From steve.swaney at fsl.com Tue Nov 1 20:55:04 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:03 2006 Subject: list of quarantined notification to recipient Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Steve Campbell > Sent: Tuesday, November 01, 2005 3:51 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: list of quarantined notification to recipient > > I keep most of the emails from Mailscanner in an inbox folder, and have > searched there and also on the archive list, but I apparently can't seem > to > come up with the proper search terms, so here goes - > > My boss thinks it would be a good idea to notify recipients here of all > mail > for that individual that has been quarantined for the day in a single > mailing to the recipient. I recall at least one, maybe more, scripts that > were submitted to the list that would do this. I just can't remember > whether > it was this list or the mailwatch list, but I can't find it in either. > > Does anyone recall anything like this that may have been posted? > Notification after each quarantine is probably not an option, so this > would > have to be done as a daily cron job. > > Thanks for any help. > Steve Campbell > campbell@cnpapers.com > Charleston Newspapers Steve, The latest version of MailWatch can send out the Quarantine notifications your boss wants to send. (And a LOT more :) Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Nov 1 21:09:18 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie) Date: Thu Jan 12 21:31:04 2006 Subject: Installation of MailScanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Lucas wrote: > How might I look to confirm this?? I've made sure that Notifications is > turned off. Put it into debugging mode and check your MailScanner.conf line by line. -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jd at BENTECMED.COM Tue Nov 1 20:24:33 2005 From: jd at BENTECMED.COM (JD Doelitzsch) Date: Thu Jan 12 21:31:04 2006 Subject: question about clamav-wrapper path Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hmmmmmm? Ok, clamav-wrapper is in /usr/lib/MailScanner. It only works when I type in the whole path. Im wondering if the path needs to be added to the environment in order for MailScanner to work correctly and if so, how do I add it to the environment? Im running fedora core 4 -JD ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jules at ecs.soton.ac.uk Tue Nov 1 20:21:03 2005 From: jules at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:04 2006 Subject: Congratulations Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Many thanks. But without you it wouldn't have been anything like as possible as it was. Need a hosting provider ---- talk to BlacknightSolutions.com. > Congratulations to Julian for managing to get a stable release out under > the > current conditions. > > > Mr Michele Neylon > Blacknight Solutions > Quality Business Hosting & Colocation > http://www.blacknight.ie/ > Tel. 1850 927 280 > Intl. +353 (0) 59 9183072 > UK: 0870 163 0607 > Direct Dial: +353 (0)59 9183090 > Fax. +353 (0) 59 9164239 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Wed Nov 2 15:42:55 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi Marcin, thanks for your answer. I guess I could go ahead and install all Perl-modules myself. Even though I was under the impression that install.sh would do it for me... It's source package is included in the rpm download of MailScanner. [root MailScanner-4.47.4-1]# ls CheckModuleVersion perl-File-Temp-0.16-1.src.rpm ExtUtils-MakeMaker-6.30.tar.gz perl-HTML-Parser-3.45-1.src.rpm install.sh perl-HTML-Tagset-3.03-1.src.rpm mailscanner-4.47.4-1.noarch.rpm perl-IO-stringy-2.108-1.src.rpm MailScanner-perl-MIME-Base64-3.05-5.src.rpm perl-MailTools-1.50-1.src.rpm perl-Archive-Zip-1.14-1.src.rpm perl-MIME-tools-5.417-1.src.rpm perl-Compress-Zlib-1.34-1.src.rpm perl-Net-CIDR-0.10-1.src.rpm perl-Convert-BinHex-1.119-2.src.rpm perl-TimeDate-1.1301-3.src.rpm perl-Convert-TNEF-0.17-1.src.rpm QuickInstall.txt perl-ExtUtils-MakeMaker-6.30-1.src.rpm README perl-File-Spec-0.82-1.src.rpm tnef-1.2.3.1-1.i386.rpm [root MailScanner-4.47.4-1]# /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Nov 2 16:06:06 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > Same here (although I'm already +1 to Denis' total:-). > Seems to be a pox of bagle variants "going on" right now, so you might > just be seeing the ... speed/frequency of updates put out by BD. > > I've been very glad to have BD this night, sole one picking up some of > them... And that with heuristics. > > So much for it being ... "quiet on the viral front", as discussed earlier:) > Yup. We had to shutdown all the computers yesterday. Was in a meeting discussing the dangers of hooking up laptops to our network, when one of our techs sticks his in the door and says we seem to be having a problem. I was only running ClamAV but it stopped all the Bagle variants hitting us through email. Just for grins I ran ClamAV and BitDefender against the email archives and lots of email infected, but not detected because they were identified as Spam. Must think on this because I have email not cleaned up so people can release from Quarantine. Now we could be releasing infected emails. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Wed Nov 2 16:12:39 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi Adri, thanks for your info. Guess I'll have to skip SA then. Don't wanna mess with the Perl-version in my Raq...... Even though, Mailscanner + F-prot will save us lot of trouble! /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 16:40:21 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Sigh. We had an outage on our central file server today. I really, truly thought that I'd built our mail gateways and their installations of MailScanner, Sophos Anti-Virus, etc to be independent of the central file server for exactly this eventuality, but it appears not... * The filer went off the air at around 8:11am. * At 9am the MailScanner scripts to update Sophos' IDE files kicked off. Up to this point MailScanner had been happily processing the messages arriving in the inbound Sendmail queue. * The 9am update of Sophos appeared to go OK ... it's just MailScanner didn't pick up processing e-mails again. * The same happened at the 10am update. * At 11:01am the filer came back online for a couple of minutes, at which point MailScanner started processing again. * The filer went offline again at 11:03am. MailScanner continued to work. * The filer was finally back online at 11:15am and MailScanner has worked ever since. When I built the installation I put Perl, Sophos, BerkeleyDB and MailScanner all on local disk (in /opt/york) rather than anything mounted from the filer, such as our shared /usr/local. It's a rather old installation of MailScanner (4.32.5) running under Solaris 8. I'm as sure as I can be that I didn't miss anything, yet it smacks to me of MailScanner trying to stat a lockfile, or perhaps looking for an executable along the PATH environment variable (which currently has filer-mounted directories before the local ones :-( But I can't see anywhere that MailScanner might be doing this: * The mailscnner.conf has Lockfile Dir = /tmp * I'd assume MailScanner restting SAVI and forking the new children wouldn't involve looking for any executables along the PATH? Does anyone have any thoughts, please? I enclose as an attachment a cut'n'pasted extract from the scannerlog for that time frame. Cheers, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Attached Text" ] EXTRACT FROM SCANNERLOG ======================= Nov 2 08:59:16 mail-gw2.york.ac.uk MailScanner[23412]: Uninfected: Delivered 1 messages Nov 2 08:59:33 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 2 messages, 278702 bytes Nov 2 08:59:35 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 08:59:35 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 2 messages Nov 2 08:59:36 mail-gw2.york.ac.uk MailScanner[23403]: New Batch: Scanning 1 messages, 2945 bytes Nov 2 08:59:37 mail-gw2.york.ac.uk MailScanner[23403]: Virus and Content Scanning: Starting Nov 2 08:59:37 mail-gw2.york.ac.uk MailScanner[23403]: Uninfected: Delivered 1 messages Nov 2 08:59:41 mail-gw2.york.ac.uk MailScanner[23412]: New Batch: Scanning 1 messages, 8391 bytes Nov 2 08:59:42 mail-gw2.york.ac.uk MailScanner[23412]: Virus and Content Scanning: Starting Nov 2 08:59:42 mail-gw2.york.ac.uk MailScanner[23412]: Uninfected: Delivered 1 messages Nov 2 08:59:45 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 1 messages, 6108 bytes Nov 2 08:59:46 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 08:59:46 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 1 messages Nov 2 08:59:56 mail-gw2.york.ac.uk MailScanner[23424]: New Batch: Scanning 2 messages, 15368 bytes Nov 2 08:59:57 mail-gw2.york.ac.uk MailScanner[23424]: Virus and Content Scanning: Starting Nov 2 08:59:58 mail-gw2.york.ac.uk MailScanner[23424]: Uninfected: Delivered 2 messages Nov 2 09:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Found sophos installed Nov 2 09:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Running autoupdate for sophos Nov 2 09:00:07 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 1 messages, 3852 bytes Nov 2 09:00:07 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 09:00:08 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 1 messages Nov 2 09:00:12 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 66618 bytes Nov 2 09:00:12 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:00:13 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:00:13 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 4032 bytes Nov 2 09:00:13 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:00:14 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:00:17 mail-gw2.york.ac.uk MailScanner[23375]: New Batch: Scanning 1 messages, 5300 bytes Nov 2 09:00:18 mail-gw2.york.ac.uk MailScanner[23375]: Virus and Content Scanning: Starting Nov 2 09:00:18 mail-gw2.york.ac.uk MailScanner[23375]: Uninfected: Delivered 1 messages Nov 2 09:00:27 mail-gw2.york.ac.uk MailScanner[23393]: New Batch: Scanning 1 messages, 33937 bytes Nov 2 09:00:28 mail-gw2.york.ac.uk MailScanner[23393]: Virus and Content Scanning: Starting Nov 2 09:00:28 mail-gw2.york.ac.uk MailScanner[23393]: Content Checks: Detected and will disarm HTML message in jA290Ms7029496 Nov 2 09:00:28 mail-gw2.york.ac.uk MailScanner[23393]: Uninfected: Delivered 1 messages Nov 2 09:00:39 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 3493 bytes Nov 2 09:00:40 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:00:40 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:00:51 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 1 messages, 74541 bytes Nov 2 09:00:52 mail-gw2.york.ac.uk MailScanner[23432]: Virus and Content Scanning: Starting Nov 2 09:00:53 mail-gw2.york.ac.uk MailScanner[23432]: Content Checks: Detected and will disarm HTML message in jA290ps7029512 Nov 2 09:00:53 mail-gw2.york.ac.uk MailScanner[23432]: Uninfected: Delivered 1 messages Nov 2 09:01:10 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 2 messages, 82530 bytes Nov 2 09:01:11 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:01:12 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA2918s7029520 Nov 2 09:01:12 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 2 messages Nov 2 09:01:27 mail-gw2.york.ac.uk MailScanner[23422]: New Batch: Scanning 2 messages, 18758 bytes Nov 2 09:01:28 mail-gw2.york.ac.uk MailScanner[23422]: Virus and Content Scanning: Starting Nov 2 09:01:29 mail-gw2.york.ac.uk MailScanner[23422]: Uninfected: Delivered 2 messages Nov 2 09:01:37 mail-gw2.york.ac.uk MailScanner[23433]: New Batch: Scanning 2 messages, 18532 bytes Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Found 3 messages waiting Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 1 messages, 31926 bytes Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23433]: Virus and Content Scanning: Starting Nov 2 09:01:38 mail-gw2.york.ac.uk MailScanner[23432]: Virus and Content Scanning: Starting Nov 2 09:01:39 mail-gw2.york.ac.uk MailScanner[23432]: Content Checks: Detected and will disarm HTML message in jA291bs7029544 Nov 2 09:01:39 mail-gw2.york.ac.uk MailScanner[23432]: Uninfected: Delivered 1 messages Nov 2 09:01:39 mail-gw2.york.ac.uk MailScanner[23433]: Uninfected: Delivered 2 messages Nov 2 09:01:48 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 1 messages, 5118 bytes Nov 2 09:01:48 mail-gw2.york.ac.uk MailScanner[23413]: Virus and Content Scanning: Starting Nov 2 09:01:49 mail-gw2.york.ac.uk MailScanner[23413]: Uninfected: Delivered 1 messages Nov 2 09:01:52 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 2 messages, 28494 bytes Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Found 3 messages waiting Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 1 messages, 101269 bytes Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA291ms7029566 Nov 2 09:01:54 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA291ns7029571 Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23432]: Virus and Content Scanning: Starting Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 2 messages Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Found 2 messages waiting Nov 2 09:01:55 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 1 messages, 14244 bytes Nov 2 09:01:56 mail-gw2.york.ac.uk MailScanner[23383]: Virus and Content Scanning: Starting Nov 2 09:01:56 mail-gw2.york.ac.uk MailScanner[23432]: Uninfected: Delivered 1 messages Nov 2 09:01:56 mail-gw2.york.ac.uk MailScanner[23383]: Content Checks: Detected and will disarm HTML message in jA291ss7029580 Nov 2 09:01:57 mail-gw2.york.ac.uk MailScanner[23383]: Uninfected: Delivered 1 messages Nov 2 09:02:02 mail-gw2.york.ac.uk Sophos-autoupdate[29459]: Sophos successfully updated in /opt/york/Sophos/398.200511020900 Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: New Batch: Found 3 messages waiting Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: New Batch: Scanning 2 messages, 78345 bytes Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: Config: calling custom end function Hostname Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23424]: MailScanner child dying of old age Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: Config: calling custom end function Hostname Nov 2 09:02:03 mail-gw2.york.ac.uk MailScanner[23375]: MailScanner child dying of old age Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: Config: calling custom end function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23422]: MailScanner child dying of old age Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[29604]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[29604]: Config: calling custom init function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[29604]: Bayes database rebuild is due Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: Config: calling custom end function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23413]: MailScanner child dying of old age Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: Config: calling custom end function Hostname Nov 2 09:02:04 mail-gw2.york.ac.uk MailScanner[23433]: MailScanner child dying of old age Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: Config: calling custom end function Hostname Nov 2 09:02:06 mail-gw2.york.ac.uk MailScanner[23432]: MailScanner child dying of old age Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: Config: calling custom end function Hostname Nov 2 09:02:07 mail-gw2.york.ac.uk MailScanner[23383]: MailScanner child dying of old age Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: New Batch: Found 4 messages waiting Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: New Batch: Scanning 2 messages, 78261 bytes Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: New Batch: Found 4 messages waiting Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: New Batch: Scanning 2 messages, 78345 bytes Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: Config: calling custom end function Hostname Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23403]: MailScanner child dying of old age Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: Config: calling custom end function Hostname Nov 2 09:02:08 mail-gw2.york.ac.uk MailScanner[23412]: MailScanner child dying of old age Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: New Batch: Scanning 4 messages, 156606 bytes Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: Sophos update of /opt/york/Sophos/ide/398_ides.zip detected, resetting SAVI Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: Sophos SAVI library has been updated, killing this child Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: Config: calling custom end function Hostname Nov 2 09:02:09 mail-gw2.york.ac.uk MailScanner[23393]: MailScanner child dying of old age Nov 2 09:02:14 mail-gw2.york.ac.uk MailScanner[29608]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:14 mail-gw2.york.ac.uk MailScanner[29608]: Config: calling custom init function Hostname Nov 2 09:02:24 mail-gw2.york.ac.uk MailScanner[29614]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:24 mail-gw2.york.ac.uk MailScanner[29614]: Config: calling custom init function Hostname Nov 2 09:02:34 mail-gw2.york.ac.uk MailScanner[29617]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:34 mail-gw2.york.ac.uk MailScanner[29617]: Config: calling custom init function Hostname Nov 2 09:02:44 mail-gw2.york.ac.uk MailScanner[29621]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:44 mail-gw2.york.ac.uk MailScanner[29621]: Config: calling custom init function Hostname Nov 2 09:02:54 mail-gw2.york.ac.uk MailScanner[29623]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:02:54 mail-gw2.york.ac.uk MailScanner[29623]: Config: calling custom init function Hostname Nov 2 09:03:04 mail-gw2.york.ac.uk MailScanner[29627]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:04 mail-gw2.york.ac.uk MailScanner[29627]: Config: calling custom init function Hostname Nov 2 09:03:14 mail-gw2.york.ac.uk MailScanner[29628]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:14 mail-gw2.york.ac.uk MailScanner[29628]: Config: calling custom init function Hostname Nov 2 09:03:24 mail-gw2.york.ac.uk MailScanner[29634]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:24 mail-gw2.york.ac.uk MailScanner[29634]: Config: calling custom init function Hostname Nov 2 09:03:34 mail-gw2.york.ac.uk MailScanner[29637]: MailScanner E-Mail Virus Scanner version 4.32.5 starting... Nov 2 09:03:34 mail-gw2.york.ac.uk MailScanner[29637]: Config: calling custom init function Hostname Nov 2 10:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Found sophos installed Nov 2 10:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Running autoupdate for sophos Nov 2 10:01:46 mail-gw2.york.ac.uk Sophos-autoupdate[391]: Sophos successfully updated in /opt/york/Sophos/398.200511021000 Nov 2 11:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Found sophos installed Nov 2 11:00:00 mail-gw2.york.ac.uk update.virus.scanners: [ID 702911 local5.info] Running autoupdate for sophos Nov 2 11:00:30 mail-gw2.york.ac.uk Sophos-autoupdate[1366]: Sophos successfully updated in /opt/york/Sophos/398.200511021100 Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29634]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29634]: SophosSAVI using 207 IDE files Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29623]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29623]: SophosSAVI using 207 IDE files Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29637]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29637]: SophosSAVI using 207 IDE files Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29614]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:11 mail-gw2.york.ac.uk MailScanner[29614]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29604]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29604]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29614]: Using locktype = flock Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29617]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29617]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29614]: New Batch: Found 1513 messages waiting Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29614]: New Batch: Scanning 30 messages, 515556 bytes Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29627]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29627]: SophosSAVI using 207 IDE files Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29604]: Using locktype = flock Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29608]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:12 mail-gw2.york.ac.uk MailScanner[29608]: SophosSAVI using 207 IDE files Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29634]: Using locktype = flock Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29621]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29621]: SophosSAVI using 207 IDE files Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29637]: Using locktype = flock Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29604]: New Batch: Found 1513 messages waiting Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29604]: New Batch: Scanning 30 messages, 399223 bytes Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29628]: SophosSAVI 3.98 (engine 2.31) recognizing 111797 viruses Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29628]: SophosSAVI using 207 IDE files Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29623]: Using locktype = flock Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29634]: New Batch: Found 1513 messages waiting Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29634]: New Batch: Scanning 30 messages, 160234 bytes Nov 2 11:02:13 mail-gw2.york.ac.uk MailScanner[29627]: Using locktype = flock Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29617]: Using locktype = flock Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29637]: New Batch: Found 1513 messages waiting Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29637]: New Batch: Scanning 30 messages, 244209 bytes Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29623]: New Batch: Found 1513 messages waiting Nov 2 11:02:14 mail-gw2.york.ac.uk MailScanner[29623]: New Batch: Scanning 30 messages, 486390 bytes Nov 2 11:02:15 mail-gw2.york.ac.uk MailScanner[29621]: Using locktype = flock Nov 2 11:02:15 mail-gw2.york.ac.uk MailScanner[29627]: New Batch: Found 1513 messages waiting Nov 2 11:02:15 mail-gw2.york.ac.uk MailScanner[29627]: New Batch: Scanning 30 messages, 2599162 bytes ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Wed Nov 2 17:41:32 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: On Wed, 2005-11-02 at 17:27 +0000, Mike Brudenell wrote > I carefully went through all the MailScanner scripts and changed references > to /usr/local/... to /opt/york/... in (I think!) every relevant location. > I've been using 'find' and 'grep' most of the afternoon to try and track > down any I missed but to no avail. Have you got the 'lsof' (list open files) and 'lslk' (list locks) installed (I don't know anything about Solaris) - as these usually help me out in cases like this. