regards, Ken Ken Goods Network Administrator AIA/CropUSA Insurance, Inc. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Wed Nov 30 18:55:01 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:19 2006 Subject: SPAM Scoring not working..only modifying subject line with {Spam?} Message-ID: All SPAM detected is forwarded to my FreeBSD local account under /var/mail. Everyday I view the file and noticed that the Subject line is being modified at the beginning with {Spam?} with no spam score (ssss). I was under the impression that once SPAM is detected, it would score it accordingly by placing an "s" within the subject line. Why is this happenng? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From cstamas at DIGITUS.ITK.PPKE.HU Wed Nov 30 18:58:12 2005 From: cstamas at DIGITUS.ITK.PPKE.HU (Csillag Tamas) Date: Thu Jan 12 21:31:19 2006 Subject: My RelayDB implementation in perl for MailScanner Message-ID: [ The following text is in the "iso-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, (First of all forgive my English I am not a native English speaker and I am a bit tired... But if I do not send this now I never will.) I use MailScanner on a couple of machines for years so first I must say 'thank you' to Julian Field and all the others who contributed to this project. MailScanner is only one component of my mail filtering setup. So I thought the others (maybe) can benefit how I extended MailScanner with Relaydb. First, relaydb is Daniel Hartmeier's idea. I will not explain it now. Read http://www.benzedrine.cx/relaydb.html first if you are interested! Well if you are interesed be prepared to read the docs, read my perl code (which is only about 140 lines btw.) and watch your syslogs for errors. Be prepared it might not work out-of-the-box, without your work and understanding. If this kills your server, mails start bouncing or from this time you start to have nightmares do not blame me. It works for me: I use it here for half a year and it works as expected. Still here? Then let the fun begin! ;-) In the beginning I was executing relaydb from Mailscanner (every time calling a this binary and feeding it each mail's headers). Now I implemented it as a function is CustomConfig.pm. So it is available as a native perl code. To use it: 1. You need perl's BerkeleyDB package (apt-get install libberkeleydb-perl on debian). 2. You have to replace (or extend your current) CustomConfig.pm with my attached file. 3. Set the following line in MailScanner.conf Always Looked Up Last = &RelayDB 4. Create /etc/postfix/db/ with the right permissions (test this! mailscanner must be able to write this directory!) 5. In postfix's main.cf set up check_client_access cdb:/etc/postfix/db/ip_blacklist under smtpd_recipient_restrictions. If you use a Postfix version where cdb map type is not available change: 'postmap cdb:$exportfile' to your needs. Well the method is not tied to any particular MTA just I use Postfix here. The only thing you have to change is the way I export addresses to a Postfix map. If you are interested of have questions send feedback here (to the list). -- "If you have an apple and I have an apple and we exchange apples then you and I will still each have one apple. But if you have an idea and I have an idea and we exchange these ideas, then each of us will have two ideas." -- George Bernard Shaw cstamas Pazmany Peter Catholic University The Faculty of Information Technology Hungary. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstamas at DIGITUS.ITK.PPKE.HU Wed Nov 30 19:04:55 2005 From: cstamas at DIGITUS.ITK.PPKE.HU (Csillag Tamas) Date: Thu Jan 12 21:31:19 2006 Subject: My RelayDB implementation in perl for MailScanner Message-ID: [ The following text is in the "iso-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/30, Csillag Tamas wrote: .. > 2. You have to replace (or extend your current) CustomConfig.pm with my attached file. Attaching that file is a good idea. -- cstamas - Csillag Tamas Pazmany Peter Catholic University The Faculty of Information Technology Hungary. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-PERL (charset: ISO-8859-2 "Latin 2 (Eastern ] [ Europe)") 151 lines. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Wed Nov 30 19:06:14 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:19 2006 Subject: SPAM Scoring not working..only modifying subject line with {Spam?} Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > All SPAM detected is forwarded to my FreeBSD local account under > /var/mail. Everyday I view the file and noticed that the Subject line is > being modified at the beginning with {Spam?} with no spam score (ssss). > > I was under the impression that once SPAM is detected, it would score > it accordingly by placing an "s" within the subject line. By default? No. By default the s's are to added to a message header, not the subject line. i.e.: X-EVI-MailScanner-SpamScore: sss > > Why is this happenng? You need to edit your "Spam Subject Text" option in MailScanner.conf to make use of _STARS_ or _SCORE_. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 30 18:37:29 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Goods spake the following on 11/29/2005 5:01 PM: > Scott Silva wrote: > >>Ken Goods spake the following on 11/29/2005 2:50 PM: >> >>>Greetings list... >>> > > snip... > >>To test clamav you could try; >>clamscan -r /var/spool/MailScanner/quarantine/ >> >>I got the following ( after snipping the output); >> >>----------- SCAN SUMMARY ----------- >>Known viruses: 41292 >>Engine version: 0.87.1 >>Scanned directories: 46 >>Scanned files: 10556 >>Infected files: 98 >>Data scanned: 994.46 MB >>Time: 1017.698 sec (16 m 57 s) >> > > > Thanks Scott, > Figured that out between this post and last. That seemed to work ok. So I > did a clamscan all the way to an individual file and that also seemed to > work. The I did one using the wrapper all the way to the same individual > file and it wasn't picked up. > > Any ideas? > > [root@gw-mail MailScanner]# clamscan > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe: Worm.Sober.U FOUND > > ----------- SCAN SUMMARY ----------- > Known viruses: 41292 > Engine version: 0.87.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 1 > Data scanned: 0.18 MB > Time: 6.388 sec (0 m 6 s) > [root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe > /var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn > fo.exe: OK > > ----------- SCAN SUMMARY ----------- > Known viruses: 30684 > Engine version: 0.87.1 > Scanned directories: 0 > Scanned files: 1 > Infected files: 0 > Data scanned: 0.24 MB > Time: 3.745 sec (0 m 3 s) > [root@gw-mail MailScanner]# > > > So it seems that clamscan works fine but the virus is not detected using the > wrapper. > > Thanks for any clues, > Ken > > Ken Goods > Network Administrator > AIA/CropUSA Insurance, Inc. > My wrapper works fine, but using /usr/local for the clamav directory. Is this an RPM based system? Maybe a system update pulled in a rpm version of clamav and munged things... Just guessing at this point. You could try a " find / |grep clamscan " To see if there is more than one clam install, beyond that??? -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 30 19:30:15 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:19 2006 Subject: SPAM Scoring not working..only modifying subject line with {Spam?} Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne spake the following on 11/30/2005 10:55 AM: > All SPAM detected is forwarded to my FreeBSD local account under > /var/mail. Everyday I view the file and noticed that the Subject line is > being modified at the beginning with {Spam?} with no spam score (ssss). > > I was under the impression that once SPAM is detected, it would score > it accordingly by placing an "s" within the subject line. > > Why is this happenng? > It will not add the spam score s's in the subject, it adds them to a header in the e-mail. If you want a spam score in the subject, you need to read the MailScanner.conf file and look at the lines around the spam modify subject = line. You can add "_score_" to the end of this ({Spam?} _score_) to get this, but I think it gives the spam score numerically. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 30 19:41:28 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva spake the following on 11/30/2005 10:37 AM: > Ken Goods spake the following on 11/29/2005 5:01 PM: > >>Scott Silva wrote: >> >> >>>Ken Goods spake the following on 11/29/2005 2:50 PM: >>> >>> >>>>Greetings list... >>>> >> >>snip... >> >> >>>To test clamav you could try; >>>clamscan -r /var/spool/MailScanner/quarantine/ >>> >>>I got the following ( after snipping the output); >>> >>>----------- SCAN SUMMARY ----------- >>>Known viruses: 41292 >>>Engine version: 0.87.1 >>>Scanned directories: 46 >>>Scanned files: 10556 >>>Infected files: 98 >>>Data scanned: 994.46 MB >>>Time: 1017.698 sec (16 m 57 s) >>> >> >> >>Thanks