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Nov 3 14:36:59 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Glenn Steen wrote: >> That ol' thing still works like a charm, yes. Used it for ages. >> Downside is that it doesn't really keep the spam quarantine clean, it >> just make sure that that message is detected as a virus carrier (scan >> is "forced" since it is delivered). In a MailWatch environment, where >> you never (or seldom:) release messages from commandline, this is not >> a problem. >> >> But the Keep Clean thing should work too, and this time really keep >> the spam quarantine clean. >> >> Ed, might it be as simple as you looking in the wrong place for the >> quarantined message? Or were they ... "munged up" in some unfortunate >> way? >> > What happened is I had reject emails with encrypted zip files. Except > to certain combinations of sender and receiver. Well somebody sent an > email to the boss at a little used email address. This email was > marked as dangerous. When I went to use the release from quarantine I > didn't have that option. I was able to go to the quarantine and > manually find the email and get the zip file, so I was just being lazy > and not keeping quarantine clean, I will be setting this back and do > the manually release steps. To be sure I wasn't total confused (which I'm still am but a little less so) I turned back on clean up quarantine. With this set I can't use MailWatch to view or release any message. No matter if its marked clean, spam, high spam (which I never should as its deleted), or marked as Bad Content/Infected. When I changed it back to no clean up quarantine I was able to view messages and release them from quarantine. I'm using MS 4.45.4 and postfix. My quarantine options are: Quarantine Infections = yes Quarantine Silent Viruses = yes Quarantine Modified Body = no Quarantine Whole Message = yes Quarantine Whole Message As Queue Files = no (yes = lost all view/release functionality of MW) Keep Spam And MCP Archive Clean = no (yes = lost all view/release functionality of MW) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 3 13:03:55 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > Sent: Thursday, November 03, 2005 1:58 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: installing libmilter > > MailScanner mailing list <> scribbled on Thursday, November > 03, 2005 6:04 > AM: > > > Hi all pro's :) > > > > Could somone shed some light how to do the libmilter > installation on > > CentOS. > > I managed to figure out I need the source to build the libmilter > > included in the package > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > > before I can do the rest but Im not sure how to actually do the > > libmilter/sendmail rebuild thingy. > > > > If this is something someone like me should not do pls > informa and Ill > > drop it until I actually know what Im doing > > > > Never even tried to rebuild sendmail since I only use out > of the box > > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > > > /Anders > > > You should be able to just rebuild the .src.rpm as is. If > you watch the build process, you will see "milter" scroll > across your screen several times. Are you certain you don't > already have the milter support? > > Mike > Nope, Im not sure and dont have a clue how to check :( ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Wed Nov 2 18:37:29 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Scott Silva wrote: Ed Yup. We had to shutdown all the computers yesterday. Was in a meeting discussing the dangers of hooking up laptops to our network, when one of our techs sticks his in the door and says we seem to be having a problem. I was only running ClamAV but it stopped all the Bagle variants hitting us through email. Just for grins I ran ClamAV and BitDefender against the email archives and lots of email infected, but not detected because they were identified as Spam. Must think on this because I have email not cleaned up so people can release from Quarantine. Now we could be releasing infected emails. You could run with the "keep quarantine clean" option. WIll add to load because MailScanner will virus scan the spam also. But if I do that then I can't use MailWatch to release messages form quarantine. It appears that the clean up is storing emails in a format that can't be released from Quarantine. I'm still not sure what to do or what I did that may have caused this. I'm still looking at the options. We've had a few important emails that were misidentified and I was able to just release them from quarantine. But only because I had removed the keep quarantine clean option. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 3 09:30:33 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 03/11/05, Steve Freegard wrote: (snip) > If this is preventing you from releasing a legitimate message then you > need to treat the cause of the problem: a false-positive from the virus > scanner, most of them that I've seen can be fixed by raising the > 'ClamAVmodule Maximum Compression Ratio' module (if ClamAVmodule is > used) or changing the settings in clamav-wrapper to achieve the same. Ah, which would put the message as "un-releasable" (is there really such a word?) in MailWatch. Well, the simple fix (for the affected message, which is already past the stage where adjusting the system so that it wont happen again matters) is to just release it from the command line. most MTAs have a nice "sendmail convenience command" for this purpose... as easy as looking at the actual recipient in MW (if it differs from the headers) and doing "sendmail -oi recipient@add.ress < /path/to/message/file" (or similar... check the wiki when it's back online, perhaps there's something specific for your MTA there). (snip) > > Would adding an option to the spam actions ( and high scoring spam > > options) to forward to an alias pointed to the bitbucket cause a virus > > scan of an infected spam message "before" it is stored? > > Worth a try for a day or so. > > You could probably forward a real spammy example from your archives, > > with an eicar attachment and test it. > > > > This does exactly the same thing as 'Keep Spam And MCP Archive Clean' - > so it wouldn't make any difference. I would only recommend this on > MailScanner versions that don't have the proper option to do this. I was under the impression that unlike the hack, which will leave the message in both the spam and the virus quarantine, the "Keep Clean" thing will actually remove the virus infected message from the spam quarantine. Am I wrong in thinking this? > > Cheers, > Steve. > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brichter at INTERACCESS.COM Wed Nov 2 20:29:00 2005 From: brichter at INTERACCESS.COM (brichter) Date: Thu Jan 12 21:31:04 2006 Subject: Sendmail Access related question Message-ID: Please excuse this if this is not the proper list for this question.. It is related to Mailscanner in the sense that I learned on the Mailscanner WIKI how to do this - block all traffic to non valid AD Echange addresses. (At the front end, instead of letting it through then Exchange has to deal with the NDR's) We have several mail scanner/Spam Assassin/Sendmail servers that download all SMTP aliases from a VBS that runs on our Active Directory servers. These SMTP addresses are then allowed to relay through the sendmail access file. (so only properly addressed emails make it into our company, it's amazing up to 20,000 per day are spelled wrong!(denied)) Example: To: test.com REJECT Invalid Users Name. To:test@test.com RELAY To:test2@test.com RELAY This works great accept I am noticing a few stray messages still getting by sendmail. (if someone uses Bang notation I think it's called) - test!@test.com will get through. using To:!@test.com REJECT does not catch them or To:test@test.com REJECT How can I block this in the access file? Thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 3 15:13:28 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > >> -----Original Message----- > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > >> > >>> Hi all pro's :) > >>> > >>> Could somone shed some light how to do the libmilter > >> installation on > >>> CentOS. > >>> I managed to figure out I need the source to build the libmilter > >>> included in the package > >>> > >> > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > >>> before I can do the rest but Im not sure how to actually do the > >>> libmilter/sendmail rebuild thingy. > >>> > >>> If this is something someone like me should not do pls > >> informa and Ill > >>> drop it until I actually know what Im doing > >>> > >>> Never even tried to rebuild sendmail since I only use out > >> of the box > >>> with some changes in sendmail.mc so go easy on a hardcore > > newbie :) > >>> > >>> /Anders > >>> > >> You should be able to just rebuild the .src.rpm as is. If > > you watch > >> the build process, you will see "milter" scroll across your screen > >> several times. Are you certain you don't already have the milter > >> support? > >> > >> Mike > >> > > > > Nope, Im not sure and dont have a clue how to check :( > > > > Recent versions of sendmail have libmilter included by > default. You are probably good to go already. > That sounds like something my eyes like to read :) /anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 17:39:01 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: --On 2 November 2005 17:27:42 +0000 Mike Brudenell wrote: > I carefully went through all the MailScanner scripts and changed > references to /usr/local/... to /opt/york/... in (I think!) every > relevant location. I've been using 'find' and 'grep' most of the > afternoon to try and track down any I missed but to no avail. Sorry, I should also have said... * We are using only the sophossavi scanner module * MailScanner is running as root (whose home directory is, of course, on local disk!) Cheers, Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 21:31:41 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] H Milton, Thanks for the suggested partitions I will use the second one I think Lance Milton Calnek wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >I'd setup a software mirror, if mirroring was your intended goal. > >The actual partition layout depends on your goals/situation. > >I'd probably do it one of 2 ways: >1. >/boot 100M >swap 2 * $RAM >/ The rest > >2. >/boot 100M >swap 2 * $RAM >/ 10G >/var 20G >/var/spool/mail the rest > > >Lance Haig wrote: > >>Hi, >> >>I have tried now for two days to get my SATA raid card to work with my >>new server but I have decided that it is to much effort to find drivers >>for it. >> >>I now have 2 80 gig SATA drives for my new MS server and was wondering >>wat you guys would suggest as the ideal way to partition my system >> >>I normaly create a 500MB boot with EXT2 and then the rest is set to / >> >>I am open to suggestions. >> >>Thanks >> >>Lance >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.4.2 (GNU/Linux) >Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > >iD8DBQFDaNpyHgnbf2T2QqMRAnVCAJ9PeDVa1H9F3WhD3VnQEueDcHQrUQCfbziw >LO42mVuy9RMenNwCOvD/3uQ= >=FTHd >-----END PGP SIGNATURE----- > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 2 18:50:58 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce spake the following on 11/2/2005 10:37 AM: > Scott Silva wrote: > >>Ed >> >>> >>>Yup. We had to shutdown all the computers yesterday. Was in a meeting >>>discussing the dangers of hooking up laptops to our network, when one of >>>our techs sticks his in the door and says we seem to be having a >>>problem. I was only running ClamAV but it stopped all the Bagle variants >>>hitting us through email. >>> >>>Just for grins I ran ClamAV and BitDefender against the email archives >>>and lots of email infected, but not detected because they were >>>identified as Spam. Must think on this because I have email not cleaned >>>up so people can release from Quarantine. Now we could be releasing >>>infected emails. >>> >>> >>> >>You could run with the "keep quarantine clean" option. >>WIll add to load because MailScanner will virus scan the spam also. >> >> >> >> > > But if I do that then I can't use MailWatch to release messages form > quarantine. It appears that the clean up is storing emails in a format > that can't be released from Quarantine. I'm still not sure what to do or > what I did that may have caused this. I'm still looking at the options. > We've had a few important emails that were misidentified and I was able > to just release them from quarantine. But only because I had removed the > keep quarantine clean option. > Would adding an option to the spam actions ( and high scoring spam options) to forward to an alias pointed to the bitbucket cause a virus scan of an infected spam message "before" it is stored? Worth a try for a day or so. You could probably forward a real spammy example from your archives, with an eicar attachment and test it. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 2 16:09:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi, > > I have tried now for two days to get my SATA raid card to work with my > new server but I have decided that it is to much effort to find drivers > for it. > > I now have 2 80 gig SATA drives for my new MS server and was wondering > wat you guys would suggest as the ideal way to partition my system > > I normaly create a 500MB boot with EXT2 and then the rest is set to / > > I am open to suggestions. I'd suggest having a separate /var partition. This way if /var/spool/* or /var/log/* fills up, you are not completely out of disk on all parts of the filesystem. Conversely, if a large download to your home dir takes up a lot of disk space, your mail queues can keep running without a hitch. I usually make separate /boot, /var, /home, /usr and /tmp partitions, in addition to /. This might be more than you'd want for your needs, but a separate /var and /tmp can both be useful. If your box is devoted to mailscanner you might even consider making a separate /var/spool too. Here's my current layup on a mailscanner/dns box. It's not optimal, but it works: Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda6 7060276 892608 5809020 14% / /dev/sda1 101089 13293 82577 14% /boot /dev/sda5 5036284 41340 4739112 1% /chroot /dev/sda7 4538124 501900 3805696 12% /home /dev/sda8 1510032 32980 1400344 3% /tmp /dev/sda2 10080520 1375392 8193060 15% /usr /dev/sda3 9068648 525800 8082188 7% /var ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 2 16:55:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Mike How are you handling the link to the file NFS with soft links or hard links. I've seen older versions of Solaris get upset when NFS links go offline, even when they are to soft links.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Brudenell > Sent: 02 November 2005 16:40 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] A well-hung MailScanner :-( > > Sigh. We had an outage on our central file server today. > > I really, truly thought that I'd built our mail gateways and their > installations of MailScanner, Sophos Anti-Virus, etc to be independent of > the central file server for exactly this eventuality, but it appears > not... > > * The filer went off the air at around 8:11am. > > * At 9am the MailScanner scripts to update Sophos' IDE files kicked off. > Up to this point MailScanner had been happily processing the messages > arriving in the inbound Sendmail queue. > > * The 9am update of Sophos appeared to go OK ... it's just MailScanner > didn't pick up processing e-mails again. > > * The same happened at the 10am update. > > * At 11:01am the filer came back online for a couple of minutes, at > which > point MailScanner started processing again. > > * The filer went offline again at 11:03am. MailScanner continued to > work. > > * The filer was finally back online at 11:15am and MailScanner has > worked > ever since. > > When I built the installation I put Perl, Sophos, BerkeleyDB and > MailScanner all on local disk (in /opt/york) rather than anything mounted > from the filer, such as our shared /usr/local. > > It's a rather old installation of MailScanner (4.32.5) running under > Solaris 8. I'm as sure as I can be that I didn't miss anything, yet it > smacks to me of MailScanner trying to stat a lockfile, or perhaps looking > for an executable along the PATH environment variable (which currently has > filer-mounted directories before the local ones :-( > > But I can't see anywhere that MailScanner might be doing this: > > * The mailscnner.conf has > Lockfile Dir = /tmp > > * I'd assume MailScanner restting SAVI and forking the new children > wouldn't involve looking for any executables along the PATH? > > Does anyone have any thoughts, please? I enclose as an attachment a > cut'n'pasted extract from the scannerlog for that time frame. > > Cheers, > Mike B-) > > -- > The Computing Service, University of York, Heslington, York Yo10 5DD, UK > Tel:+44-1904-433811 FAX:+44-1904-433740 > > * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From brose at MED.WAYNE.EDU Wed Nov 2 15:18:03 2005 From: brose at MED.WAYNE.EDU (Rose, Bobby) Date: Thu Jan 12 21:31:04 2006 Subject: MailWatch for MailScanner and database clean Message-ID: Is there a function in Mailwatch to remove old data from maillog? I found a php script in tools but it doesn't seem to work. Fatal error: Call to undefined function: mysql_pconnect() in /var/www/html/mailscanner/functions.php on line 498 Also, I didn't see any instructions in 1.0.3 for - Added SQLSpamScores.pm - allows users to set their own spam preferences, thanks to Dennis Willson for this. I'm guessing that this is supposed to be defined as a ruleset in MailScanner.conf for the scores but that needs clarification. -=B ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 3 12:33:47 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 03/11/05, Steve Freegard wrote: > On Thu, 2005-11-03 at 10:30 +0100, Glenn Steen wrote: > > On 03/11/05, Steve Freegard wrote: > > (snip) > > > > I was under the impression that unlike the hack, which will leave the > > message in both the spam and the virus quarantine, the "Keep Clean" > > thing will actually remove the virus infected message from the spam > > quarantine. > > Am I wrong in thinking this? > > Not really sure on this - it could have been a side-effect of the hack, > but it shouldn't make a difference as the message would be still be in > the main quarantine. > > Cheers, > Steve. > Well yes, it is a side-effect of the hack. As said earlier, the bad thing with it is if you release manually from the command line, since then you just *might* release what you think is spam *but is in reality a virus* to the end user... And one usually whitelist 127.0.0.1, so ... That whole sentence speaks in favour of client side protection, doesn't it:-). The "Keep Clean" thing should take care of that (IMO if nothing else). Once Jules is done assessing firedamage, I'm sure he'll set us straight:). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 18:07:25 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi all... > smf@F2S.COM 02/11/05 16:51:56 >>> >I've just been building some RPM's for SA 3.1 - it appears that the >MakeMaker config has changed between 3.0.x and 3.1.x. >How did you build SpamAssassin?? - I found that I had run: >perl Makefile.PL PREFIX=/usr SYSCONFDIR=/etc/mail/spamassassin >to get it to look in the correct places (in 3.0.x I only had to specify >PREFIX). Ahhh that sort of explains things. I was being lazy, I used Julian's 'Install-Clam-SA', and all was fine apart from the obvious little omission. My kludge is okay for now(symlinking /usr/etc/mail/spamassassin), I guess I'll worry about it when 3.1.1 (or whatever) comes along! ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Thu Nov 3 13:14:24 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Anders Andersson, IT > Sent: Thursday, November 03, 2005 7:04 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: OT: installing libmilter > > Hi all pro's :) > > Could somone shed some light how to do the libmilter installation on > CentOS. > I managed to figure out I need the source to build the libmilter > included in the package > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > before I can do the rest but Im not sure how to actually do the > libmilter/sendmail rebuild thingy. > > If this is something someone like me should not do pls informa and Ill > drop it until I actually know what Im doing > > Never even tried to rebuild sendmail since I only use out of the box > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > /Anders You shouldn't need to build libmilter. Just install the sendmail-devel rpm. Then read /usr/share/doc/sendmail/README.libmilter for the gory details. Most milters are fairly easy to install. Some general instructions: 1. Download and unpack the milter source code 2. Configure build and install the milter 3. Install the init script so the milter can start on reboot (some milters do this automatically). 4. Start and test the milter (look at the mail logs for error) 5. Configure the init script to run at boot 6. Modify your sendmail.mc file to configure sendmail to user the milter. Typically it's just adding a line similar to: INPUT_MAIL_FILTER(`milter-greylist', `S=local:/var/milter-greylist/milter-greylist.sock') 7. Use m4 to rebuild your sendmail.cf file from your modified sendmail.mc file 8. Restart sendmail (don't forget to check the mail log for errors) Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lbcadmin at GMAIL.COM Wed Nov 2 16:29:30 2005 From: lbcadmin at GMAIL.COM (Information Services) Date: Thu Jan 12 21:31:04 2006 Subject: /dev/null Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I set up a nonproduction system running CentOS 4.1, MailScanner 4.44.1-1, MailWatch 1.0.1, sendmail 8.13.4-1, webmin. I went into webmin, sendmail configuration, and under domain routing I put these rules: .domain.com local:/dev/null domain.com local:/dev/null When mail comes from this specified domain, then it will automatically be delivered to the "bit bucket." I was looking at /var/log/maillog, but I do not see anything telling me it is being delivered to /dev/null. Am I missing something or did I configure wrong? Are the messages just looking like they are being processed, and then getting stuck, or are they infact doing what I want them to do? I have no messages in the mail queue, and her is a snipit from /var/log/mailog Nov 2 10:26:37 wks-lin8 MailScanner[24632]: Message jA2FuBua024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:26:37 wks-lin8 MailScanner[24868]: Message jA2FuBv8024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:26:52 wks-lin8 MailScanner[24868]: Message jA2FuBuw024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:26:52 wks-lin8 MailScanner[24632]: Message jA2FuBuA024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:04 wks-lin8 sendmail[24403]: jA2FuBxg024403: from=, size=6799, class=0, nrcpts=1, msgid=<31351745.1130949883662.JavaMail.oracle@wks-psdb.lovebox.com>, proto=ESMTP, daemon=MTA, relay=[172.16.3.70] Nov 2 10:27:04 wks-lin8 sendmail[24403]: jA2FuBxh024403: from=, size=7735, class=0, nrcpts=1, msgid=<16704796.1130949883755.JavaMail.oracle@wks-psdb.lovebox.com>, proto=ESMTP, daemon=MTA, relay=[172.16.3.70] Nov 2 10:27:05 wks-lin8 MailScanner[24632]: Message jA2FuBue024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:05 wks-lin8 MailScanner[24868]: Message jA2FuBup024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:18 wks-lin8 MailScanner[24632]: Message jA2FuBuS024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:18 wks-lin8 MailScanner[24868]: Message jA2FuBv9024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:32 wks-lin8 MailScanner[24632]: Message jA2FuBuY024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:32 wks-lin8 MailScanner[24868]: Message jA2FuBv3024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:45 wks-lin8 MailScanner[24632]: Message jA2FuBuD024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:45 wks-lin8 MailScanner[24868]: Message jA2FuBv4024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:58 wks-lin8 MailScanner[24632]: Message jA2FuBuT024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:27:58 wks-lin8 MailScanner[24868]: Message jA2FuBur024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:11 wks-lin8 MailScanner[24632]: Message jA2FuBuJ024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:12 wks-lin8 MailScanner[24868]: Message jA2FuBug024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:25 wks-lin8 MailScanner[24868]: Message jA2FuBuo024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) Nov 2 10:28:25 wks-lin8 MailScanner[24632]: Message jA2FuBub024403 from 172.16.3.70 (workflow@lovebox.com) to lovebox.com is not spam, SpamAssassin (score=-25.758, required 3, autolearn=not spam, ALL_TRUSTED -2.82, HTML_90_100 0.19, HTML_MESSAGE 0.00, LBC_CUSTOM_RULE_4 -25.00, MIME_HTML_ONLY 1.16, UPPERCASE_25_50 0.21, WEIRD_PORT 0.51) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Wed Nov 2 15:25:38 2005 From: mcalnek at PCPLACE.CA (Milton Calnek) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd setup a software mirror, if mirroring was your intended goal. The actual partition layout depends on your goals/situation. I'd probably do it one of 2 ways: 1. /boot 100M swap 2 * $RAM / The rest 2. /boot 100M swap 2 * $RAM / 10G /var 20G /var/spool/mail the rest Lance Haig wrote: > Hi, > > I have tried now for two days to get my SATA raid card to work with my > new server but I have decided that it is to much effort to find drivers > for it. > > I now have 2 80 gig SATA drives for my new MS server and was wondering > wat you guys would suggest as the ideal way to partition my system > > I normaly create a 500MB boot with EXT2 and then the rest is set to / > > I am open to suggestions. > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDaNpyHgnbf2T2QqMRAnVCAJ9PeDVa1H9F3WhD3VnQEueDcHQrUQCfbziw LO42mVuy9RMenNwCOvD/3uQ= =FTHd -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 2 17:39:37 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Mike Hmm by default MS will install/update the Sophos stuff to /usr/local/Sophos ...... are you sure that's local (I mean not on the filer). MS tends to get upset if it's not in that location. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Mike Brudenell > Sent: 02 November 2005 17:28 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] A well-hung MailScanner :-( > > Greetings - > > --On 2 November 2005 16:55:55 +0000 Martin Hepworth > wrote: > > > How are you handling the link to the file NFS with soft links or hard > > links. > > > > I've seen older versions of Solaris get upset when NFS links go offline, > > even when they are to soft links.. > > Ummm, I'm not sure which file you're referring to... > > We have a directory tree (/opt/york) which is purely on locally attached > disk: > > * When I installed the system I built new versions of Perl, BerkeleyDB, > etc to just go into/use /opt/york > > * Sophos is also installed directly into /opt/york; there are no > symlinks > via the NFS-mounted /usr/local > > * Similarly MailScanner is installed directly into /opt/york; there are > no symlinks via /usr/local > > I carefully went through all the MailScanner scripts and changed > references > to /usr/local/... to /opt/york/... in (I think!) every relevant location. > I've been using 'find' and 'grep' most of the afternoon to try and track > down any I missed but to no avail. > > My head hurts. > > Cheers, > Mike B-} > > -- > The Computing Service, University of York, Heslington, York Yo10 5DD, UK > Tel:+44-1904-433811 FAX:+44-1904-433740 > > * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Nov 3 14:20:47 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: MailScanner mailing list <> scribbled on Thursday, November 03, 2005 7:04 AM: >> -----Original Message----- >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher >> Sent: Thursday, November 03, 2005 1:58 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: installing libmilter >> >> MailScanner mailing list <> scribbled on Thursday, November > 03, 2005 >> 6:04 >> AM: >> >>> Hi all pro's :) >>> >>> Could somone shed some light how to do the libmilter >> installation on >>> CentOS. >>> I managed to figure out I need the source to build the libmilter >>> included in the package >>> >> > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm >>> before I can do the rest but Im not sure how to actually do the >>> libmilter/sendmail rebuild thingy. >>> >>> If this is something someone like me should not do pls >> informa and Ill >>> drop it until I actually know what Im doing >>> >>> Never even tried to rebuild sendmail since I only use out >> of the box >>> with some changes in sendmail.mc so go easy on a hardcore > newbie :) >>> >>> /Anders >>> >> You should be able to just rebuild the .src.rpm as is. If > you watch >> the build process, you will see "milter" scroll across your screen >> several times. Are you certain you don't already have the milter >> support? >> >> Mike >> > > Nope, Im not sure and dont have a clue how to check :( > Recent versions of sendmail have libmilter included by default. You are probably good to go already. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joe at NAOS.STERLING.NET Thu Nov 3 16:09:27 2005 From: joe at NAOS.STERLING.NET (Joe Young) Date: Thu Jan 12 21:31:04 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: Help, I am running on CentOS release 4.0 (Final) with Perl version 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has been scoring lower than normal for the last couple of weeks. Most of the untagged spam has been the geocities link spam and the emails that contain mostly images. Almost all of the spam emails are scored with BAYES_00 -2.60. What are some possible steps to change the bayes score without feeding it spam? Thank you, Joe Young ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Thu Nov 3 12:58:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: MailScanner mailing list <> scribbled on Thursday, November 03, 2005 6:04 AM: > Hi all pro's :) > > Could somone shed some light how to do the libmilter > installation on CentOS. > I managed to figure out I need the source to build the > libmilter included in the package > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > before I can do the rest but Im not sure how to actually do > the libmilter/sendmail rebuild thingy. > > If this is something someone like me should not do pls > informa and Ill drop it until I actually know what Im doing > > Never even tried to rebuild sendmail since I only use out of > the box with some changes in sendmail.mc so go easy on a > hardcore newbie :) > > /Anders > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! You should be able to just rebuild the .src.rpm as is. If you watch the build process, you will see "milter" scroll across your screen several times. Are you certain you don't already have the milter support? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 17:27:42 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Greetings - --On 2 November 2005 16:55:55 +0000 Martin Hepworth wrote: > How are you handling the link to the file NFS with soft links or hard > links. > > I've seen older versions of Solaris get upset when NFS links go offline, > even when they are to soft links.. Ummm, I'm not sure which file you're referring to... We have a directory tree (/opt/york) which is purely on locally attached disk: * When I installed the system I built new versions of Perl, BerkeleyDB, etc to just go into/use /opt/york * Sophos is also installed directly into /opt/york; there are no symlinks via the NFS-mounted /usr/local * Similarly MailScanner is installed directly into /opt/york; there are no symlinks via /usr/local I carefully went through all the MailScanner scripts and changed references to /usr/local/... to /opt/york/... in (I think!) every relevant location. I've been using 'find' and 'grep' most of the afternoon to try and track down any I missed but to no avail. My head hurts. Cheers, Mike B-} -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Nov 3 15:55:09 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:04 2006 Subject: installing libmilter Message-ID: > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Mike Kercher > > Sent: Thursday, November 03, 2005 1:58 PM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: installing libmilter > > > > You should be able to just rebuild the .src.rpm as is. If > > you watch the build process, you will see "milter" scroll > > across your screen several times. Are you certain you don't > > already have the milter support? > > > > Mike > > > > Nope, Im not sure and dont have a clue how to check :( Run sendmail from the command line with -d0.2, eg: /usr/lib/sendmail -d0.2 Look at the output for 'MILTER' -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "I haven't lost my mind...I sold it on eBay!" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 2 17:34:07 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce spake the following on 11/2/2005 8:06 AM: > Glenn Steen wrote: > >> Same here (although I'm already +1 to Denis' total:-). >> Seems to be a pox of bagle variants "going on" right now, so you might >> just be seeing the ... speed/frequency of updates put out by BD. >> >> I've been very glad to have BD this night, sole one picking up some of >> them... And that with heuristics. >> >> So much for it being ... "quiet on the viral front", as discussed >> earlier:) >> > > Yup. We had to shutdown all the computers yesterday. Was in a meeting > discussing the dangers of hooking up laptops to our network, when one of > our techs sticks his in the door and says we seem to be having a > problem. I was only running ClamAV but it stopped all the Bagle variants > hitting us through email. > > Just for grins I ran ClamAV and BitDefender against the email archives > and lots of email infected, but not detected because they were > identified as Spam. Must think on this because I have email not cleaned > up so people can release from Quarantine. Now we could be releasing > infected emails. > You could run with the "keep quarantine clean" option. WIll add to load because MailScanner will virus scan the spam also. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Wed Nov 2 16:51:56 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi Peter, On Wed, 2005-11-02 at 14:33 +0000, Peter Bates wrote: > Hello all/Steve! > > > smf@F2S.COM 02/11/05 13:21:35 >>> > >Curious - next best thing is going to be to pick a quiet time and run > a > >batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin > = > >yes' and see if anything shows up there. > > Well, I've done that, and I have a few odd results, which probably > explain why bits aren't working... > > Right at the top we have: > > [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules > pre files > [16029] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [16029] dbg: config: using "/usr/share/spamassassin" for default rules > dir > Whoops... I think that begins to explain my problem. > > I can also see: > > [16029] info: config: failed to parse line, skipping: urirhssub > URIBL_JP_SURBL > multi.surbl.org. A 64 > > [16029] dbg: uri: running uri tests; score so far=0.96 > [16029] dbg: rules: no method found for eval test check_uridnsbl > rules: failed to run URIBL_JP_SURBL test, skipping: > (Can't locate object method "check_uridnsbl" via package > "Mail::SpamAssa > ssin::PerMsgStatus" at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgSt > atus.pm line 2581. > ) > > ... which also explain why I seem to be seeing no hits on URIs since > upgrading. > > Any thoughts? > > There's clearly something that was okay in my MailScanner.conf (or > spam.assassin.prefs.conf) for 3.0.4 but is now very *unhappy*. > > In MailScanner.conf: > > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > > Oh, just as it seemed an obvious thing to do, > I symlinked /usr/etc/mail/spamassassin to /etc/mail/spamassassin, > and guess what? It now works... > > Is there some default setting here I'm missing in what is a fairly > 'out of the box' install? I've just been building some RPM's for SA 3.1 - it appears that the MakeMaker config has changed between 3.0.x and 3.1.x. How did you build SpamAssassin?? - I found that I had run: perl Makefile.PL PREFIX=/usr SYSCONFDIR=/etc/mail/spamassassin to get it to look in the correct places (in 3.0.x I only had to specify PREFIX). Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Nov 3 08:52:57 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: On Wed, 2005-11-02 at 10:50 -0800, Scott Silva wrote: > Ed Bruce spake the following on 11/2/2005 10:37 AM: > > Scott Silva wrote: > > > >>Ed > >> > >>> > >>>Yup. We had to shutdown all the computers yesterday. Was in a meeting > >>>discussing the dangers of hooking up laptops to our network, when one of > >>>our techs sticks his in the door and says we seem to be having a > >>>problem. I was only running ClamAV but it stopped all the Bagle variants > >>>hitting us through email. > >>> > >>>Just for grins I ran ClamAV and BitDefender against the email archives > >>>and lots of email infected, but not detected because they were > >>>identified as Spam. Must think on this because I have email not cleaned > >>>up so people can release from Quarantine. Now we could be releasing > >>>infected emails. > >>> > >>> > >>> > >>You could run with the "keep quarantine clean" option. > >>WIll add to load because MailScanner will virus scan the spam also. > >> > >> > >> > >> > > > > But if I do that then I can't use MailWatch to release messages form > > quarantine. It appears that the clean up is storing emails in a format > > that can't be released from Quarantine. I'm still not sure what to do or > > what I did that may have caused this. I'm still looking at the options. > > We've had a few important emails that were misidentified and I was able > > to just release them from quarantine. But only because I had removed the > > keep quarantine clean option. Not so - I always use the 'Keep Spam And MCP Archive Clean' setting when using MailWatch to prevent users/admins from releasing anything that was detected as infected by a virus scanner. If this is preventing you from releasing a legitimate message then you need to treat the cause of the problem: a false-positive from the virus scanner, most of them that I've seen can be fixed by raising the 'ClamAVmodule Maximum Compression Ratio' module (if ClamAVmodule is used) or changing the settings in clamav-wrapper to achieve the same. The clue as to why the message is marked as infected will be in the 'Report:' section on the Message Detail screen in MailWatch - it might be worth posting the message here. > > > Would adding an option to the spam actions ( and high scoring spam > options) to forward to an alias pointed to the bitbucket cause a virus > scan of an infected spam message "before" it is stored? > Worth a try for a day or so. > You could probably forward a real spammy example from your archives, > with an eicar attachment and test it. > This does exactly the same thing as 'Keep Spam And MCP Archive Clean' - so it wouldn't make any difference. I would only recommend this on MailScanner versions that don't have the proper option to do this. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 2 17:16:08 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:04 2006 Subject: Reporting Spam by E-mail. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Aaron K. Moore wrote: > Anyone setup an e-mail address for bouncing spam to be processed by > spamassassin? I'd like to set up addresses for reporting spam and ham. > > I've found a few old links on setting it up with SpamAssassin, but > nothing with MailScanner. I'd check the wiki, but it's not back up yet. > > Thanks. > > Aaron > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > E-mail: amoore@dekalbmemorial.com > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* It's a bit complicated since most users don't know how to properly forward messages intact, without useless headers or html. Perhaps your best bet is to set up a public imap folder where they can just "throw them in", and you can use a script to train your spamassassin every night while disregarding your own headers. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 2 18:10:37 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Bates spake the following on 11/2/2005 6:33 AM: > Hello all/Steve! > > >>smf@F2S.COM 02/11/05 13:21:35 >>> >>Curious - next best thing is going to be to pick a quiet time and run > > a > >>batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin > > = > >>yes' and see if anything shows up there. > > > Well, I've done that, and I have a few odd results, which probably > explain why bits aren't working... > > Right at the top we have: > > [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules > pre files > [16029] dbg: config: using "/usr/share/spamassassin" for sys rules pre > files > [16029] dbg: config: using "/usr/share/spamassassin" for default rules > dir > > ... the second two are OK, but the first is an empty directory > (init.pre is in /etc/mail/spamassassin) > > [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules > dir > [16029] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" > for user > prefs file > > Same problem here... it has found the .conf file, but site rules is set > to an empty dir. > > [16029] info: config: failed to parse line, skipping: > auto_whitelist_path > /var/spool/MailScanner/spamassassin/auto-whitelist > [16029] info: config: failed to parse line, skipping: > auto_whitelist_file_mode > 0600 > [16029] info: config: failed to parse line, skipping: pyzor_path > /usr/bin/pyzor > [16029] info: config: failed to parse line, skipping: dcc_path > /usr/local/bin/dc > cproc > [16029] info: config: failed to parse line, skipping: razor_timeout 10 > [16029] info: config: failed to parse line, skipping: pyzor_timeout 10 > > Whoops... I think that begins to explain my problem. > > I can also see: > > [16029] info: config: failed to parse line, skipping: urirhssub > URIBL_JP_SURBL > multi.surbl.org. A 64 > > [16029] dbg: uri: running uri tests; score so far=0.96 > [16029] dbg: rules: no method found for eval test check_uridnsbl > rules: failed to run URIBL_JP_SURBL test, skipping: > (Can't locate object method "check_uridnsbl" via package > "Mail::SpamAssa > ssin::PerMsgStatus" at > /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgSt > atus.pm line 2581. > ) > > ... which also explain why I seem to be seeing no hits on URIs since > upgrading. > > Any thoughts? > > There's clearly something that was okay in my MailScanner.conf (or > spam.assassin.prefs.conf) for 3.0.4 but is now very *unhappy*. > > In MailScanner.conf: > > SpamAssassin Install Prefix = > SpamAssassin Site Rules Dir = /etc/mail/spamassassin > SpamAssassin Local Rules Dir = > SpamAssassin Default Rules Dir = > > Oh, just as it seemed an obvious thing to do, > I symlinked /usr/etc/mail/spamassassin to /etc/mail/spamassassin, > and guess what? It now works... > > Is there some default setting here I'm missing in what is a fairly > 'out of the box' install? > I had this problem also, temporarily solved it with softlinks from /usr/etc/mail/spamassassin to /etc/mail/spamassassin I think Julian's install package needs to be tweaked to fix the default SYSCONFDIR. Something must have changed in spamassassin with 3.1.0. I would have a look at it, but Julian would probably have it fixed and posted before I could get it e-mailed to him. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From adrik at SALESMANAGER.NL Wed Nov 2 15:51:43 2005 From: adrik at SALESMANAGER.NL (Adri Koppes) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi, Besides installing the missing or outdated modules from CPAN, as suggested by another reply, I think you will also have other problems, since SpamAssassin 3.x requires perl 5.6 or higher! You will have to install a second copy of Perl along side the RAQ version 5.003, which is used by some of the RAQ admin-scripts. Adri. > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Anders > Sent: woensdag 2 november 2005 10:23 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Mailscanner 4.46/4.47 on Raq4 > > Hi, > trying to install Mailscanner on a well maintained Cobalt > Raq4 (fully patched etc...) > > I am using the rpm.package and trying to follow instructions > found at http://www.qitc.net/ support/mailscanner/ (linked > from the Mailscanner installation guides page). > > I run into problem almost immediately, please see the > following excerpt from my installation log: > --------------------------------------------------------------- > [root MailScanner-4.46.2-2]# ./install.sh > > > Good. You have the patch command. > > Good, you have /usr/src/redhat in place. > > Good, unpackaged files will not break the build process. > > Good, you appear to only have 1 copy of Perl installed. > > I think you are running Perl 5.00503. > Ensuring that you have all the header files that are needed > to build HTML-Parser which is used by both MailScanner and > SpamAssassin. > > This script will pause for a few seconds after each major > step, so do not worry if it appears to stop for a while. > If you want it to stop so you can scroll back through the > output then press Ctrl-S to stop the output and Ctrl-Q to > start it again. > > > If this fails due to dependency checks, and you wish to > ignore these problems, you can run > ./install.sh nodeps > > Setting Perl5 search path > > I think your system will build architecture-dependent modules for i386 > > Rebuilding all the Perl RPMs for your version of Perl > > Attempting to build and install > perl-ExtUtils-MakeMaker-6.30-1 Installing > perl-ExtUtils-MakeMaker-6.30-1.src.rpm > Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.55082 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd /usr/src/redhat/BUILD > + rm -rf ExtUtils-MakeMaker-6.30 > + /bin/gzip -dc /usr/src/redhat/SOURCES/ExtUtils-MakeMaker-6.30.tar.gz > + tar -xf - > + STATUS=0 > + [ 0 -ne 0 ] > + cd ExtUtils-MakeMaker-6.30 > ++ /usr/bin/id -u > + [ 0 = 0 ] > + /bin/chown -Rhf root . > ++ /usr/bin/id -u > + [ 0 = 0 ] > + /bin/chgrp -Rhf root . > + /bin/chmod -Rf a+rX,g-w,o-w . > + exit 0 > Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.55082 > + umask 022 > + cd /usr/src/redhat/BUILD > + cd ExtUtils-MakeMaker-6.30 > + CFLAGS=-O2 -m486 -fno-strength-reduce > + perl Makefile.PL > + PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr > You have File::Spec version 0.6 > ExtUtils::MakeMaker requires File::Spec >= 0.8 to build at all. > BEGIN failed--compilation aborted at Makefile.PL line 20. > Bad exit status from /var/tmp/rpm-tmp.55082 (%build) > > > > Missing file > /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm. > Maybe it did not build correctly? > --------------------------------------------------------------- > Not a very good start to my installation..... I get other > errors further along the installation as well. > When extracted, I can see that there is a File::Spec package > included. ??? > > So, anyone has any idea on how to proceed? > > Regards, > Anders > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 21:28:38 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Brian, This is exactly what I want to do. I will then remove the setting in bios for raid and setup software raid instead. Thanks for the help. Lance Mailscanner wrote: >Lance Haig wrote: > > >>Hi, >> >>I have tried now for two days to get my SATA raid card to work with my >>new server but I have decided that it is to much effort to find >>drivers for it. >> >>I now have 2 80 gig SATA drives for my new MS server and was wondering >>wat you guys would suggest as the ideal way to partition my system >> >>I normaly create a 500MB boot with EXT2 and then the rest is set to / >> >>I am open to suggestions. >> >>Thanks >> >>Lance >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> > >Lance, > > >Did you want to use the raid controllers raid ? Or were you planning on >using software raid ? Most raid controllers are fake-raid anyways. Do a >google search for 'linux fake raid' > >I use centos 4.2 and software raid with lvm etc. Works like a charm, you >can even online resize etc. Its way more flexible than hardware raid, in >particular because you can do things like, stripe a certain part of the >disk and mirror another part. Also, the benefit of using software raid >is that your data is not dependant on the raid controller being around, >by that I mean, if your raid controller dies, you may well find yourself >in the situation where you need to get *exactly* the same raid >controller card, and possibly, the same firmware version, before you can >get at your data. Not a nice situation. > >Give us some more details on what your trying to do and I'm sure there >are plenty people who would be willing to help. > > >Cheers, > >Brian. > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From henker at S-H-COM.DE Thu Nov 3 16:49:38 2005 From: henker at S-H-COM.DE (Steffan Henke) Date: Thu Jan 12 21:31:04 2006 Subject: How to debug IPBlock? Message-ID: On Sat, 29 Oct 2005, Jeff A. Earickson wrote: > IPBlock. It has been in the code for a while, works great, provided > you don't have stupid typos in your IPBlock.conf file. When Julian released the latest MS on Nov 1st, I decided to gave IPBlock a try for the first time. I'm using a temporary hash file, not the "real" access.db. So, over the last couple of days I watch the contents of that file and noticed that some entries are never purged by the cronjob. They were added when I changed to a low default, say 10 mails/hour and afterwards added to the whitelist (1000/hour). Let's say, my IPBlock.conf looks like this: # Whitelists 192.168.1.100 10 # MX #default default 1000 Now, in the hash file, I have an entry MX "451 Site blocked by MailScanner due to excessive email" where MX is the real hostname of the MX, not the IP. It never gets removed from the access file. I really think it's a great feature, I just fear that someday, I may block hosts without ever taking notice of. Regards, Steffan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 3 12:03:44 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:04 2006 Subject: OT: installing libmilter Message-ID: Hi all pro's :) Could somone shed some light how to do the libmilter installation on CentOS. I managed to figure out I need the source to build the libmilter included in the package http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm before I can do the rest but Im not sure how to actually do the libmilter/sendmail rebuild thingy. If this is something someone like me should not do pls informa and Ill drop it until I actually know what Im doing Never even tried to rebuild sendmail since I only use out of the box with some changes in sendmail.mc so go easy on a hardcore newbie :) /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Thu Nov 3 13:45:12 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Glenn Steen wrote: > That ol' thing still works like a charm, yes. Used it for ages. > Downside is that it doesn't really keep the spam quarantine clean, it > just make sure that that message is detected as a virus carrier (scan > is "forced" since it is delivered). In a MailWatch environment, where > you never (or seldom:) release messages from commandline, this is not > a problem. > > But the Keep Clean thing should work too, and this time really keep > the spam quarantine clean. > > Ed, might it be as simple as you looking in the wrong place for the > quarantined message? Or were they ... "munged up" in some unfortunate > way? > What happened is I had reject emails with encrypted zip files. Except to certain combinations of sender and receiver. Well somebody sent an email to the boss at a little used email address. This email was marked as dangerous. When I went to use the release from quarantine I didn't have that option. I was able to go to the quarantine and manually find the email and get the zip file, so I was just being lazy and not keeping quarantine clean, I will be setting this back and do the manually release steps. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Wed Nov 2 14:28:21 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:31:04 2006 Subject: Reporting Spam by E-mail. Message-ID: Anyone setup an e-mail address for bouncing spam to be processed by spamassassin? I'd like to set up addresses for reporting spam and ham. I've found a few old links on setting it up with SpamAssassin, but nothing with MailScanner. I'd check the wiki, but it's not back up yet. Thanks. Aaron -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From marcin.rozek at IOS.EDU.PL Wed Nov 2 14:48:59 2005 From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: [ The following text is in the "ISO-8859-2" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders wrote: > + umask 022 > + cd /usr/src/redhat/BUILD > + cd ExtUtils-MakeMaker-6.30 > + CFLAGS=-O2 -m486 -fno-strength-reduce > + perl Makefile.PL PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr > You have File::Spec version 0.6 > ExtUtils::MakeMaker requires File::Spec >= 0.8 to build at all. > BEGIN failed--compilation aborted at Makefile.PL line 20. > Bad exit status from /var/tmp/rpm-tmp.55082 (%build) Do as it says - install File::Spec version >= 0.8 http://search.cpan.org/CPAN/authors/id/K/KW/KWILLIAMS/File-Spec-0.90.tar.gz -- Marcin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Wed Nov 2 14:24:01 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 02/11/05, Denis Beauchemin wrote: > Ugo Bellavance wrote: > > > Hi, > > > > Anyone had to update Bitdefender manually recently? I've seen > > servers that weren't at the latest defs, but nothing weird in the log. > > > > Regards, > > Ugo, everything is fine here: > bdc --info > BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) > Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. > > Engine signatures: 232371 > Scan engines: 13 > Archive engines: 39 > Unpack engines: 3 > Mail engines: 6 > System engines: 0 > > Denis > > -- > _ > °v° Denis Beauchemin, analyste > /(_)\ Université de Sherbrooke, S.T.I. > ^ ^ T: 819.821.8000x2252 F: 819.821.8045 > Same here (although I'm already +1 to Denis' total:-). Seems to be a pox of bagle variants "going on" right now, so you might just be seeing the ... speed/frequency of updates put out by BD. I've been very glad to have BD this night, sole one picking up some of them... And that with heuristics. So much for it being ... "quiet on the viral front", as discussed earlier:) -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 14:33:51 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hello all/Steve! > smf@F2S.COM 02/11/05 13:21:35 >>> >Curious - next best thing is going to be to pick a quiet time and run a >batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin = >yes' and see if anything shows up there. Well, I've done that, and I have a few odd results, which probably explain why bits aren't working... Right at the top we have: [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules pre files [16029] dbg: config: using "/usr/share/spamassassin" for sys rules pre files [16029] dbg: config: using "/usr/share/spamassassin" for default rules dir ... the second two are OK, but the first is an empty directory (init.pre is in /etc/mail/spamassassin) [16029] dbg: config: using "/usr/etc/mail/spamassassin" for site rules dir [16029] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf" for user prefs file Same problem here... it has found the .conf file, but site rules is set to an empty dir. [16029] info: config: failed to parse line, skipping: auto_whitelist_path /var/spool/MailScanner/spamassassin/auto-whitelist [16029] info: config: failed to parse line, skipping: auto_whitelist_file_mode 0600 [16029] info: config: failed to parse line, skipping: pyzor_path /usr/bin/pyzor [16029] info: config: failed to parse line, skipping: dcc_path /usr/local/bin/dc cproc [16029] info: config: failed to parse line, skipping: razor_timeout 10 [16029] info: config: failed to parse line, skipping: pyzor_timeout 10 Whoops... I think that begins to explain my problem. I can also see: [16029] info: config: failed to parse line, skipping: urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 [16029] dbg: uri: running uri tests; score so far=0.96 [16029] dbg: rules: no method found for eval test check_uridnsbl rules: failed to run URIBL_JP_SURBL test, skipping: (Can't locate object method "check_uridnsbl" via package "Mail::SpamAssa ssin::PerMsgStatus" at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgSt atus.pm line 2581. ) ... which also explain why I seem to be seeing no hits on URIs since upgrading. Any thoughts? There's clearly something that was okay in my MailScanner.conf (or spam.assassin.prefs.conf) for 3.0.4 but is now very *unhappy*. In MailScanner.conf: SpamAssassin Install Prefix = SpamAssassin Site Rules Dir = /etc/mail/spamassassin SpamAssassin Local Rules Dir = SpamAssassin Default Rules Dir = Oh, just as it seemed an obvious thing to do, I symlinked /usr/etc/mail/spamassassin to /etc/mail/spamassassin, and guess what? It now works... Is there some default setting here I'm missing in what is a fairly 'out of the box' install? ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pmb1 at YORK.AC.UK Wed Nov 2 18:09:47 2005 From: pmb1 at YORK.AC.UK (Mike Brudenell) Date: Thu Jan 12 21:31:04 2006 Subject: A well-hung MailScanner :-( Message-ID: Greetings - --On 2 November 2005 17:39:37 +0000 Martin Hepworth wrote: > Hmm by default MS will install/update the Sophos stuff to > /usr/local/Sophos ...... are you sure that's local (I mean not on the > filer). MS tends to get upset if it's not in that location. I think you're thinking of using the install.sh script or a package: I use neither but instead prefer to unpack and un-tar the tar archive. There is *no* part of the MailScanner distribution on /usr/local (which in non-local, being NFS-mounted); it really is all unpacked onto /opt/york (which _is_ on local disk). --On 2 November 2005 17:41:32 +0000 Steve Freegard wrote: > Have you got the 'lsof' (list open files) and 'lslk' (list locks) > installed (I don't know anything about Solaris) - as these usually help > me out in cases like this. We have lsof (not sure about lslk). The trouble is that MailScanner doesn't seem to have anything outstanding as far as I can see ... it worked just fine when the filer was down apart from when the hourly Sophos update triggered. There seems to be 'something' related directly to this event that's the problem. Unfortunately at the time I didn't realise it had hung, do didn't login to try and work out what was wrong. I've only discovered the hang after the filer was restored to service, by which time whatever was hanging now isn't and nothing else MailScanner-related seems to be trying to gets its sticky fingers on /usr/local. I guess what I really need is for our filer to die again. (I hope my colleague who was fighting it all morning doesn't read that! ;-) Mike B-) -- The Computing Service, University of York, Heslington, York Yo10 5DD, UK Tel:+44-1904-433811 FAX:+44-1904-433740 * Unsolicited commercial e-mail is NOT welcome at this e-mail address. * ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Nov 3 09:50:15 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: On Thu, 2005-11-03 at 10:30 +0100, Glenn Steen wrote: > On 03/11/05, Steve Freegard wrote: > (snip) > > I was under the impression that unlike the hack, which will leave the > message in both the spam and the virus quarantine, the "Keep Clean" > thing will actually remove the virus infected message from the spam > quarantine. > Am I wrong in thinking this? Not really sure on this - it could have been a side-effect of the hack, but it shouldn't make a difference as the message would be still be in the main quarantine. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Thu Nov 3 17:16:25 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:04 2006 Subject: How to determine proper whitelist value Message-ID: Hello, One of my users is confused about why negative scoring emails still gets marked as spam. The answer I gave him was that it has to do with it being on 2 or more BLs. This is correct isn't? When whitelisting something should I whitelist whatever is found in the X--MailScanner-From: header? He forwarded some to me and Outlook says the From is abc@yahoo.com but the X--MailScanner-From: header says it is from sentto-2142155-6148-1142153036-=swatgear.com@returns.groups.ya hoo.com. This is from a mailing list and more than one person on the list gets a negative spam score... so I'm thinking I should whitelist *@returns.groups.yahoo.com as opposed to something horrid like *@yahoo.com. How do I properly handle this situation? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Thu Nov 3 15:56:44 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:04 2006 Subject: update_phishing_sites script Message-ID: Julian, After upgrading to 4.47.2, I surmised that I needed a daily cronjob to run update_phishing_sites, to get the latest info from you. So I added one. It failed, since root does not have /usr/local/bin in its path on my box. I suggest the following addition to update_phishing_sites: *** update_phishing_sites.orig Thu Nov 3 08:33:10 2005 --- update_phishing_sites Thu Nov 3 08:36:12 2005 *************** *** 31,36 **** --- 31,38 ---- # United Kingdom # + PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin + if [ -d /opt/MailScanner/etc ]; then cd /opt/MailScanner/etc else Jeff Earickson Colby College PS. Sorry to hear about your fire. When are you going to start writing "FireScanner"? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 3 09:16:16 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 02/11/05, Scott Silva wrote: > Ed Bruce spake the following on 11/2/2005 10:37 AM: (snip) > > > > But if I do that then I can't use MailWatch to release messages form > > quarantine. It appears that the clean up is storing emails in a format > > that can't be released from Quarantine. I'm still not sure what to do or > > what I did that may have caused this. I'm still looking at the options. > > We've had a few important emails that were misidentified and I was able > > to just release them from quarantine. But only because I had removed the > > keep quarantine clean option. > > > Would adding an option to the spam actions ( and high scoring spam > options) to forward to an alias pointed to the bitbucket cause a virus > scan of an infected spam message "before" it is stored? > Worth a try for a day or so. That ol' thing still works like a charm, yes. Used it for ages. Downside is that it doesn't really keep the spam quarantine clean, it just make sure that that message is detected as a virus carrier (scan is "forced" since it is delivered). In a MailWatch environment, where you never (or seldom:) release messages from commandline, this is not a problem. But the Keep Clean thing should work too, and this time really keep the spam quarantine clean. Ed, might it be as simple as you looking in the wrong place for the quarantined message? Or were they ... "munged up" in some unfortunate way? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 21:32:59 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Matt, Thanks for the detailed setup I will read through this with interest. i just need to twork out software raid now Lance Matt Kettler wrote: >Lance Haig wrote: > >>Hi, >> >>I have tried now for two days to get my SATA raid card to work with my >>new server but I have decided that it is to much effort to find drivers >>for it. >> >>I now have 2 80 gig SATA drives for my new MS server and was wondering >>wat you guys would suggest as the ideal way to partition my system >> >>I normaly create a 500MB boot with EXT2 and then the rest is set to / >> >>I am open to suggestions. >> > >I'd suggest having a separate /var partition. This way if /var/spool/* or >/var/log/* fills up, you are not completely out of disk on all parts of the >filesystem. Conversely, if a large download to your home dir takes up a lot of >disk space, your mail queues can keep running without a hitch. > >I usually make separate /boot, /var, /home, /usr and /tmp partitions, in >addition to /. This might be more than you'd want for your needs, but a >separate /var and /tmp can both be useful. > >If your box is devoted to mailscanner you might even consider making a separate >/var/spool too. > >Here's my current layup on a mailscanner/dns box. It's not optimal, but it works: > >Filesystem 1K-blocks Used Available Use% Mounted on >/dev/sda6 7060276 892608 5809020 14% / >/dev/sda1 101089 13293 82577 14% /boot >/dev/sda5 5036284 41340 4739112 1% /chroot >/dev/sda7 4538124 501900 3805696 12% /home >/dev/sda8 1510032 32980 1400344 3% /tmp >/dev/sda2 10080520 1375392 8193060 15% /usr >/dev/sda3 9068648 525800 8082188 7% /var > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Wed Nov 2 13:21:35 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi Peter, On Wed, 2005-11-02 at 12:55 +0000, Peter Bates wrote: > Hi all... > > > smf@F2S.COM 02/11/05 12:45:31 >>> > >Just a guess - but are you running MailScanner as a non-root user > e.g. > >running as postfix/exim?? > > Yes, indeed. I'm running Postfix, and MS is running as 'postfix'. > > >How about running 'su - postfix/exim' and the running 'spamassassin > >-p /etc/MailScanner/spam.assassin.prefs.con -D --lint 2>&1' and see > what > >clues you get from that? > > A wise plan that I hadn't thought of... unfortunately, no joy. > The lint runs, I see network traffic, I get: <> > ... the above is snipped a bit, but shows Razor, Pyzor and DCC being > run. Curious - next best thing is going to be to pick a quiet time and run a batch through MailScanner with 'Debug = yes' and 'Debug SpamAssassin = yes' and see if anything shows up there. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 2 13:41:26 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:04 2006 Subject: Disabling Bad Filename / Virus Notifications Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon:: Blacknight.ie wrote: > >The plural of virus is viruses. > > > It's not viri (which is plural for man) or virii, *that* we can agree with. Virus is a mass noun, like "vulgus" (the crowd), which doesn't appear to have a proper plural. In English it's customary to use "viruses", but only out of convention. I usually avoid the discussion by avoiding the use of the plural using grammatical sleight-of-hand, replacing phrases such as "messages with viruses" with "virus-infected messages" and so on. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Wed Nov 2 13:47:47 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:04 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Hi, > > Anyone had to update Bitdefender manually recently? I've seen > servers that weren't at the latest defs, but nothing weird in the log. > > Regards, Ugo, everything is fine here: bdc --info BDC/Linux-Console v7.0 (build 2490) (i386) (Dec 10 2003 16:11:35) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. Engine signatures: 232371 Scan engines: 13 Archive engines: 39 Unpack engines: 3 Mail engines: 6 System engines: 0 Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at GMAIL.COM Wed Nov 2 12:32:31 2005 From: devonharding at GMAIL.COM (Devon Harding) Date: Thu Jan 12 21:31:04 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] What about IPBlock? Will this work for me? Where can I find more info on this? On 11/1/05, Raylund Lai < raylund.lai@kankanwoo.com> wrote: A useful article http://www.technoids.org/dossed.html Cheers Raylund Devon Harding wrote: > How can I protect my MailScanner/sendmail server against DoS attacks? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ( http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html ). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at f2s.com Wed Nov 2 12:45:31 2005 From: smf at f2s.com (Steve Freegard) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi Peter, On Wed, 2005-11-02 at 12:37 +0000, Peter Bates wrote: > Hello all... > > MailScanner 4.4.7 on RHEL4... up and till earlier today, SA 3.0.4 > > Today I upgraded to 3.1, using the handy 'Install-Clam-SA' package, > all went well. > > However, I'm beginning to see a problem with the 'hash-based network > tests' > sort of features ... I'd seen this on another box running just > spamc/spamd > and didn't really think it would affect my MS production service, but I > seem > to have run into the same bug. > > Basically... a lint is fine. > (I run: > spamassassin -D --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf > --lint ) > ... you can see the network traffic that is connected to > DCC/Pyzor/Razor, and there is mention of them in the lint output. Just a guess - but are you running MailScanner as a non-root user e.g. running as postfix/exim?? How about running 'su - postfix/exim' and the running 'spamassassin -p /etc/MailScanner/spam.assassin.prefs.con -D --lint 2>&1' and see what clues you get from that? Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 12:37:21 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hello all... MailScanner 4.4.7 on RHEL4... up and till earlier today, SA 3.0.4 Today I upgraded to 3.1, using the handy 'Install-Clam-SA' package, all went well. However, I'm beginning to see a problem with the 'hash-based network tests' sort of features ... I'd seen this on another box running just spamc/spamd and didn't really think it would affect my MS production service, but I seem to have run into the same bug. Basically... a lint is fine. (I run: spamassassin -D --prefs-file=/etc/MailScanner/spam.assassin.prefs.conf --lint ) ... you can see the network traffic that is connected to DCC/Pyzor/Razor, and there is mention of them in the lint output. However... running up SA from within MS, the first thing that becomes blindingly obvious is no more tcp/2703 (Razor), udp/24441 (Pyzor) or udp/6277 (DCC). Bayes and DNS are fine post the upgrade (plenty of BAYES_/DNS_FROM/RCVD_IN rules being hit). Anyone else running any of the above okay with 3.1? And yes, the 'install-Clam-SA' package enabled the DCC/Razor plugins in init.pre, as I say, the lint-test seems to be fine. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Peter.Bates at LSHTM.AC.UK Wed Nov 2 12:55:28 2005 From: Peter.Bates at LSHTM.AC.UK (Peter Bates) Date: Thu Jan 12 21:31:04 2006 Subject: SpamAssassin 3.1 & Pyzor/Razor/DCC Message-ID: Hi all... > smf@F2S.COM 02/11/05 12:45:31 >>> >Just a guess - but are you running MailScanner as a non-root user e.g. >running as postfix/exim?? Yes, indeed. I'm running Postfix, and MS is running as 'postfix'. >How about running 'su - postfix/exim' and the running 'spamassassin >-p /etc/MailScanner/spam.assassin.prefs.con -D --lint 2>&1' and see what >clues you get from that? A wise plan that I hadn't thought of... unfortunately, no joy. The lint runs, I see network traffic, I get: [31038] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [31038] dbg: razor2: results: spam? 0 [31038] dbg: razor2: results: engine 8, highest cf score: 0 [31038] dbg: razor2: results: engine 4, highest cf score: 0 [31038] dbg: pyzor: pyzor is available: /usr/bin/pyzor [31038] dbg: info: entering helper-app run mode [31038] dbg: pyzor: opening pipe: /usr/bin/pyzor --homedir /var/spool/MailScanne r/spamassassin/pyzor check < /tmp/.spamassassin31038R3RESftmp [31067] dbg: util: setuid: ruid=89 euid=89 [31038] dbg: pyzor: [31067] finished: exit=0x0100 [31038] dbg: pyzor: got response: 66.250.40.33:24441_(200, 'OK')_0_0 [31038] dbg: dcc: dccifd is available: /var/dcc/dccifd [31038] dbg: info: entering helper-app run mode [31038] dbg: dcc: dccifd got response: X-DCC-NIET-Metrics: x.lshtm.ac.uk 1 080; Body=52393 Fuz1=771494 Fuz2=771488 [31038] dbg: info: leaving helper-app run mode ... the above is snipped a bit, but shows Razor, Pyzor and DCC being run. Observing this behaviour at home (admittedly in a spamc/spamd setup) I'd had some thoughts that perhaps the timeouts weren't being defined properly so all 3 things were timing out before they'd even properly been started up... however I'm at a bit of a loss here. ---------------------------------------------------------------------------------------------------> Peter Bates, Systems Support Officer, IT Services. London School of Hygiene & Tropical Medicine. Telephone:0207-958 8353 / Fax: 0207- 636 9838 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at MCKERRS.NET Wed Nov 2 11:28:41 2005 From: mailscanner at MCKERRS.NET (Mailscanner) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi, > > I have tried now for two days to get my SATA raid card to work with my > new server but I have decided that it is to much effort to find > drivers for it. > > I now have 2 80 gig SATA drives for my new MS server and was wondering > wat you guys would suggest as the ideal way to partition my system > > I normaly create a 500MB boot with EXT2 and then the rest is set to / > > I am open to suggestions. > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Lance, Did you want to use the raid controllers raid ? Or were you planning on using software raid ? Most raid controllers are fake-raid anyways. Do a google search for 'linux fake raid' I use centos 4.2 and software raid with lvm etc. Works like a charm, you can even online resize etc. Its way more flexible than hardware raid, in particular because you can do things like, stripe a certain part of the disk and mirror another part. Also, the benefit of using software raid is that your data is not dependant on the raid controller being around, by that I mean, if your raid controller dies, you may well find yourself in the situation where you need to get *exactly* the same raid controller card, and possibly, the same firmware version, before you can get at your data. Not a nice situation. Give us some more details on what your trying to do and I'm sure there are plenty people who would be willing to help. Cheers, Brian. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Wed Nov 2 09:16:36 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:04 2006 Subject: Suggestions please Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have tried now for two days to get my SATA raid card to work with my new server but I have decided that it is to much effort to find drivers for it. I now have 2 80 gig SATA drives for my new MS server and was wondering wat you guys would suggest as the ideal way to partition my system I normaly create a 500MB boot with EXT2 and then the rest is set to / I am open to suggestions. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Wed Nov 2 09:23:00 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:04 2006 Subject: Mailscanner 4.46/4.47 on Raq4 Message-ID: Hi, trying to install Mailscanner on a well maintained Cobalt Raq4 (fully patched etc...) I am using the rpm.package and trying to follow instructions found at http://www.qitc.net/ support/mailscanner/ (linked from the Mailscanner installation guides page). I run into problem almost immediately, please see the following excerpt from my installation log: --------------------------------------------------------------- [root MailScanner-4.46.2-2]# ./install.sh Good. You have the patch command. Good, you have /usr/src/redhat in place. Good, unpackaged files will not break the build process. Good, you appear to only have 1 copy of Perl installed. I think you are running Perl 5.00503. Ensuring that you have all the header files that are needed to build HTML-Parser which is used by both MailScanner and SpamAssassin. This script will pause for a few seconds after each major step, so do not worry if it appears to stop for a while. If you want it to stop so you can scroll back through the output then press Ctrl-S to stop the output and Ctrl-Q to start it again. If this fails due to dependency checks, and you wish to ignore these problems, you can run ./install.sh nodeps Setting Perl5 search path I think your system will build architecture-dependent modules for i386 Rebuilding all the Perl RPMs for your version of Perl Attempting to build and install perl-ExtUtils-MakeMaker-6.30-1 Installing perl-ExtUtils-MakeMaker-6.30-1.src.rpm Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.55082 + umask 022 + cd /usr/src/redhat/BUILD + cd /usr/src/redhat/BUILD + rm -rf ExtUtils-MakeMaker-6.30 + /bin/gzip -dc /usr/src/redhat/SOURCES/ExtUtils-MakeMaker-6.30.tar.gz + tar -xf - + STATUS=0 + [ 0 -ne 0 ] + cd ExtUtils-MakeMaker-6.30 ++ /usr/bin/id -u + [ 0 = 0 ] + /bin/chown -Rhf root . ++ /usr/bin/id -u + [ 0 = 0 ] + /bin/chgrp -Rhf root . + /bin/chmod -Rf a+rX,g-w,o-w . + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.55082 + umask 022 + cd /usr/src/redhat/BUILD + cd ExtUtils-MakeMaker-6.30 + CFLAGS=-O2 -m486 -fno-strength-reduce + perl Makefile.PL PREFIX=/var/tmp/perl-ExtUtils-MakeMaker-6.30-1-root/usr You have File::Spec version 0.6 ExtUtils::MakeMaker requires File::Spec >= 0.8 to build at all. BEGIN failed--compilation aborted at Makefile.PL line 20. Bad exit status from /var/tmp/rpm-tmp.55082 (%build) Missing file /usr/src/redhat/RPMS/noarch/perl-ExtUtils-MakeMaker-6.30-1.noarch.rpm. Maybe it did not build correctly? --------------------------------------------------------------- Not a very good start to my installation..... I get other errors further along the installation as well. When extracted, I can see that there is a File::Spec package included. ??? So, anyone has any idea on how to proceed? Regards, Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From matt at dcdata.co.za Wed Nov 2 08:08:16 2005 From: matt at dcdata.co.za (matt) Date: Thu Jan 12 21:31:04 2006 Subject: Disabling Bad Filename / Virus Notifications Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi guys Loving mailscanner. It's so much more flexible than amavis-* Anyway, I was wondering if it was possible to disable to notifications sent to recipients regarding bad filenames and virii that have been blocked and have the postmaster be the only person being notified. Alot of our users are not too bright and they get scared and can't sleep for weeks when they get the warning messages. -- matt erasmus DCData -- This email and all contents are subject to the following disclaimer: http://www.dcdata.co.za/emaildisclaimer.