Scott, >>Figured that out between this post and last. That seemed to work ok. So I >>did a clamscan all the way to an individual file and that also seemed to >>work. The I did one using the wrapper all the way to the same individual >>file and it wasn't picked up. >> >>Any ideas? >> >>[root@gw-mail MailScanner]# clamscan >>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn >>fo.exe >>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn >>fo.exe: Worm.Sober.U FOUND >> >>----------- SCAN SUMMARY ----------- >>Known viruses: 41292 >>Engine version: 0.87.1 >>Scanned directories: 0 >>Scanned files: 1 >>Infected files: 1 >>Data scanned: 0.18 MB >>Time: 6.388 sec (0 m 6 s) >>[root@gw-mail MailScanner]# /usr/lib/MailScanner/clamav-wrapper /usr >>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn >>fo.exe >>/var/spool/MailScanner/quarantine/20051129/jATKRZ2n029044/File-packed_dataIn >>fo.exe: OK >> >>----------- SCAN SUMMARY ----------- >>Known viruses: 30684 >>Engine version: 0.87.1 >>Scanned directories: 0 >>Scanned files: 1 >>Infected files: 0 >>Data scanned: 0.24 MB >>Time: 3.745 sec (0 m 3 s) >>[root@gw-mail MailScanner]# >> >> >>So it seems that clamscan works fine but the virus is not detected using the >>wrapper. >> >>Thanks for any clues, >>Ken >> >>Ken Goods >>Network Administrator >>AIA/CropUSA Insurance, Inc. >> > > My wrapper works fine, but using /usr/local for the clamav directory. > Is this an RPM based system? > Maybe a system update pulled in a rpm version of clamav and munged > things... Just guessing at this point. > You could try a " find / |grep clamscan " > To see if there is more than one clam install, beyond that??? > Sorry to be late. Posting thru GMANE takes an awful long time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From RogerPoore at MAIL.CLAYTON.EDU Wed Nov 30 21:06:59 2005 From: RogerPoore at MAIL.CLAYTON.EDU (Roger Poore) Date: Thu Jan 12 21:31:19 2006 Subject: Blocking sexually explicit material... Message-ID: Hi all-- A number of our users are starting to get really fed up with the amount of pornographic spam they are getting. Some gets tagged as {Spam?} and some doesn't. I've got a few rules that check the header but that doesn't catch that much. More recently--as in yesterday--I added a couple domain lists from mailpolice: (mailscanner.conf) Spam Domain List = NO-FRAUD+PORN+BULK-MP NO-ADULT-MP NO-DYNAMIC-MP (corresponding spam.lists.conf) # from: http://rhs.mailpolice.com/ NO-PORN-MP porn.rhs.mailpolice.com. NO-ADULT-MP adult.rhs.mailpolice.com. # consolidated list of fraud, porn, and bulk NO-FRAUD+PORN+BULK-MP block.rhs.mailpolice.com. NO-DYNAMIC-MP dynamic.rhs.mailpolice.com. Does anyone have any other suggestions for tagging this junk as spam? Does razor and pyzor help? I just installed both. Thanks for any suggestions. -Roger Config: OS = Debian Woodie Spamassassin = 3.0.3 Mailscanner = 4.41.3-2 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Nov 30 21:25:00 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:19 2006 Subject: (OT) Postfix Virtual Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahh thanks. I could use your second example, the username format is different between these systems. What is the . for in @.* ? /user1@.*/ user2@domain3.tld or i guess if i knew the regexp i could use something like your /(.*)@domain[12].tld/ $1@domain3.tld How would this work for for and does it mean i could get away with having that one line? domain1 (@sub.mydomain.com) domain2 (@mydomain.com) domain3 (@domain3.com) Many thanks for your help Pete Glenn Steen wrote: > On 30/11/05, Glenn Steen wrote: > (snip) > >>@domain1.tld @domain3.tld >>@domain2.tld @domain3.tld > > (snip) > >>/(.*)@domain[12].tld/ $1@domain3.tld > > (snip) > those two would be rather equivalent... probably not what you're looking for. > You might be more interrested in something like: > /user1@.*/ user2@domain3.tld > although that would assume that user1 could never exist in any but the > affected domains. I'm sure you can imagine the permutations... > > -- > -- Glenn > email: glenn < dot > steen < at > gmail < dot > com > work: glenn < dot > steen < at > ap1 < dot > se > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 21:26:09 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: My RelayDB implementation in perl for MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Csillag Tamas wrote: > On 11/30, Csillag Tamas wrote: > .. > > 2. You have to replace (or extend your current) CustomConfig.pm with my attached file. > > Attaching that file is a good idea. > > -- > cstamas - Csillag Tamas > Pazmany Peter Catholic University The Faculty of Information Technology > Hungary. > Looks kind of neat.... If I wasn't restricted by what is legal for a Swedish government agency to do, I might have looked hard on both this and the Vispan auto-blacklist thing .... (I especially like the vindictive quality of this one:-). Would you mind typing this into the wiki? Would make a nice addition, I think. It's rather easy to manage, just register and follow Ugos crisp guidelines at http://wiki.mailscanner.info/doku.php?id=documentation:volunteers And don't worry about the language bit... You're in a "select" group of c:a 5 000 000 000 people who don't have English as their first language, and you seem to be managing at least as well as I do:-) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 21:42:31 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: Anti-virus woes... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Ken Goods wrote: (snip)> > Bingo, oh wise one! I wouldn't know about "wise" (my wife would certainly have something to say about that:-)... > > [root@gw-mail mail]# /usr/bin/clamscan --version > ClamAV 0.85.1/705/Fri Feb 11 08:51:32 2005 > [root@gw-mail mail]# /usr/local/bin/clamscan --version > ClamAV 0.87.1/1198/Tue Nov 29 02:05:20 2005 > > Ouch! Indeed. > > Thanks a ton Glenn! I have been fighting this off and on through every > upgrade I've done. All because I had a problem with an install about a year > ago and strayed from Julian's install script and installed from someone > else's RPMs. Then when that didn't work well I went back to Jule's script. > Thought I had got rid of everything back then but obviously not! Yep. I hope the "instructions" were clear enough... You could probably get some help on which rpms need be deleted from "egrep -i clam /var/log/rpmpkgs" ... ISTR the RH9 had that file ... else do "rpm -qa | egrep -i clam". While you're at it, consider updating to a newer distro ... RH9 can live through fedoralegacy, true, but.... why not go for something less ... unsupported... I hear a lot about CentOS, and am a Mandriva fan myself (yes, even for servers:-). > I'll figure this *nix thing out eventually! :) :-) Mostly a question of "good administration". Find a method of keeping "things" (user accounts, OS:s, whatever) and stick with it... And be prepared to do knowledgeable sidesteps like "I'll keep all systems current via RPM and yum,_but_ the really important bits (clamav, apache, whatever) built from source..." ... And be prepared to do huge amount of reading, testing, tweaking and frobbing;-) (snip) Cheers -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 30 21:55:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:19 2006 Subject: Blocking sexually explicit material... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Poore wrote: > Hi all-- > > A number of our users are starting to get really fed up with the amount > of pornographic spam they are getting. Some gets tagged as {Spam?} and > some doesn't. I've got a few rules that check the header but that > doesn't catch that much. More recently--as in yesterday--I added a > couple domain lists from mailpolice: > > (mailscanner.conf) > Spam Domain List = NO-FRAUD+PORN+BULK-MP NO-ADULT-MP NO-DYNAMIC-MP > > (corresponding spam.lists.conf) > # from: http://rhs.mailpolice.com/ > NO-PORN-MP porn.rhs.mailpolice.com. > NO-ADULT-MP adult.rhs.mailpolice.com. > # consolidated list of fraud, porn, and bulk > NO-FRAUD+PORN+BULK-MP block.rhs.mailpolice.com. > NO-DYNAMIC-MP dynamic.rhs.mailpolice.com. > > Does anyone have any other suggestions for tagging this junk as spam? > Does razor and pyzor help? I just installed both. > Yes, they do help on some of them. I'd also suggest adding on the "specific" and "adult" rulesets from rulesemporium.com. The specific ruleset has signatures for many of those geocities website based pornspams, and the adult ruleset has some extra rules for detecting adult content beyond what SA comes with. If you're new to add-on rulesets, just download them and copy the .cf file into /etc/mail/spamassassin. Then issue a reload of MailScanner to get it to re-parse all the SA rules. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From RogerPoore at MAIL.CLAYTON.EDU Wed Nov 30 22:07:46 2005 From: RogerPoore at MAIL.CLAYTON.EDU (Roger Poore) Date: Thu Jan 12 21:31:19 2006 Subject: Blocking sexually explicit material... Message-ID: > I'd also suggest adding on the "specific" and "adult" > rulesets from rulesemporium.com. Well, I had tried 70_sare_adult.cf a while back but I didn't know exactly where to put it. I tried appending the rules inside to spam.assassin.prefs.conf but that didn't work---or at least I don't think it did. :) I'll try saving the .cf to /etc/mail/mailscanner and reload mailscanner and see if that works. At least now I know where to put these darn rules! :) Thanks for your help! -Roger ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 22:16:04 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: (OT) Postfix Virtual Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Peter Russell wrote: > Ahh thanks. > > I could use your second example, the username format is different > between these systems. What is the . for in @.* ? The dot match any character, and the * means "zero or more"... A + means "one or more". I think you need test this fairly carefully, if you decide to go this way, since PF will not do the "magic exploding" it usually does when matching regular expressions. > > /user1@.*/ user2@domain3.tld > > or i guess if i knew the regexp i could use something like your > /(.*)@domain[12].tld/ $1@domain3.tld Well, that is rather more like a "not as efficient" version of the first suggestion (he said with a blush:), so might not lead anywhere. If the user part of the address is the same, I'd test out the first suggestion, that doesn't involve regular expressions, instead. > How would this work for for and does it mean i could get away with > having that one line? > domain1 (@sub.mydomain.com) > domain2 (@mydomain.com) > domain3 (@domain3.com) Hmmm, not as that.... Assuming I'm not completely off-base, it'd need be something more like: @domain1 @sub.mydomain.com @domain2 @mydomain.com @domain3 @domain3.com ... which would translate a hypothetical address like this: pete@domain1 to pete@sub.mydomain.com pete@domain2 to pete@mydomain.com pete@domain3 to pete@domain3.com (note that the last isn't actually the same domain part:-). Now, if you have "pete" in domain1.com _and_ in sub.domain2.com and want that translated to peter@domain3.com, you'd need use an RE for that. Something like /^pete@.*}.domain[12].*/ peter@domain3.com (this one tries to be more specific, so that only domain1 and domain2 (with subdomains) would be affected. The "^" at the start is to only match "pete", no other user part ending in "pete") And perhaps you have the user "compete" there too, but this one should be translatet to "challange"? Add another line like: /^compete@.*}.domain[12].*/ challange@domain3.com So ... it's a bit ugly, but would mean one line per user... Might be easier to just mangle a list of the users once (the domains are "semi-dead", right? Or are there new users added to them?). And remember, I've not been able to test this even a tiny little bit ... yet:-). So take care and test everything you do... > Many thanks for your help > Pete > > > Glenn Steen wrote: > > On 30/11/05, Glenn Steen wrote: > > (snip) > > > >>@domain1.tld @domain3.tld > >>@domain2.tld @domain3.tld > > > > (snip) > > > >>/(.*)@domain[12].tld/ $1@domain3.tld > > > > (snip) > > those two would be rather equivalent... probably not what you're looking for. > > You might be more interrested in something like: > > /user1@.*/ user2@domain3.tld > > although that would assume that user1 could never exist in any but the > > affected domains. I'm sure you can imagine the permutations... > > > > -- > > -- Glenn > > email: glenn < dot > steen < at > gmail < dot > com > > work: glenn < dot > steen < at > ap1 < dot > se > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From gborders at jlewiscooper.com Wed Nov 30 22:14:59 2005 From: gborders at jlewiscooper.com (Greg Borders) Date: Thu Jan 12 21:31:19 2006 Subject: Blocking sexually explicit material... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Poore wrote: I'd also suggest adding on the "specific" and "adult" rulesets from rulesemporium.com. Well, I had tried 70_sare_adult.cf a while back but I didn't know exactly where to put it. I tried appending the rules inside to spam.assassin.prefs.conf but that didn't work---or at least I don't think it did. :) I'll try saving the .cf to /etc/mail/mailscanner and reload mailscanner and see if that works. At least now I know where to put these darn rules! :) Thanks for your help! -Roger You also might want to look at setting up the Rules_du_jour script. It's a handy way to keep those .cf files from the Emporium up to date. I just implemented this myself. I get a fresh set of .cf files every day now. Take a look at: http://www.exit0.us/index.php?pagename=RulesDuJour -- This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 30 22:19:44 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:19 2006 Subject: Blocking sexually explicit material... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Roger Poore wrote: >>I'd also suggest adding on the "specific" and "adult" >>rulesets from rulesemporium.com. > > > Well, I had tried 70_sare_adult.cf a while back but I didn't know > exactly where to put it. I tried appending the rules inside to > spam.assassin.prefs.conf but that didn't work---or at least I don't > think it did. :) It probably would work, but it really shouldn't work according to the SA documentation. It's a "loophole" caused by how MS passes spam.assassin.prefs.conf to SA. > I'll try saving the .cf to /etc/mail/mailscanner and reload mailscanner > and see if that works. That will not work. I did not say /etc/mail/mailscanner. I said /etc/mail/spamassassin/. This is a spamassassin rulefile, not a mailscanner file. > At least now I know where to put these darn > rules! :) Make sure you run spamassassin --lint on it. And if you still use spam.assassin.prefs.conf, use -p to make sure SA lints that too. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 30 22:23:12 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:19 2006 Subject: (OT) Postfix Virtual Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 30/11/05, Glenn Steen wrote: (snip) > I think you need test this fairly carefully, if you decide to go this > way, since PF will not do the "magic exploding" it usually does when > matching regular expressions. (snip) I'm just too tired.... Really bad wording on my part there... The "magic address exploding" is done when _not_ using an RE map, so that that type of matching get fed nice things like "user+local@domain.tld", user@domain.tld", "user+local", "user", "@domain.tld" ... When you use a regular expression type of map (regexp and pcre), that type of "exploding" is _not_ done. You get the address in all its gory details;) Sigh. Off to bed:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cstamas at DIGITUS.ITK.PPKE.HU Wed Nov 30 23:13:29 2005 From: cstamas at DIGITUS.ITK.PPKE.HU (Csillag Tamas) Date: Thu Jan 12 21:31:19 2006 Subject: My RelayDB implementation in perl for MailScanner Message-ID: [ The following text is in the "iso-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/30, Glenn Steen wrote: > On 30/11/05, Csillag Tamas wrote: > > On 11/30, Csillag Tamas wrote: > > .. > > > 2. You have to replace (or extend your current) CustomConfig.pm with my attached file. > > > > Attaching that file is a good idea. > > > > > > Looks kind of neat.... If I wasn't restricted by what is legal for a > Swedish government agency to do, I might have looked hard on both this > and the Vispan auto-blacklist thing .... (I especially like the > vindictive quality of this one:-). That legal thing is interesting... Uhm, Thanks :-) > Would you mind typing this into the wiki? Would make a nice addition, > I think. It's rather easy to manage, just register and follow Ugos > crisp guidelines at > http://wiki.mailscanner.info/doku.php?id=documentation:volunteers http://wiki.mailscanner.info/doku.php?id=documentation:related_software:management:relaydb:description > And don't worry about the language bit... You're in a "select" group > of c:a 5 000 000 000 people who don't have English as their first > language, and you seem to be managing at least as well as I do:-) ;-)) -- "Who's General Failure and why's he reading my disk?" -- Anon. cstamas - Csillag Tamas Pazmany Peter Catholic University The Faculty of Information Technology Hungary. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From RogerPoore at MAIL.CLAYTON.EDU Wed Nov 30 23:51:42 2005 From: RogerPoore at MAIL.CLAYTON.EDU (Roger Poore) Date: Thu Jan 12 21:31:19 2006 Subject: Blocking sexually explicit material... Message-ID: > That will not work. I did not say /etc/mail/mailscanner. I said > /etc/mail/spamassassin/. This is a spamassassin rulefile, not a > mailscanner file. Typo on my part. I meant /etc/mail/spamassassin Thanks again for your help. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website!