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 2 08:34:16 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:04 2006 Subject: Disabling Bad Filename / Virus Notifications Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] matt wrote: > Hi guys > > Loving mailscanner. It's so much more flexible than amavis-* > > Anyway, I was wondering if it was possible to disable to notifications > sent to recipients regarding bad filenames and virii that have been > blocked and have the postmaster be the only person being notified. The plural of virus is viruses. > > Alot of our users are not too bright and they get scared and can't sleep > for weeks when they get the warning messages. > It is possible. Read MailScanner.conf and you will see how to disable it -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raylund.lai at KANKANWOO.COM Wed Nov 2 04:56:14 2005 From: raylund.lai at KANKANWOO.COM (Raylund Lai) Date: Thu Jan 12 21:31:04 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] A useful article http://www.technoids.org/dossed.html Cheers Raylund Devon Harding wrote: > How can I protect my MailScanner/sendmail server against DoS attacks? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 2 03:16:27 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:05 2006 Subject: Bitdefender update? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Anyone had to update Bitdefender manually recently? I've seen servers that weren't at the latest defs, but nothing weird in the log. Regards, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 18:23:59 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:05 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Young spake the following on 11/3/2005 8:09 AM: > > Help, > > I am running on CentOS release 4.0 (Final) with Perl version > 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has been > scoring lower than normal for the last couple of weeks. Most of the untagged > spam has been the geocities link spam and the emails that contain mostly > images. Almost all of the spam emails are scored with BAYES_00 -2.60. What > are some possible steps to change the bayes score without feeding it spam? > > Thank you, > > Joe Young > In your spam.assassin.prefs.conf file you can change the score to closer to zero, otherwise it will keep poisoning the bayes cache. You could try score BAYES_00 -1.00, or add some more rules to help bump the scores up. The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an excellent addition to an excellent product. There are also some rules floating around the list archives for the geocities url junk. Do the e-mails with mostly images score as such? You could bump the scores on those. It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. The scores on the latter are fairly low. Look at http://spamassassin.apache.org/tests_3_1_x.html for the default scores in 3.1.0 If you haven't moved up yet, you might just want to find some time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 2 02:57:51 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:05 2006 Subject: Perl modules for SA 3.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Found while testing SA: > > [19744] dbg: diag: module not installed: Archive::Tar ('require' failed) > [19744] dbg: diag: module not installed: IO::Zlib ('require' failed) > [19744] dbg: diag: module not installed: IP::Country::Fast ('require' > failed) > [19744] dbg: diag: module not installed: Net::Ident ('require' failed) > [19744] dbg: diag: module not installed: IO::Socket::INET6 ('require' > failed) > [19744] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) > > Should I install those modules? Read The Fine INSTALL file that comes with SA 3.1. Under the "Optional Modules" section it will describe what optional features of SpamAssassin make use of these modules. If you don't have the INSTALL file there's a web link to it at: http://svn.apache.org/repos/asf/spamassassin/branches/3.1/INSTALL In short, probably not. Most of those are for spamd features, or sa-update which isn't really on-line yet. The only one that affects MailScanner users at this time would be IP::Country::Fast, and that's for if you want to use the RelayCountry plugin (enhances bayes data with relay country tokens). ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From djlucas at ORCSD.ORG Tue Nov 1 21:00:48 2005 From: djlucas at ORCSD.ORG (David Lucas) Date: Thu Jan 12 21:31:05 2006 Subject: Installation of MailScanner Message-ID: How might I look to confirm this?? I've made sure that Notifications is turned off. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Drew Marshall Sent: Tuesday, November 01, 2005 3:48 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Installation of MailScanner On 1 Nov 2005, at 20:28, David Lucas wrote: > Hello, > > I have installed MailScanner 4.46.2 on a Fedora Core 4 box. I'm > constantly > getting Mail Delivery Errors from mail servers on the web. An > example would > be: > > The following recipient(s) could not be reached: > > qodiishla@yahoo.com on 11/1/2005 2:58 PM > The format of the e-mail address is incorrect. Check the > address, look up the recipient in the Address Book, or contact the > recipient > directly to find out the correct address. > < durham.orcsd.org #5.1.3 SMTP; 553 VS10-RT Possible > forgery or > deactivated due to abuse (#5.1.1) 132.177.176.33> > > Or: > > The following recipient(s) could not be reached: > > wpascual@unfauxgettable.net on 11/1/2005 2:56 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the > address and > try again, or contact your system administrator to verify > connectivity to the > email system of the recipient. > < durham.orcsd.org #5.1.2> > > If I stop MailScanner I don't get these errors. But once I start > it I'm > getting about 6 an hour. Does anyone have an idea why?? You are not bouncing spam (or indeed virus warning notifications) by chance are you? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 1 21:59:00 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:05 2006 Subject: question about clamav-wrapper path Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] JD Doelitzsch spake the following on 11/1/2005 12:24 PM: > Hmmmmmm? > Ok, clamav-wrapper is in /usr/lib/MailScanner. It only works when I type in > the whole path. Im wondering if the path needs to be added to the > environment in order for MailScanner to work correctly and if so, how do I > add it to the environment? Im running fedora core 4 > > -JD > I wouldn't think you need to, as many people have been sucessfully running MailScanner and ClamAV together without altering the environment. But you do need to check that the virus.scanners.conf entry for clam points to the proper directory for your clam binaries. On my system clam is set to; clamav /usr/lib/MailScanner/clamav-wrapper /usr/local and which clamscan gives; /usr/local/bin/clamscan -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 2 03:17:39 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:05 2006 Subject: Perl modules for SA 3.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Ugo Bellavance wrote: >> Found while testing SA: >> >> [19744] dbg: diag: module not installed: Archive::Tar ('require' failed) >> [19744] dbg: diag: module not installed: IO::Zlib ('require' failed) >> [19744] dbg: diag: module not installed: IP::Country::Fast ('require' >> failed) >> [19744] dbg: diag: module not installed: Net::Ident ('require' failed) >> [19744] dbg: diag: module not installed: IO::Socket::INET6 ('require' >> failed) >> [19744] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) >> >> Should I install those modules? > > Read The Fine INSTALL file that comes with SA 3.1. Done, I also read the UPGRADE file. Turned out I should have read that a long ago :(. > > Under the "Optional Modules" section it will describe what optional features of > SpamAssassin make use of these modules. > > If you don't have the INSTALL file there's a web link to it at: > http://svn.apache.org/repos/asf/spamassassin/branches/3.1/INSTALL > > In short, probably not. Most of those are for spamd features, or sa-update which > isn't really on-line yet. > I see. > The only one that affects MailScanner users at this time would be > IP::Country::Fast, and that's for if you want to use the RelayCountry plugin > (enhances bayes data with relay country tokens). > That was the one that interested me most. Thanks a lot, -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 14:52:16 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:05 2006 Subject: Quarantine Not Working? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 14:29, Johnny Stork wrote: > It appears that my quarantine is no longer working after upgrading to 4.47? This may have started earlier but I had not tested or seen virus attachements for some time so I am not sure. Although my quarantine directory (/var/spool/MailScanner/quarantine), has a few folders from previous bad attachements, a recent test with an attached eicar.zip was caught by clamav/mailscanner, an email went out that it was cleaned and quarantined, but nothing new showed up in the quarantine directory? Which MTA are you using? Do you have the permissions set correctly in the quarantine directory? Drew PS Please don't set your return address to only you. If you ask the list, the list might want to know the answer ;-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jeff at DYNAMICTELECARD.COM Tue Nov 1 21:11:13 2005 From: jeff at DYNAMICTELECARD.COM (Jeff Davis) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner book reviews? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Has anyone on the list purchased the latest edition of the Mailscanner book? I'm curious about what you think of it. (If not the updated August 2005 version, a previous version is okay.) Do you think the book is worth the cost? Perhaps you don't think it's worth it but want to support the project. I can't find a list of what is covered in the book so I'm left with a public plea for information. Feel free to email me offlist if you prefer not to make a public statement. Thanks, -Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at yahoo.com Tue Nov 1 18:17:25 2005 From: hermit921 at yahoo.com (hermit921) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: A risk assessment would be a nice idea. Totally useless, though, and I am not supposed to spend time on such things: "The decision has been made". A business needs assessment would be a good idea, too. This is my first experience in how companies choose to use Exchange. Hopefully my last. hermit921 At 09:17 AM 11/1/2005, Martin Hepworth wrote: >Risk.... > >Do a risk assessment of putting the MS-Exch system 'in the internet'. Look >at the threats and LIKELIHOOD of the threat which will give you the business >risk associated with doing this. > >That way you can make an informed choice, rather than get into a my dad is >bigger that yours type argument. > >If you care to publish this after on the wiki (when it's back) that would be >nice too. > >-- >Martin Hepworth >Snr Systems Administrator >Solid State Logic >Tel: +44 (0)1865 842300 > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of hermit921 > > Sent: 01 November 2005 17:08 > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: [MAILSCANNER] MailScanner on Exchange > > > > The idea is to get rid of the MailScanner systems as being a waste of > > time, > > money, hardware, etc. There will be a cluster of Exchange servers facing > > the internet that do something, and then pass email to the back end where > > users will interact. > > > > "All the functionality of MailScanner" will be replicated on either the > > front end or back end - that isn't clear. Of course we will have to go > > from free products to much more expensive commercial products, but that > > doesn't seem to be relevant. > > > > My question is very specific. Do people have a comparison chart, or even > > product list, of applications that run on an Exchange server to duplicate > > MailScanner functionality? > > > > hermit921 > > > > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > > > -----Original Message----- > > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > > Behalf Of hermit921 > > > > Sent: Tuesday, November 01, 2005 11:20 AM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: MailScanner on Exchange > > > > > > > > My company decided to move to Exchange for its main mail server "It's a > > > > Management decision". The two people hired to manage Exchange > claim there > > > > are products that run on the Exchange server that do everything > MailScanner > > > > (and associated programs) can do. I don't believe it. Could I be > wrong, > > > > or even mostly wrong, about this? > > > > > > > > hermit921 > > > > > >This question should set off a flurry of responses :) An Exchange > server can > > >work quite well if you have many $$$, plenty of good technical support and > > >lots of computer resources but they should always be protected from the > > >Internet. I come from a paranoid investment banking environment and there > > >they always protect the Exchange servers behind gateways! > > > > > >A few of my comments: > > > > > >1. Exchange servers tend to be relatively BUSY. Having a MailScanner > gateway > > >in front of the Exchange server will GREATLY reduce the load on the > Exchange > > >server because it will stop most of the Junk at the gateway. We have > > >installed MailScanner gateways on sites that thought they needed an > > >expensive Exchange hardware upgrade. The load was so greatly reduced; the > > >old hardware is still running quietly with no strain. > > > > > >2. You can run multiple free (or lower cost) Virus scanners on the > > >MailScanner gateway. You'll still want a virus scanner on the Exchange > > >server to internal mail for viruses but if you have an enterprise license > > >for a virus scanner, you can probably also use that scanner on the gateway > > >at no additional cost. > > > > > >3. I like to keep Microsoft servers as far away from the Internet as > > >possible. Having a gateway and configuring your Exchange server correctly > > >will keep it a lot safer, more reliable and quieter. > > > > > >4. Read Microsoft's white paper on how to stop spam :) The list is > down so I > > >can't find the link but it's quite amusing and quit sophomoric. Possibly > > >some packrat can send you the link. > > > > > >Stephen Swaney > > >Fort Systems Ltd. > > >stephen.swaney@fsl.com > > >www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From chris at TAC.ESI.NET Tue Nov 1 23:04:25 2005 From: chris at TAC.ESI.NET (chris hammond) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner book reviews? Message-ID: I have but it is still on it's way from CA. Let you know when I get it. Chris >>>jeff@DYNAMICTELECARD.COM 11/01/05 4:11 pm >>> Has anyone on the list purchased the latest edition of the Mailscanner book? I'm curious about what you think of it. (If not the updated August 2005 version, a previous version is okay.) Do you think the book is worth the cost? Perhaps you don't think it's worth it but want to support the project. I can't find a list of what is covered in the book so I'm left with a public plea for information. Feel free to email me offlist if you prefer not to make a public statement. Thanks, -Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mark at PRESLING.COM Tue Nov 1 02:08:41 2005 From: mark at PRESLING.COM (Mark Presling) Date: Thu Jan 12 21:31:05 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: >Do it on a domain level, we do this all the time and it works very well, you'll have to set up a relay_domains for the mail for the client. >The way we've set it up is to accept on postfix -> mailscanner (spam and virus with Sophos) -> postfix -> domains. > > Doesn't Postfix just lookup the MX entries for the domain in relay_domains and send it on to the higher priority MX than itself? Do you have to run your own internal DNS that flips the MX entries? What I mean is, if you have your server set up as the MX on the Internet DNS servers for somedomain.com (and not their own server), how do you use relay_domains feature of Postfix to forward it on to their server without DNS changes? I have had a MS box in front of an Exchange server inside a LAN by using internal DNS, but haven't tried setting it up outside of the internal network. I'm sorry this is getting away from the original question relating to Exim, but it is a similar problem and I am going to need to do exactly this in the coming weeks for a client. Cheers, Mark >Jon > >Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA >Director/Sr Systems Consultant >MMT Networks Pty Ltd >http://www.mmtnetworks.com.au >Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl > >"I don't know the key to success, but the key to failure > is trying to please everybody." -Bill Cosby > > > > > >>>>chardlist@CHARD.NET 3:44:23 am 1/11/2005 >>> >>>> >>>> >I have a Redhat Linux server running MS for a bunch of virtual domains. >Ultimately all mail is delivered to the appropriate POP account on the same >server. I have a client that would like to still utilize my MS services for >spam and virus protection but instead of having POP accounts would now like >all mail for their domain forwarded to their exchange server after MS has >finished scanning it. Basically a scan and forward service. > >What is the best way to accomplish this? > >I'm running > >Redhat 9 >MS 4.45.4 >Exim 4.52 > > >Thank you, >-Brendan > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ] [ (Name: "mark.vcf") 9 lines. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Tue Nov 1 10:13:53 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:05 2006 Subject: Congratulations Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 09:39, Michele Neylon :: Blacknight Solutions wrote: > Congratulations to Julian for managing to get a stable release out under > the > current conditions. Hear, hear! May I also add my congratulations to yourselves (and the rest of the community who offered assistance) in managing to stand mailscanner.info back up. Sometimes it's the small glimmers of perceived 'normality' that make these things seem just a little less unpleasant. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Tue Nov 1 00:31:12 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:05 2006 Subject: Working with Exchange Message-ID: Do it on a domain level, we do this all the time and it works very well, you'll have to set up a relay_domains for the mail for the client. The way we've set it up is to accept on postfix -> mailscanner (spam and virus with Sophos) -> postfix -> domains. Jon Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby >>> chardlist@CHARD.NET 3:44:23 am 1/11/2005 >>> I have a Redhat Linux server running MS for a bunch of virtual domains. Ultimately all mail is delivered to the appropriate POP account on the same server. I have a client that would like to still utilize my MS services for spam and virus protection but instead of having POP accounts would now like all mail for their domain forwarded to their exchange server after MS has finished scanning it. Basically a scan and forward service. What is the best way to accomplish this? I'm running Redhat 9 MS 4.45.4 Exim 4.52 Thank you, -Brendan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Nov 1 16:46:41 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of hermit921 > Sent: Tuesday, November 01, 2005 11:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner on Exchange > > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange claim there > are products that run on the Exchange server that do everything > MailScanner > (and associated programs) can do. I don't believe it. Could I be wrong, > or even mostly wrong, about this? > > hermit921 This question should set off a flurry of responses :) An Exchange server can work quite well if you have many $$$, plenty of good technical support and lots of computer resources but they should always be protected from the Internet. I come from a paranoid investment banking environment and there they always protect the Exchange servers behind gateways! A few of my comments: 1. Exchange servers tend to be relatively BUSY. Having a MailScanner gateway in front of the Exchange server will GREATLY reduce the load on the Exchange server because it will stop most of the Junk at the gateway. We have installed MailScanner gateways on sites that thought they needed an expensive Exchange hardware upgrade. The load was so greatly reduced; the old hardware is still running quietly with no strain. 2. You can run multiple free (or lower cost) Virus scanners on the MailScanner gateway. You'll still want a virus scanner on the Exchange server to internal mail for viruses but if you have an enterprise license for a virus scanner, you can probably also use that scanner on the gateway at no additional cost. 3. I like to keep Microsoft servers as far away from the Internet as possible. Having a gateway and configuring your Exchange server correctly will keep it a lot safer, more reliable and quieter. 4. Read Microsoft's white paper on how to stop spam :) The list is down so I can't find the link but it's quite amusing and quit sophomoric. Possibly some packrat can send you the link. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at pbco.ca Tue Nov 1 14:29:47 2005 From: jstork at pbco.ca (Johnny Stork) Date: Thu Jan 12 21:31:05 2006 Subject: Quarantine Not Working? Message-ID: It appears that my quarantine is no longer working after upgrading to 4.47? This may have started earlier but I had not tested or seen virus attachements for some time so I am not sure. Although my quarantine directory (/var/spool/MailScanner/quarantine), has a few folders from previous bad attachements, a recent test with an attached eicar.zip was caught by clamav/mailscanner, an email went out that it was cleaned and quarantined, but nothing new showed up in the quarantine directory? RHES 4 Mailscanner 4.47 Clamav 0.87 Spamassassin 3.01 _______________________________ Johnny Stork Information & Technology Manager Provincial Blood Coordinating Office 604-806-8840 he website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 1 17:17:08 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: Risk.... Do a risk assessment of putting the MS-Exch system 'in the internet'. Look at the threats and LIKELIHOOD of the threat which will give you the business risk associated with doing this. That way you can make an informed choice, rather than get into a my dad is bigger that yours type argument. If you care to publish this after on the wiki (when it's back) that would be nice too. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of hermit921 > Sent: 01 November 2005 17:08 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] MailScanner on Exchange > > The idea is to get rid of the MailScanner systems as being a waste of > time, > money, hardware, etc. There will be a cluster of Exchange servers facing > the internet that do something, and then pass email to the back end where > users will interact. > > "All the functionality of MailScanner" will be replicated on either the > front end or back end - that isn't clear. Of course we will have to go > from free products to much more expensive commercial products, but that > doesn't seem to be relevant. > > My question is very specific. Do people have a comparison chart, or even > product list, of applications that run on an Exchange server to duplicate > MailScanner functionality? > > hermit921 > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > > -----Original Message----- > > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of hermit921 > > > Sent: Tuesday, November 01, 2005 11:20 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: MailScanner on Exchange > > > > > > My company decided to move to Exchange for its main mail server "It's > a > > > Management decision". The two people hired to manage Exchange claim > there > > > are products that run on the Exchange server that do everything > > > MailScanner > > > (and associated programs) can do. I don't believe it. Could I be > wrong, > > > or even mostly wrong, about this? > > > > > > hermit921 > > > >This question should set off a flurry of responses :) An Exchange server > can > >work quite well if you have many $$$, plenty of good technical support > and > >lots of computer resources but they should always be protected from the > >Internet. I come from a paranoid investment banking environment and there > >they always protect the Exchange servers behind gateways! > > > >A few of my comments: > > > >1. Exchange servers tend to be relatively BUSY. Having a MailScanner > gateway > >in front of the Exchange server will GREATLY reduce the load on the > Exchange > >server because it will stop most of the Junk at the gateway. We have > >installed MailScanner gateways on sites that thought they needed an > >expensive Exchange hardware upgrade. The load was so greatly reduced; the > >old hardware is still running quietly with no strain. > > > >2. You can run multiple free (or lower cost) Virus scanners on the > >MailScanner gateway. You'll still want a virus scanner on the Exchange > >server to internal mail for viruses but if you have an enterprise license > >for a virus scanner, you can probably also use that scanner on the > gateway > >at no additional cost. > > > >3. I like to keep Microsoft servers as far away from the Internet as > >possible. Having a gateway and configuring your Exchange server correctly > >will keep it a lot safer, more reliable and quieter. > > > >4. Read Microsoft's white paper on how to stop spam :) The list is down > so I > >can't find the link but it's quite amusing and quit sophomoric. Possibly > >some packrat can send you the link. > > > >Stephen Swaney > >Fort Systems Ltd. > >stephen.swaney@fsl.com > >www.fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 1 09:01:11 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:05 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Postfix, just use the Transport map. As simple as creating the transport map with an entry like mydomain.com smtp:[exchangeip] Use [] to prevent it looked up in for every connection Mark Presling wrote: > > Jon Miller wrote: > >> Do it on a domain level, we do this all the time and it works very >> well, you'll have to set up a relay_domains for the mail for the >> client. >> The way we've set it up is to accept on postfix -> mailscanner (spam >> and virus with Sophos) -> postfix -> domains. >> >> > Doesn't Postfix just lookup the MX entries for the domain in > relay_domains and send it on to the higher priority MX than itself? Do > you have to run your own internal DNS that flips the MX entries? > > What I mean is, if you have your server set up as the MX on the Internet > DNS servers for somedomain.com (and not their own server), how do you > use relay_domains feature of Postfix to forward it on to their server > without DNS changes? > > I have had a MS box in front of an Exchange server inside a LAN by using > internal DNS, but haven't tried setting it up outside of the internal > network. > > I'm sorry this is getting away from the original question relating to > Exim, but it is a similar problem and I am going to need to do exactly > this in the coming weeks for a client. > > Cheers, > Mark > > >> Jon >> >> Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA >> Director/Sr Systems Consultant >> MMT Networks Pty Ltd >> http://www.mmtnetworks.com.au >> Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl >> >> "I don't know the key to success, but the key to failure >> is trying to please everybody." -Bill Cosby >> >> >> >> >> >>>>> chardlist@CHARD.NET 3:44:23 am 1/11/2005 >>> >>>>> >> >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on the >> same >> server. I have a client that would like to still utilize my MS >> services for >> spam and virus protection but instead of having POP accounts would now >> like >> all mail for their domain forwarded to their exchange server after MS has >> finished scanning it. Basically a scan and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Wed Nov 2 02:27:41 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:05 2006 Subject: Perl modules for SA 3.1 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Found while testing SA: [19744] dbg: diag: module not installed: Archive::Tar ('require' failed) [19744] dbg: diag: module not installed: IO::Zlib ('require' failed) [19744] dbg: diag: module not installed: IP::Country::Fast ('require' failed) [19744] dbg: diag: module not installed: Net::Ident ('require' failed) [19744] dbg: diag: module not installed: IO::Socket::INET6 ('require' failed) [19744] dbg: diag: module not installed: IO::Socket::SSL ('require' failed) Should I install those modules? -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jstork at pbco.ca Tue Nov 1 15:10:49 2005 From: jstork at pbco.ca (Johnny Stork) Date: Thu Jan 12 21:31:05 2006 Subject: Quarantine Not Working? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] MTA is sendmail 8.13.1. I dont recall what those permission "should" be...I never changed anything after the upgrade though? Below is the current perms drwx------   7 root apache 4096 Sep 19 11:37 quarantine ----- Original Message ----- From: Drew Marshall Sent: Tue Nov 01 2005 06:55:10 GMT-0800 (Pacific Standard Time) To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Quarantine Not Working? On Tue, November 1, 2005 14:29, Johnny Stork wrote: > It appears that my quarantine is no longer working after upgrading to 4.47? This may have started earlier but I had not tested or seen virus attachements for some time so I am not sure. Although my quarantine directory (/var/spool/MailScanner/quarantine), has a few folders from previous bad attachements, a recent test with an attached eicar.zip was caught by clamav/mailscanner, an email went out that it was cleaned and quarantined, but nothing new showed up in the quarantine directory? Which MTA are you using? Do you have the permissions set correctly in the quarantine directory? Drew PS Please don't set your return address to only you. If you ask the list, the list might want to know the answer ;-) -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jules at ecs.soton.ac.uk Tue Nov 1 09:08:53 2005 From: jules at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner ANNOUNCE: Stable 4.47 released Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I have just released the latest stable edition of MailScanner, 4.47. The main changes this month are: * Automatic updating of phishing safe sites list. All changes you make to this file will be kept in the updates, which will happen nightly on Linux systems. Solaris and other admins will need to add a cron job for this * Improvements to various installation and init.d scripts to save you work and make the initial installation easier. * Fixed a few bugs including the "Highlight Phishing Fraud" problem and the "Max Attachments" problem. Download as usual from www.mailscanner.info. Please note this is not currently a redirect to another website, but is all hosted under www.mailscanner.info itself. This is due to extensive fire damage. The full Change Log is this: * New Features and Improvements * - Automatically updates your phishing.safe.sites.conf file with new additions (and any subsequent deletions) from a master file I keep on www.mailscanner.info. All your local changes and additions will be kept of course, it will just add any new sites listed in my master list. If you want to *not* list a site which is in my master list, just put a "REMOVE site.com" line in your phishing.safe.sites.conf and that will make it ignore any listing for site.com that appears in my master list. Updates are done once per day. - Quietened ClamAV log output when it scans 0-length files. - Improved ClamAV+SA install.sh to add the 3 missing plugins to init.pre. - Improved init.d scripts for RedHat and SuSE so they setup the queue dir ownerships automatically and generally help new users get started without them having to follow all the instructions to the letter. - Added news about fire at ECS and moved all hosting out of Southampton. * Fixes * - Corrected rare problem where an empty X-MailScanner-SpamCheck header could appear in a non-spam email. - Problem with empty or null filename.rules.conf or filetype.rules.conf fixed. - Problem with Max Attachments setting not be honoured fixed. - Problem with "Highlight Phishing Fraud" being ignored fixed. -- Jules (currently @mailscanner.info or @jules.fm) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at HOME.CARLO65.DE Tue Nov 1 08:45:15 2005 From: mailscanner at HOME.CARLO65.DE (Roland Ehle) Date: Thu Jan 12 21:31:05 2006 Subject: change location from /var/tmp Message-ID: Hi John, Am Montag, den 31.10.2005, 21:01 +0000 schrieb John K: > I have a relatively smal /var filesystem that periodically fills up with > Mailscanner and clam-av temp files and directories. Where can I change the > location of the files created in here? I usually work with symbolic links. Create a directory in a partition with more space and link /var/tmp to that directory. Regards, Roland ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Tue Nov 1 18:12:17 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:05 2006 Subject: MailScanner on Exchange Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dennis Willson > Sent: Tuesday, November 01, 2005 12:13 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: MailScanner on Exchange > > Well, unfortunetly, my experience tells me it's over for you. How do you > defend a bad decision when Management is willing to ignore both cost and > security? I have worked a lot with exchange and found that it should > NEVER directly receive from the Internet (send either for that matter). > It's something the company will pay for, over and over and over again. > However it's doubtful if they will ever see (because they don't want to) > the real cost of that decision. > > Dennis > > hermit921 wrote: > > > The idea is to get rid of the MailScanner systems as being a waste of > > time, money, hardware, etc. There will be a cluster of Exchange > > servers facing the internet that do something, and then pass email to > > the back end where users will interact. > > > > "All the functionality of MailScanner" will be replicated on either > > the front end or back end - that isn't clear. Of course we will have > > to go from free products to much more expensive commercial products, > > but that doesn't seem to be relevant. > > > > My question is very specific. Do people have a comparison chart, or > > even product list, of applications that run on an Exchange server to > > duplicate MailScanner functionality? > > > > hermit921 > > > > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > > >> > -----Original Message----- > >> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> > Behalf Of hermit921 > >> > Sent: Tuesday, November 01, 2005 11:20 AM > >> > To: MAILSCANNER@JISCMAIL.AC.UK > >> > Subject: MailScanner on Exchange > >> > > >> > My company decided to move to Exchange for its main mail server > >> "It's a > >> > Management decision". The two people hired to manage Exchange > >> claim there > >> > are products that run on the Exchange server that do everything > >> > MailScanner > >> > (and associated programs) can do. I don't believe it. Could I be > >> wrong, > >> > or even mostly wrong, about this? > >> > > >> > hermit921 > >> > >> This question should set off a flurry of responses :) An Exchange > >> server can > >> work quite well if you have many $$$, plenty of good technical > >> support and > >> lots of computer resources but they should always be protected from the > >> Internet. I come from a paranoid investment banking environment and > >> there > >> they always protect the Exchange servers behind gateways! > >> > >> A few of my comments: > >> > >> 1. Exchange servers tend to be relatively BUSY. Having a MailScanner > >> gateway > >> in front of the Exchange server will GREATLY reduce the load on the > >> Exchange > >> server because it will stop most of the Junk at the gateway. We have > >> installed MailScanner gateways on sites that thought they needed an > >> expensive Exchange hardware upgrade. The load was so greatly reduced; > >> the > >> old hardware is still running quietly with no strain. > >> > >> 2. You can run multiple free (or lower cost) Virus scanners on the > >> MailScanner gateway. You'll still want a virus scanner on the Exchange > >> server to internal mail for viruses but if you have an enterprise > >> license > >> for a virus scanner, you can probably also use that scanner on the > >> gateway > >> at no additional cost. > >> > >> 3. I like to keep Microsoft servers as far away from the Internet as > >> possible. Having a gateway and configuring your Exchange server > >> correctly > >> will keep it a lot safer, more reliable and quieter. > >> > >> 4. Read Microsoft's white paper on how to stop spam :) The list is > >> down so I > >> can't find the link but it's quite amusing and quit sophomoric. > Possibly > >> some packrat can send you the link. > >> > >> Stephen Swaney > >> Fort Systems Ltd. > >> stephen.swaney@fsl.com > >> www.fsl.com > > I can tell you from personal experience that no New York Investment bank (think names like Goldman Sachs, USB, Morgan Stanley, Chase, etc.) would ever think of connecting an Exchange server directly to the Internet. Their security officers would not allow it. While most New York Investment banks use Exchange servers, I'm fairly certain that most, if not all, are protected by non- Microsoft gateways. Google for: Microsoft Exchange security vulnerabilities. I'd list the results but there are a few too many: Results 1 - 10 of about 2,030,000 for Microsoft Exchange security vulnerabilities. (0.29 seconds) So if: Your "consultant" knows more about security than the big Investment banks. Your "consultant" wants to spend many $$$ on adding third party software to the MS server to try and stop spam and viruses. Your "consultant" wants to impose unnecessary load on your new Exchange servers You want to throw away a perfectly good MailScanner gateway that can be easily modified to compliment and protect your new Exchange servers. You can easily add such new free anti-spam features such as grey-listing, greet_pause, connection_rate_throttle (and many more) to your Exchange servers. Just tell the boss to bend over and proceed. I've seen this before where a clueless "consultant" just wants to sell and install the very profitable Microsoft and third party accessories plus the "consulting: fees to install and configure all these products. They help justify the excessive costs by saying that you can "save money by retiring the MailScanner gateway(s)". If they had a clue they would retain the MailScanner gateway(s). Hope this helps, Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Tue Nov 1 14:48:57 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:31:06 2006 Subject: Working with Exchange Message-ID: You can also do... destination.tld esmtp:nexthop.somedomain.tld:failovernexthop.somedomain.tld If the first host is unavailable it will use the second. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Philip Parsons Sent: Monday, October 31, 2005 7:49 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Working with Exchange Here is an example as per our config sendmail/exchange something.com smtp:[exchange.something.com] something.com smtp:[exchange.something.com] something.ca smtp:[exchange.something.com] The square brackets tell the system NOT to do a lookup everytime... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Milton Calnek Sent: Monday, October 31, 2005 4:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Working with Exchange -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use this with sendmail/exchange. But I've never found a good example of what the mailer table should look like. For instance: domain.lan: exchange-server.domain.lan Dennis Willson wrote: > Use the mailertable to send the email to the exchange server. You do > this on a domain level. I do this all the time and it works very well. > > Dennis > > chardlist wrote: > >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on >> the same server. I have a client that would like to still utilize my >> MS services for spam and virus protection but instead of having POP >> accounts would now like all mail for their domain forwarded to their >> exchange server after MS has finished scanning it. Basically a scan >> and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDZrk6Hgnbf2T2QqMRArbMAJ48y4KmreyorofMD7RBKqbUZVvJgwCgh1yC MAVumxEvojGv0FMfmEOLfoM= =eKHp -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From roger at RUDNICK.COM.BR Tue Nov 1 17:15:43 2005 From: roger at RUDNICK.COM.BR (Roger Jochem) Date: Thu Jan 12 21:31:06 2006 Subject: Spamassassin 3.1 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all! Since I migrated to spamassassin 3.1 I'm receiving the following message in a lint: [3921] dbg: pyzor: got response: Traceback (most recent call last):\n File "/usr/local/bin/pyzor", line 4, in ?\n pyzor.client.run()\n File "/usr/local/lib/python2.3/site-packages/pyzor/client.py", line 934, in run\n ExecCall().run()\n File "/usr/local/lib/python2.3/site-packages/pyzor/client.py", line 169, in run\n os.mkdir(homedir)\nOSError: [Errno 13] Permission denied: '/var/www/.pyzor' And pyzor seems to fail: [3921] warn: pyzor: check failed: internal error Should I create this directory "/var/www/.pyzor" ? Regards Roger Jochem ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Tue Nov 1 12:37:04 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:06 2006 Subject: Major fire Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > > The main step at the moment is for us systems staff to get into the > building. Once we are in, we can start getting infrastructure services > back on-line. Once that is done the dept can start operating again. At > which point we have to house several hundred people in space we haven't > got. For several years while new buildings are built. > > That brings back memories. I was on a project that was fully staffed, problem was our new offices weren't ready so we had about 300 people in the space for 100. I shared an office with 2 others that was designed for one. One day we all leaned back and hit heads. One of those Stooges moments. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at gmail.com Wed Nov 2 01:12:37 2005 From: devonharding at gmail.com (Devon Harding) Date: Thu Jan 12 21:31:06 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] How can I protect my MailScanner/sendmail server against DoS attacks? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 1 16:52:54 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hermit921 spake the following on 11/1/2005 8:20 AM: > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange claim > there are products that run on the Exchange server that do everything > MailScanner (and associated programs) can do. I don't believe it. > Could I be wrong, or even mostly wrong, about this? > > hermit921 > And the Microsoft solutions will grow hair, cure impotence, and they drive the women crazy with desire.... ;) I'm sure you could do most of it, but if that is their intent, maybe they have a lot of money they need to throw down a hole real quick! They could throw it at Julian and get a first rate system, and he would ( I'm sure) gladly accept it!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Chris.Russell at KNOWLEDGEIT.CO.UK Tue Nov 1 00:44:37 2005 From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell) Date: Thu Jan 12 21:31:06 2006 Subject: Working with Exchange Message-ID: The contents of this e-mail may be privileged and are confidential. It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited. If received in error, please advise the sender, then delete it from your system. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Wed Nov 2 01:38:42 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:06 2006 Subject: Protect from DoS? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Devon Harding wrote: > How can I protect my MailScanner/sendmail server against DoS attacks? Well, that's at least a 300 page book.. Is there some specific aspect of DoS protection you're interested in? I'll take it from the sendmail perspective, and keep it brief. In general, you'll never get to 100% DoS proof on a mailserver, short of unplugging it. But, you can make yourself a lot more resistant to DoS attacks. First things to do are to enforce some basic limits in your sendmail.mc. Here's a quick sample of some important settings to consider. Although you might want different settings than these, it's a quick reference of some things to consider. #suggested options for privacy reasons: define(`confPRIVACY_FLAGS',`needmailhelo,authwarnings,novrfy,noexpn,restrictqrun') #put up a banner stating that UCE is prohibited define(`confSMTP_LOGIN_MSG', `$j Unsolicited Commercial Email prohibited') #Some minor DoS protection: #limit the number of sendmail children define(`confMAX_DAEMON_CHILDREN', 50) #no more than 500 connections per second. define(`confCONNECTION_RATE_THROTTLE',500) #limit messages to 1gig max. This is pretty huge. define(`confMAX_MESSAGE_SIZE', 1000000000) #don't accept mail if less than 1mb of space in queue partition define(`confMIN_FREE_BLOCKS', 1000) #Limit email messages to at most 32kb of headers define(`confMAX_HEADERS_LENGTH', 32768) #at most 150 recepients per message define(`confMAX_RCPTS_PER_MESSAGE', 150) #after 15 invalid recpipients, start slowing them down with #1 second sleeps (dictionary attack control) define(`confBAD_RCPT_THROTTLE',15) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Tue Nov 1 16:29:52 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: That's why even the hosted Exchange services run third party virus/spam scanners then. 'cos the built in support is soooooo good ;-) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of hermit921 > Sent: 01 November 2005 16:20 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] MailScanner on Exchange > > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange claim there > are products that run on the Exchange server that do everything > MailScanner > (and associated programs) can do. I don't believe it. Could I be wrong, > or even mostly wrong, about this? > > hermit921 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at yahoo.com Tue Nov 1 17:08:17 2005 From: hermit921 at yahoo.com (hermit921) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: The idea is to get rid of the MailScanner systems as being a waste of time, money, hardware, etc. There will be a cluster of Exchange servers facing the internet that do something, and then pass email to the back end where users will interact. "All the functionality of MailScanner" will be replicated on either the front end or back end - that isn't clear. Of course we will have to go from free products to much more expensive commercial products, but that doesn't seem to be relevant. My question is very specific. Do people have a comparison chart, or even product list, of applications that run on an Exchange server to duplicate MailScanner functionality? hermit921 At 08:46 AM 11/1/2005, Stephen Swaney wrote: > > -----Original Message----- > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of hermit921 > > Sent: Tuesday, November 01, 2005 11:20 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: MailScanner on Exchange > > > > My company decided to move to Exchange for its main mail server "It's a > > Management decision". The two people hired to manage Exchange claim there > > are products that run on the Exchange server that do everything > > MailScanner > > (and associated programs) can do. I don't believe it. Could I be wrong, > > or even mostly wrong, about this? > > > > hermit921 > >This question should set off a flurry of responses :) An Exchange server can >work quite well if you have many $$$, plenty of good technical support and >lots of computer resources but they should always be protected from the >Internet. I come from a paranoid investment banking environment and there >they always protect the Exchange servers behind gateways! > >A few of my comments: > >1. Exchange servers tend to be relatively BUSY. Having a MailScanner gateway >in front of the Exchange server will GREATLY reduce the load on the Exchange >server because it will stop most of the Junk at the gateway. We have >installed MailScanner gateways on sites that thought they needed an >expensive Exchange hardware upgrade. The load was so greatly reduced; the >old hardware is still running quietly with no strain. > >2. You can run multiple free (or lower cost) Virus scanners on the >MailScanner gateway. You'll still want a virus scanner on the Exchange >server to internal mail for viruses but if you have an enterprise license >for a virus scanner, you can probably also use that scanner on the gateway >at no additional cost. > >3. I like to keep Microsoft servers as far away from the Internet as >possible. Having a gateway and configuring your Exchange server correctly >will keep it a lot safer, more reliable and quieter. > >4. Read Microsoft's white paper on how to stop spam :) The list is down so I >can't find the link but it's quite amusing and quit sophomoric. Possibly >some packrat can send you the link. > >Stephen Swaney >Fort Systems Ltd. >stephen.swaney@fsl.com >www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Tue Nov 1 09:39:51 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions) Date: Thu Jan 12 21:31:06 2006 Subject: Congratulations Message-ID: Congratulations to Julian for managing to get a stable release out under the current conditions. Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 UK: 0870 163 0607 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Tue Nov 1 17:01:19 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of hermit921 > Sent: Tuesday, November 01, 2005 11:20 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: MailScanner on Exchange > > > My company decided to move to Exchange for its main mail server "It's a > Management decision". The two people hired to manage Exchange > claim there > are products that run on the Exchange server that do everything > MailScanner > (and associated programs) can do. I don't believe it. Could I be wrong, > or even mostly wrong, about this? > There are, one that comes to mind is GFI (http://www.gfi.com/mailsecurity/msecfeatures.htm). But there are caveats when it comes to pricing, support costs, etc. And, not trying to sound like a Microsoft-phoebe, I think MS products should never be placed on the outside of a network. If I were told we had to install exchange servers tomorrow because the powers that be wanted to use some of the outlook/exchange only features I would be happy to do so... behind an Exim/MailScanner *nix box. Exchange for intranet communications is fine, if you want to invest the $$, but Exchange should not be allowed to interact directly with the world, IMHO. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mcalnek at PCPLACE.CA Tue Nov 1 00:39:22 2005 From: mcalnek at PCPLACE.CA (Milton Calnek) Date: Thu Jan 12 21:31:06 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use this with sendmail/exchange. But I've never found a good example of what the mailer table should look like. For instance: domain.lan: exchange-server.domain.lan Dennis Willson wrote: > Use the mailertable to send the email to the exchange server. You do > this on a domain level. I do this all the time and it works very well. > > Dennis > > chardlist wrote: > >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on the >> same >> server. I have a client that would like to still utilize my MS >> services for >> spam and virus protection but instead of having POP accounts would now >> like >> all mail for their domain forwarded to their exchange server after MS has >> finished scanning it. Basically a scan and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDZrk6Hgnbf2T2QqMRArbMAJ48y4KmreyorofMD7RBKqbUZVvJgwCgh1yC MAVumxEvojGv0FMfmEOLfoM= =eKHp -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From campbell at CNPAPERS.COM Tue Nov 1 20:51:24 2005 From: campbell at CNPAPERS.COM (Steve Campbell) Date: Thu Jan 12 21:31:06 2006 Subject: list of quarantined notification to recipient Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I keep most of the emails from Mailscanner in an inbox folder, and have searched there and also on the archive list, but I apparently can't seem to come up with the proper search terms, so here goes - My boss thinks it would be a good idea to notify recipients here of all mail for that individual that has been quarantined for the day in a single mailing to the recipient. I recall at least one, maybe more, scripts that were submitted to the list that would do this. I just can't remember whether it was this list or the mailwatch list, but I can't find it in either. Does anyone recall anything like this that may have been posted? Notification after each quarantine is probably not an option, so this would have to be done as a daily cron job. Thanks for any help. Steve Campbell campbell@cnpapers.com Charleston Newspapers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From djlucas at ORCSD.ORG Tue Nov 1 20:28:19 2005 From: djlucas at ORCSD.ORG (David Lucas) Date: Thu Jan 12 21:31:06 2006 Subject: Installation of MailScanner Message-ID: Hello, I have installed MailScanner 4.46.2 on a Fedora Core 4 box. I'm constantly getting Mail Delivery Errors from mail servers on the web. An example would be: The following recipient(s) could not be reached: qodiishla@yahoo.com on 11/1/2005 2:58 PM The format of the e-mail address is incorrect. Check the address, look up the recipient in the Address Book, or contact the recipient directly to find out the correct address. < durham.orcsd.org #5.1.3 SMTP; 553 VS10-RT Possible forgery or deactivated due to abuse (#5.1.1) 132.177.176.33> Or: The following recipient(s) could not be reached: wpascual@unfauxgettable.net on 11/1/2005 2:56 PM The message could not be delivered because the recipient's destination email system is unknown or invalid. Please check the address and try again, or contact your system administrator to verify connectivity to the email system of the recipient. < durham.orcsd.org #5.1.2> If I stop MailScanner I don't get these errors. But once I start it I'm getting about 6 an hour. Does anyone have an idea why?? ************************** David J. Lucas, CCNA Oyster River Cooperative School District Phone: (603) 868-5100 ext. 41 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hermit921 at yahoo.com Tue Nov 1 16:20:01 2005 From: hermit921 at yahoo.com (hermit921) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: My company decided to move to Exchange for its main mail server "It's a Management decision". The two people hired to manage Exchange claim there are products that run on the Exchange server that do everything MailScanner (and associated programs) can do. I don't believe it. Could I be wrong, or even mostly wrong, about this? hermit921 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 20:47:48 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:06 2006 Subject: Installation of MailScanner Message-ID: On 1 Nov 2005, at 20:28, David Lucas wrote: > Hello, > > I have installed MailScanner 4.46.2 on a Fedora Core 4 box. I'm > constantly > getting Mail Delivery Errors from mail servers on the web. An > example would > be: > > The following recipient(s) could not be reached: > > qodiishla@yahoo.com on 11/1/2005 2:58 PM > The format of the e-mail address is incorrect. Check the > address, look up the recipient in the Address Book, or contact the > recipient > directly to find out the correct address. > < durham.orcsd.org #5.1.3 SMTP; 553 VS10-RT Possible > forgery or > deactivated due to abuse (#5.1.1) 132.177.176.33> > > Or: > > The following recipient(s) could not be reached: > > wpascual@unfauxgettable.net on 11/1/2005 2:56 PM > The message could not be delivered because the recipient's > destination email system is unknown or invalid. Please check the > address and > try again, or contact your system administrator to verify > connectivity to the > email system of the recipient. > < durham.orcsd.org #5.1.2> > > If I stop MailScanner I don't get these errors. But once I start > it I'm > getting about 6 an hour. Does anyone have an idea why?? You are not bouncing spam (or indeed virus warning notifications) by chance are you? Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From david at GNSA.US Tue Nov 1 16:39:21 2005 From: david at GNSA.US (David Nalley) Date: Thu Jan 12 21:31:06 2006 Subject: MailScanner on Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hermit921 wrote: > My company decided to move to Exchange for its main mail server "It's > a Management decision". The two people hired to manage Exchange claim > there are products that run on the Exchange server that do everything > MailScanner (and associated programs) can do. I don't believe it. > Could I be wrong, or even mostly wrong, about this? > > hermit921 Are there other products that scan for spam, viruses and other undesirable content, sure. Symantec, Kapersky, BitDefender, RAV. and CA are just a few of the solutions out there. There are a number of big advantages: 1)Multiple virus scanners - providing defense in depths as deep as you are willing to specify 2.) Heterogenous environment. - Security wise it requires a different set of knowledge to compromise an Exchange box as opposed to a Linux box running mailscanner. Those are the ones that immediately come to mind. I suppose that licensing costs could also be a factor, but really for any organization large enough to need two Exchange admins, my guess is cost isn't that big of a factor. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lists at HBCS.ORG Tue Nov 1 15:48:10 2005 From: lists at HBCS.ORG (Dave Coults) Date: Thu Jan 12 21:31:06 2006 Subject: Major fire Message-ID: Julian, If you need some of the old versions I have a number of them( being the packrat that I am ;-) ) Dave Coults HBCS Postmaster/Network Admin ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 09:31:19 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:07 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 02:08, Mark Presling wrote: > > Jon Miller wrote: > >>Do it on a domain level, we do this all the time and it works very well, >> you'll have to set up a relay_domains for the mail for the client. >>The way we've set it up is to accept on postfix -> mailscanner (spam and >> virus with Sophos) -> postfix -> domains. >> >> > Doesn't Postfix just lookup the MX entries for the domain in > relay_domains and send it on to the higher priority MX than itself? Do > you have to run your own internal DNS that flips the MX entries? > > What I mean is, if you have your server set up as the MX on the Internet > DNS servers for somedomain.com (and not their own server), how do you > use relay_domains feature of Postfix to forward it on to their server > without DNS changes? It can be done using internal and external zones but that does make life far more complex than it needs to be. From the Postfix point of view, just make an entry in the transport file like: domain.tld smtp:exchange.domain.tld #This assumes you make an 'A' record for exchange.domain.tld otherwise do domain.tld smtp:exch.ip.add.ress and postmap the transport file. There is quite a lot of Postfix stuff in the wiki (As and when Jules is able to de-smoke it and make it available again). AFAIK Exim is fairly similar although it is routers that you configure (I don't know much about Exim so don't take my word for it ;-) ) Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 1 09:33:45 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:07 2006 Subject: Working with Exchange Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 1, 2005 09:31, Drew Marshall wrote: > On Tue, November 1, 2005 02:08, Mark Presling wrote: >> >> Jon Miller wrote: >> >>>Do it on a domain level, we do this all the time and it works very well, >>> you'll have to set up a relay_domains for the mail for the client. >>>The way we've set it up is to accept on postfix -> mailscanner (spam and >>> virus with Sophos) -> postfix -> domains. >>> >>> >> Doesn't Postfix just lookup the MX entries for the domain in >> relay_domains and send it on to the higher priority MX than itself? Do >> you have to run your own internal DNS that flips the MX entries? >> >> What I mean is, if you have your server set up as the MX on the Internet >> DNS servers for somedomain.com (and not their own server), how do you >> use relay_domains feature of Postfix to forward it on to their server >> without DNS changes? > > It can be done using internal and external zones but that does make life > far more complex than it needs to be. From the Postfix point of view, just > make an entry in the transport file like: > > domain.tld smtp:exchange.domain.tld #This assumes you make an 'A' record > for exchange.domain.tld otherwise do > domain.tld smtp:exch.ip.add.ress Bah, that ^^^^^^^^^^^^^^^^^^^^^^^^^^^ should read: domain.tld smtp:[exch.ip.add.ress] /Note to self: Read before Send... > > and postmap the transport file. There is quite a lot of Postfix stuff in > the wiki (As and when Jules is able to de-smoke it and make it available > again). > > AFAIK Exim is fairly similar although it is routers that you configure (I > don't know much about Exim so don't take my word for it ;-) ) > > Drew > > > -- > In line with our policy, this message has > been scanned for viruses and dangerous > content by MailScanner, and is believed to be clean. > www.themarshalls.co.uk/policy > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Tue Nov 1 17:12:33 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:31:07 2006 Subject: MailScanner on Exchange Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Well, unfortunetly, my experience tells me it's over for you. How do you defend a bad decision when Management is willing to ignore both cost and security? I have worked a lot with exchange and found that it should NEVER directly receive from the Internet (send either for that matter). It's something the company will pay for, over and over and over again. However it's doubtful if they will ever see (because they don't want to) the real cost of that decision. Dennis hermit921 wrote: > The idea is to get rid of the MailScanner systems as being a waste of > time, money, hardware, etc. There will be a cluster of Exchange > servers facing the internet that do something, and then pass email to > the back end where users will interact. > > "All the functionality of MailScanner" will be replicated on either > the front end or back end - that isn't clear. Of course we will have > to go from free products to much more expensive commercial products, > but that doesn't seem to be relevant. > > My question is very specific. Do people have a comparison chart, or > even product list, of applications that run on an Exchange server to > duplicate MailScanner functionality? > > hermit921 > > > At 08:46 AM 11/1/2005, Stephen Swaney wrote: > >> > -----Original Message----- >> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> > Behalf Of hermit921 >> > Sent: Tuesday, November 01, 2005 11:20 AM >> > To: MAILSCANNER@JISCMAIL.AC.UK >> > Subject: MailScanner on Exchange >> > >> > My company decided to move to Exchange for its main mail server >> "It's a >> > Management decision". The two people hired to manage Exchange >> claim there >> > are products that run on the Exchange server that do everything >> > MailScanner >> > (and associated programs) can do. I don't believe it. Could I be >> wrong, >> > or even mostly wrong, about this? >> > >> > hermit921 >> >> This question should set off a flurry of responses :) An Exchange >> server can >> work quite well if you have many $$$, plenty of good technical >> support and >> lots of computer resources but they should always be protected from the >> Internet. I come from a paranoid investment banking environment and >> there >> they always protect the Exchange servers behind gateways! >> >> A few of my comments: >> >> 1. Exchange servers tend to be relatively BUSY. Having a MailScanner >> gateway >> in front of the Exchange server will GREATLY reduce the load on the >> Exchange >> server because it will stop most of the Junk at the gateway. We have >> installed MailScanner gateways on sites that thought they needed an >> expensive Exchange hardware upgrade. The load was so greatly reduced; >> the >> old hardware is still running quietly with no strain. >> >> 2. You can run multiple free (or lower cost) Virus scanners on the >> MailScanner gateway. You'll still want a virus scanner on the Exchange >> server to internal mail for viruses but if you have an enterprise >> license >> for a virus scanner, you can probably also use that scanner on the >> gateway >> at no additional cost. >> >> 3. I like to keep Microsoft servers as far away from the Internet as >> possible. Having a gateway and configuring your Exchange server >> correctly >> will keep it a lot safer, more reliable and quieter. >> >> 4. Read Microsoft's white paper on how to stop spam :) The list is >> down so I >> can't find the link but it's quite amusing and quit sophomoric. Possibly >> some packrat can send you the link. >> >> Stephen Swaney >> Fort Systems Ltd. >> stephen.swaney@fsl.com >> www.fsl.com > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pparsons at COLUMBIAFUELS.COM Tue Nov 1 00:48:59 2005 From: pparsons at COLUMBIAFUELS.COM (Philip Parsons) Date: Thu Jan 12 21:31:07 2006 Subject: Working with Exchange Message-ID: Here is an example as per our config sendmail/exchange something.com smtp:[exchange.something.com] something.com smtp:[exchange.something.com] something.ca smtp:[exchange.something.com] The square brackets tell the system NOT to do a lookup everytime... -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Milton Calnek Sent: Monday, October 31, 2005 4:39 PM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Working with Exchange -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'd like to use this with sendmail/exchange. But I've never found a good example of what the mailer table should look like. For instance: domain.lan: exchange-server.domain.lan Dennis Willson wrote: > Use the mailertable to send the email to the exchange server. You do > this on a domain level. I do this all the time and it works very well. > > Dennis > > chardlist wrote: > >> I have a Redhat Linux server running MS for a bunch of virtual domains. >> Ultimately all mail is delivered to the appropriate POP account on >> the same server. I have a client that would like to still utilize my >> MS services for spam and virus protection but instead of having POP >> accounts would now like all mail for their domain forwarded to their >> exchange server after MS has finished scanning it. Basically a scan >> and forward service. >> >> What is the best way to accomplish this? >> >> I'm running >> >> Redhat 9 >> MS 4.45.4 >> Exim 4.52 >> >> >> Thank you, >> -Brendan >> >> ------------------------ MailScanner list ------------------------ To >> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the >> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and the > archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDZrk6Hgnbf2T2QqMRArbMAJ48y4KmreyorofMD7RBKqbUZVvJgwCgh1yC MAVumxEvojGv0FMfmEOLfoM= =eKHp -----END PGP SIGNATURE----- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 19:01:40 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Am I missing something, or can I change the Subject on the warnings for blocked content. As it is now, if blocked content comes in, they are sent back a message with Warning: E-mail viruses detected I would rather have something stating that it had blocked content,such as "Warning: blocked content detected" as most users have learned to ignore virus bounce messages as false or virus propagation attempts. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Thu Nov 3 19:27:11 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: Hi Scott, On Thu, 2005-11-03 at 11:01 -0800, Scott Silva wrote: > Am I missing something, or can I change the Subject on the warnings for > blocked content. > As it is now, if blocked content comes in, they are sent back a message > with Warning: E-mail viruses detected > > I would rather have something stating that it had blocked content,such > as "Warning: blocked content detected" as most users have learned to > ignore virus bounce messages as false or virus propagation attempts. > Have a look in /etc/MailScanner/reports/en/languages.conf for NoticeHeading and NoticeSubject. I think that's what you're after. Cheers, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Thu Nov 3 21:16:29 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Geeze, not sure why but i seem to be getting lots of viagra and other medical spams lately... And that darn wrist watch spam too.... I am running MS 4.41and SA 3.04 and i update rules everyday... unless i am missing a certain rules set.... Any suggestions? These spams are coming through either marked clean or a score of 1 "s" Rob... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 21:20:44 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Geeze, not sure why but i seem to be getting lots of viagra and other > medical spams lately... > > And that darn wrist watch spam too.... > > I am running MS 4.41and SA 3.04 and i update rules everyday... unless i > am missing a certain rules set.... > > Any suggestions? These spams are coming through either marked clean or > a score of 1 "s" Got an X-MailScanner-SpamCheck header you can quote? a score alone doesn't really say much about the problem. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joe at NAOS.STERLING.NET Thu Nov 3 21:52:13 2005 From: joe at NAOS.STERLING.NET (Joe Young) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: Scott, Thank you for your reply. I had Steve Swaney from FSL set up the filter servers with RulesDuJour. Steve said that BAYES should learn from Spamassassin. However, BAYES has now learned that some of the spam emails are ham mails. I will review my spamassassin scores. Thanks. By the way. My Spamassassin is at version 3.0.4. In the next couple of weeks, I will be upgrading to 3.1. Thank you, Joe Young -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva Sent: Thursday, November 03, 2005 10:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Joe Young spake the following on 11/3/2005 8:09 AM: > > Help, > > I am running on CentOS release 4.0 (Final) with Perl version > 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has > been scoring lower than normal for the last couple of weeks. Most of > the untagged spam has been the geocities link spam and the emails that > contain mostly images. Almost all of the spam emails are scored with > BAYES_00 -2.60. What are some possible steps to change the bayes score without feeding it spam? > > Thank you, > > Joe Young > In your spam.assassin.prefs.conf file you can change the score to closer to zero, otherwise it will keep poisoning the bayes cache. You could try score BAYES_00 -1.00, or add some more rules to help bump the scores up. The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an excellent addition to an excellent product. There are also some rules floating around the list archives for the geocities url junk. Do the e-mails with mostly images score as such? You could bump the scores on those. It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. The scores on the latter are fairly low. Look at http://spamassassin.apache.org/tests_3_1_x.html for the default scores in 3.1.0 If you haven't moved up yet, you might just want to find some time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From joe at NAOS.STERLING.NET Thu Nov 3 21:52:13 2005 From: joe at NAOS.STERLING.NET (Joe Young) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: Scott, Thank you for your reply. I had Steve Swaney from FSL set up the filter servers with RulesDuJour. Steve said that BAYES should learn from Spamassassin. However, BAYES has now learned that some of the spam emails are ham mails. I will review my spamassassin scores. Thanks. By the way. My Spamassassin is at version 3.0.4. In the next couple of weeks, I will be upgrading to 3.1. Thank you, Joe Young -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Scott Silva Sent: Thursday, November 03, 2005 10:24 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Joe Young spake the following on 11/3/2005 8:09 AM: > > Help, > > I am running on CentOS release 4.0 (Final) with Perl version > 5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has > been scoring lower than normal for the last couple of weeks. Most of > the untagged spam has been the geocities link spam and the emails that > contain mostly images. Almost all of the spam emails are scored with > BAYES_00 -2.60. What are some possible steps to change the bayes score without feeding it spam? > > Thank you, > > Joe Young > In your spam.assassin.prefs.conf file you can change the score to closer to zero, otherwise it will keep poisoning the bayes cache. You could try score BAYES_00 -1.00, or add some more rules to help bump the scores up. The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an excellent addition to an excellent product. There are also some rules floating around the list archives for the geocities url junk. Do the e-mails with mostly images score as such? You could bump the scores on those. It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. The scores on the latter are fairly low. Look at http://spamassassin.apache.org/tests_3_1_x.html for the default scores in 3.1.0 If you haven't moved up yet, you might just want to find some time. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:05:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I made the change you suggested of adding Always Include SpamAssassin > Report = yes in the conf file.... > Somehow i do remember it use to be in the headers... :) > > As for the other stuff of DNS and URIBLs , well i use the default set up > that comes with mailscanner and i have added the below rules via > rules_du_jour my config file from /etc/rulesdujour/ > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG > SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS MRWIGGLY SARE_HEADER_ABUSE SARE_RATWARE RANDOMVAL > SARE_GENLSUBJ"; > > > > i once tried the URL blacklist once but it was a big load on the server... > > Any suggestions? Unfortunately there's not a lot of static rulesets that do much for that message. The only one that helps much is SARE's specific rulset and you've already got that... The bulk of the points I got were from RBLs, URIBLs and hashes. If you're using bayes you might be able to train it to cover them.. Other than that, you might selectively experiment with network tests one at at time, but if load is an issue, you're forced to make the accuracy vs CPU load trade off of disabling network checks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:05:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I made the change you suggested of adding Always Include SpamAssassin > Report = yes in the conf file.... > Somehow i do remember it use to be in the headers... :) > > As for the other stuff of DNS and URIBLs , well i use the default set up > that comes with mailscanner and i have added the below rules via > rules_du_jour my config file from /etc/rulesdujour/ > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG > SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS MRWIGGLY SARE_HEADER_ABUSE SARE_RATWARE RANDOMVAL > SARE_GENLSUBJ"; > > > > i once tried the URL blacklist once but it was a big load on the server... > > Any suggestions? Unfortunately there's not a lot of static rulesets that do much for that message. The only one that helps much is SARE's specific rulset and you've already got that... The bulk of the points I got were from RBLs, URIBLs and hashes. If you're using bayes you might be able to train it to cover them.. Other than that, you might selectively experiment with network tests one at at time, but if load is an issue, you're forced to make the accuracy vs CPU load trade off of disabling network checks. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:17:33 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: {SPAM} Re: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i once tried the URL blacklist once but it was a big load on the server... One other thing I thought about.. If you can't enable RBL checks you should consider getting the Spamcop top 200 list from SARE and updating it with RDJ. http://www.rulesemporium.com/rules/70_sc_top200.cf For sites running RBLs, this is a subset of RCVD_IN_BL_SPAMCOP_NET, but if you can't run RBLs this at least gets you the top 200 offenders. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 3 22:17:33 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: {SPAM} Re: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i once tried the URL blacklist once but it was a big load on the server... One other thing I thought about.. If you can't enable RBL checks you should consider getting the Spamcop top 200 list from SARE and updating it with RDJ. http://www.rulesemporium.com/rules/70_sc_top200.cf For sites running RBLs, this is a subset of RCVD_IN_BL_SPAMCOP_NET, but if you can't run RBLs this at least gets you the top 200 offenders. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Thu Nov 3 23:00:37 2005 From: w.reimink at GMAIL.COM (w.reimink@gmail.com) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I'am quite new to mailscanner (and mailing lists.) I've installed mailscanner and I am testing it right now. so far so good. However I have a question. Our mailserver is responsible for several companies and for all those companies have the same rules (attachments, spam checking and so on) The only thing that is different for all our companies are the values of : %org-name%, %org-long-name%, and %web-site% For example : we want to sign outgoing messages with inline.sig.html (or .txt) So a message sent from company X would be signed by company X So is it possible to set the vallue of these variables by a rule set ? (if not this would be a feature request) It would be much easier to sing messages with the right company, and i wouldn't have to maintain a lot rulesets and different reports. Now I will have to set up rulesets and reports for all the companies just to get a different %web-site% in the signature (or virus warnings). Or is there another way ? With kind regards, Wijnand Reimink ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Thu Nov 3 23:00:37 2005 From: w.reimink at GMAIL.COM (w.reimink@gmail.com) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi I'am quite new to mailscanner (and mailing lists.) I've installed mailscanner and I am testing it right now. so far so good. However I have a question. Our mailserver is responsible for several companies and for all those companies have the same rules (attachments, spam checking and so on) The only thing that is different for all our companies are the values of : %org-name%, %org-long-name%, and %web-site% For example : we want to sign outgoing messages with inline.sig.html (or .txt) So a message sent from company X would be signed by company X So is it possible to set the vallue of these variables by a rule set ? (if not this would be a feature request) It would be much easier to sing messages with the right company, and i wouldn't have to maintain a lot rulesets and different reports. Now I will have to set up rulesets and reports for all the companies just to get a different %web-site% in the signature (or virus warnings). Or is there another way ? With kind regards, Wijnand Reimink ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:27:09 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Young spake the following on 11/3/2005 1:52 PM: > Scott, > > Thank you for your reply. I had Steve Swaney from FSL set up the > filter servers with RulesDuJour. Steve said that BAYES should learn from > Spamassassin. However, BAYES has now learned that some of the spam emails > are ham mails. I will review my spamassassin scores. Thanks. By the way. My > Spamassassin is at version 3.0.4. In the next couple of weeks, I will be > upgrading to 3.1. > > Thank you, > > Joe Young > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Scott Silva > Sent: Thursday, November 03, 2005 10:24 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple > of weeks. > > Joe Young spake the following on 11/3/2005 8:09 AM: > >> >>Help, >> >> I am running on CentOS release 4.0 (Final) with Perl version >>5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has >>been scoring lower than normal for the last couple of weeks. Most of >>the untagged spam has been the geocities link spam and the emails that >>contain mostly images. Almost all of the spam emails are scored with >>BAYES_00 -2.60. What are some possible steps to change the bayes score > > without feeding it spam? > >>Thank you, >> >>Joe Young >> > > In your spam.assassin.prefs.conf file you can change the score to closer to > zero, otherwise it will keep poisoning the bayes cache. > > You could try score BAYES_00 -1.00, or add some more rules to help bump the > scores up. > The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an > excellent addition to an excellent product. > There are also some rules floating around the list archives for the > geocities url junk. > > Do the e-mails with mostly images score as such? > You could bump the scores on those. > It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. > The scores on the latter are fairly low. > Look at http://spamassassin.apache.org/tests_3_1_x.html > for the default scores in 3.1.0 > If you haven't moved up yet, you might just want to find some time. > > > Are you using Mailwatch? It makes it easy to get bayes to forget some mails. I archive everything for 2 weeks, and that way I can reverse any weird auto learned stuff. Here is something I added to my spam.assassin.prefs.conf file for the Geocities spam. uri PROLO_GEO_CHECK1 /^http:\/\/.*\.geocities\.com\// describe PROLO_GEO_CHECK1 PROLO_GEO_CHECK1, Body score PROLO_GEO_CHECK1 5.0 Got it from the list, and modified it to hit all geocities, and not just uk and italy. Change the score to suit your situation. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:27:09 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: HELP? Spamassassin is scoring lower than normal the last couple of weeks. Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Joe Young spake the following on 11/3/2005 1:52 PM: > Scott, > > Thank you for your reply. I had Steve Swaney from FSL set up the > filter servers with RulesDuJour. Steve said that BAYES should learn from > Spamassassin. However, BAYES has now learned that some of the spam emails > are ham mails. I will review my spamassassin scores. Thanks. By the way. My > Spamassassin is at version 3.0.4. In the next couple of weeks, I will be > upgrading to 3.1. > > Thank you, > > Joe Young > > > > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf > Of Scott Silva > Sent: Thursday, November 03, 2005 10:24 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: HELP? Spamassassin is scoring lower than normal the last couple > of weeks. > > Joe Young spake the following on 11/3/2005 8:09 AM: > >> >>Help, >> >> I am running on CentOS release 4.0 (Final) with Perl version >>5.008005 (5.8.5) and MailScanner version 4.42.9. Spamassassin has >>been scoring lower than normal for the last couple of weeks. Most of >>the untagged spam has been the geocities link spam and the emails that >>contain mostly images. Almost all of the spam emails are scored with >>BAYES_00 -2.60. What are some possible steps to change the bayes score > > without feeding it spam? > >>Thank you, >> >>Joe Young >> > > In your spam.assassin.prefs.conf file you can change the score to closer to > zero, otherwise it will keep poisoning the bayes cache. > > You could try score BAYES_00 -1.00, or add some more rules to help bump the > scores up. > The RulesDuJour setup at Fortress Systems (www.fsl.com/support) Is an > excellent addition to an excellent product. > There are also some rules floating around the list archives for the > geocities url junk. > > Do the e-mails with mostly images score as such? > You could bump the scores on those. > It should hit either HTML_IMAGE_ONLY_* or HTML_IMAGE_RATIO_*. > The scores on the latter are fairly low. > Look at http://spamassassin.apache.org/tests_3_1_x.html > for the default scores in 3.1.0 > If you haven't moved up yet, you might just want to find some time. > > > Are you using Mailwatch? It makes it easy to get bayes to forget some mails. I archive everything for 2 weeks, and that way I can reverse any weird auto learned stuff. Here is something I added to my spam.assassin.prefs.conf file for the Geocities spam. uri PROLO_GEO_CHECK1 /^http:\/\/.*\.geocities\.com\// describe PROLO_GEO_CHECK1 PROLO_GEO_CHECK1, Body score PROLO_GEO_CHECK1 5.0 Got it from the list, and modified it to hit all geocities, and not just uk and italy. Change the score to suit your situation. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:59:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Freegard spake the following on 11/3/2005 11:27 AM: > Hi Scott, > > On Thu, 2005-11-03 at 11:01 -0800, Scott Silva wrote: > >>Am I missing something, or can I change the Subject on the warnings for >>blocked content. >>As it is now, if blocked content comes in, they are sent back a message >>with Warning: E-mail viruses detected >> >>I would rather have something stating that it had blocked content,such >>as "Warning: blocked content detected" as most users have learned to >>ignore virus bounce messages as false or virus propagation attempts. >> > > > Have a look in /etc/MailScanner/reports/en/languages.conf for > NoticeHeading and NoticeSubject. > > I think that's what you're after. > > Cheers, > Steve. > Thanks Steve!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 3 23:59:49 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:07 2006 Subject: Blocked content Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Steve Freegard spake the following on 11/3/2005 11:27 AM: > Hi Scott, > > On Thu, 2005-11-03 at 11:01 -0800, Scott Silva wrote: > >>Am I missing something, or can I change the Subject on the warnings for >>blocked content. >>As it is now, if blocked content comes in, they are sent back a message >>with Warning: E-mail viruses detected >> >>I would rather have something stating that it had blocked content,such >>as "Warning: blocked content detected" as most users have learned to >>ignore virus bounce messages as false or virus propagation attempts. >> > > > Have a look in /etc/MailScanner/reports/en/languages.conf for > NoticeHeading and NoticeSubject. > > I think that's what you're after. > > Cheers, > Steve. > Thanks Steve!! -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Fri Nov 4 00:36:58 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:07 2006 Subject: Revisit: Spam with negative score Message-ID: Hello, Again I'm having issues with emails being marked as spam even though they end up having a negative score (sometimes as much as -10). Last time it was because emails were being found on spam lists and that is under control. This time the emails are not being found on any lists and on top of that the email address is whitelisted. The only thing I see in the logs that MailScanner might be flagging the email for is the following: Nov 3 13:58:42 localhost MailScanner[20826]: Message jA3LwZp6025097 from 66.94.237.36 (sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo. com) is whitelisted Nov 3 13:58:52 localhost MailScanner[20826]: tag found in message jA3LwZp6025097 from sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo.c om I searched the archives and Google and looked through MailScanner.conf but didn't find anything that made it apparent how I can solve this. Thanks! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Fri Nov 4 00:36:58 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:07 2006 Subject: Revisit: Spam with negative score Message-ID: Hello, Again I'm having issues with emails being marked as spam even though they end up having a negative score (sometimes as much as -10). Last time it was because emails were being found on spam lists and that is under control. This time the emails are not being found on any lists and on top of that the email address is whitelisted. The only thing I see in the logs that MailScanner might be flagging the email for is the following: Nov 3 13:58:42 localhost MailScanner[20826]: Message jA3LwZp6025097 from 66.94.237.36 (sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo. com) is whitelisted Nov 3 13:58:52 localhost MailScanner[20826]: tag found in message jA3LwZp6025097 from sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo.c om I searched the archives and Google and looked through MailScanner.conf but didn't find anything that made it apparent how I can solve this. Thanks! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 08:57:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Hi Only way I think of right now (caffeine levels still rising) is to have different instances of MailScanner watching separate inbound queues for the different domains. If you use a single instance of MS, and email to domain1 AND domain2, how would it handle this? In regards to 'from' the %org-name% parts are merely indications that mail has been scanned and shouldn't be relied on to be 'trusted' that it has indeed come from that firm. The reason the org-name is in the headers is that people started to trust the headers and let alleged MS scanned email straight through without virus scanning etc. So some clever virus writer noticed this and produced a virus that had the X-MailScanner headers in the email it sent in order to circumvent peoples security. This meant the more unique org-name was added to the headers in order to try and make the headers a little more unique and circumvent this issue. So I wouldn't really take much issue myself with the outbound email, people use all sorts or services for email lists and a great many are third party, where you have no control of people to do SPF or anything like that to verify the sender if who they say they are.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of w.reimink@gmail.com > Sent: 03 November 2005 23:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Value of the variables %org-name% %org-long-name% > %web-site% set by a ruleset > > Hi > > I'am quite new to mailscanner (and mailing lists.) > I've installed mailscanner and I am testing it right now. so far so good. > > However I have a question. > > Our mailserver is responsible for several companies and for all those > companies have the same rules (attachments, spam checking and so on) > > The only thing that is different for all our companies are the values of : > %org-name%, %org-long-name%, and %web-site% > For example : we want to sign outgoing messages with inline.sig.html (or > .txt) > So a message sent from company X would be signed by company X > > So is it possible to set the vallue of these variables by a rule set ? > (if not this would be a feature request) > It would be much easier to sing messages with the right company, and i > wouldn't have to maintain a lot rulesets and different reports. > > Now I will have to set up rulesets and reports for all the companies > just to get a different %web-site% in the signature (or virus > warnings). > > Or is there another way ? > > With kind regards, > > Wijnand Reimink > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 08:57:28 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Hi Only way I think of right now (caffeine levels still rising) is to have different instances of MailScanner watching separate inbound queues for the different domains. If you use a single instance of MS, and email to domain1 AND domain2, how would it handle this? In regards to 'from' the %org-name% parts are merely indications that mail has been scanned and shouldn't be relied on to be 'trusted' that it has indeed come from that firm. The reason the org-name is in the headers is that people started to trust the headers and let alleged MS scanned email straight through without virus scanning etc. So some clever virus writer noticed this and produced a virus that had the X-MailScanner headers in the email it sent in order to circumvent peoples security. This meant the more unique org-name was added to the headers in order to try and make the headers a little more unique and circumvent this issue. So I wouldn't really take much issue myself with the outbound email, people use all sorts or services for email lists and a great many are third party, where you have no control of people to do SPF or anything like that to verify the sender if who they say they are.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of w.reimink@gmail.com > Sent: 03 November 2005 23:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Value of the variables %org-name% %org-long-name% > %web-site% set by a ruleset > > Hi > > I'am quite new to mailscanner (and mailing lists.) > I've installed mailscanner and I am testing it right now. so far so good. > > However I have a question. > > Our mailserver is responsible for several companies and for all those > companies have the same rules (attachments, spam checking and so on) > > The only thing that is different for all our companies are the values of : > %org-name%, %org-long-name%, and %web-site% > For example : we want to sign outgoing messages with inline.sig.html (or > .txt) > So a message sent from company X would be signed by company X > > So is it possible to set the vallue of these variables by a rule set ? > (if not this would be a feature request) > It would be much easier to sing messages with the right company, and i > wouldn't have to maintain a lot rulesets and different reports. > > Now I will have to set up rulesets and reports for all the companies > just to get a different %web-site% in the signature (or virus > warnings). > > Or is there another way ? > > With kind regards, > > Wijnand Reimink > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 09:03:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.87.1 Message-ID: In case people haven't send this yet.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce- > bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: 03 November 2005 23:01 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.87.1 > > Dear ClamAV users, > > This release includes major bugfixes for problems with handling TNEF > attachments, cabinet files and FSG compressed executables. > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner > PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 > PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 09:03:09 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: FW: [Clamav-announce] announcing ClamAV 0.87.1 Message-ID: In case people haven't send this yet.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: clamav-announce-bounces@lists.clamav.net [mailto:clamav-announce- > bounces@lists.clamav.net] On Behalf Of Luca Gibelli > Sent: 03 November 2005 23:01 > To: ClamAV Announce > Subject: [Clamav-announce] announcing ClamAV 0.87.1 > > Dear ClamAV users, > > This release includes major bugfixes for problems with handling TNEF > attachments, cabinet files and FSG compressed executables. > > > -- > The ClamAV team (http://www.clamav.net/team.html) > > -- > Luca Gibelli (luca at clamav.net) - ClamAV, a GPL virus scanner > PGP Key Fingerprint: C782 121E 8C3A 90E3 7A87 D802 6277 8FF4 5EFC 5582 > PGP Key Available on: Key Servers || http://www.clamav.net/gpg/luca.gpg > _______________________________________________ > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-announce ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From janetbindner at YAHOO.CO.UK Fri Nov 4 09:28:30 2005 From: janetbindner at YAHOO.CO.UK (Janet Bindner) Date: Thu Jan 12 21:31:07 2006 Subject: New RPM package(clamav, postfix, spamassassin, mailscanner) - PSCM Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I have created a new rpm package integrating postfix, spamassassin, clamav and mailscanner. This should help to eliminate the hassle of installing and making these applications work together. The latest package include: * Clamav: 0.87.1 * MailScanner: 4.47.4-1 * SpamAssassin: 3.1.0 * Postfix: 2.2.5 http://metawire.org/~pscm/index.html Cheers, Janet ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From janetbindner at YAHOO.CO.UK Fri Nov 4 09:28:30 2005 From: janetbindner at YAHOO.CO.UK (Janet Bindner) Date: Thu Jan 12 21:31:07 2006 Subject: New RPM package(clamav, postfix, spamassassin, mailscanner) - PSCM Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi all, I have created a new rpm package integrating postfix, spamassassin, clamav and mailscanner. This should help to eliminate the hassle of installing and making these applications work together. The latest package include: * Clamav: 0.87.1 * MailScanner: 4.47.4-1 * SpamAssassin: 3.1.0 * Postfix: 2.2.5 http://metawire.org/~pscm/index.html Cheers, Janet ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 14:13:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I uncomment this in mailscanner.conf Spam List = ORDB-RBL SBL+XBL Also added this to spam.assassin.prefs.conf # JP data was taken out of the WS and SC SURBL zone files # JP will be a separate list in SA 3.1 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 Restarted mailscanner and SA Have not see any notciable increase in system load yet... Rob... ----- Original Message ----- From: "Pete Russell" To: Sent: Thursday, November 03, 2005 8:58 PM Subject: Re: Lots ne wmedical related spam... > How do I find out which URIBL i have enabled? Or turn on more of the ones > that are built in? Because i dont see all of those in my reports. > Thanks > Pete > > Matt Kettler wrote: >> Rob wrote: >> >>>The source as form MS outlook express... >>> >> >> >> >> >> Well, you're not set up to generate spamcheck headers for nonspam.. >> That's such >> a horridly lame default in MailScanner. >> >> Unless you're ready/willing to grep your maillogs for the SMTP ID to find >> the >> actual spam check results I would *STRONGLY* suggest changing your >> MailScanner.conf to include: >> >> Always Include SpamAssassin Report = yes >> >> >> That aside, are you using DNS checks and URIBLs? >> >> I got a LOT of hits on that message when I tested it locally. I'm using >> SA >> 3.1.0, but most of these tests apply to SA 3.0.4 as well. >> >> Relevant optional features: >> I'm using DNS checks (RBLs responsible for 10.1 points) >> I'm using URIBLs with uribl.com lists added on (8.2 points) >> I'm using Razor (1.7 points) >> I'm using DCC (2.2 points) >> I'm using 70_sare_specific.cf from rulesemporium.com (0.2 points) >> I'm using bayes (1.0 points) >> >> Content analysis details: (26.1 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- -------------------------------------------------- >> 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% >> [score: 0.6448] >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 0.2 SARE_SPEC_LEO_LINE03f RAW: common Leo body text >> 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level >> above 50% >> [cf: 100] >> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) >> 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level >> above 50% >> [cf: 100] >> 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% >> [cf: 100] >> 2.2 DCC_CHECK Listed in DCC >> (http://rhyolite.com/anti-spam/dcc/) >> 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP >> address >> [216.230.157.133 listed in dnsbl.sorbs.net] >> 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org >> [] >> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net >> [Blocked - see >> ] >> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL >> [216.230.157.133 listed in >> sbl-xbl.spamhaus.org] >> 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist >> [URIs: artistisen.com] >> 2.5 URIBL_BLACK Contains an URL listed in the URIBL blacklist >> [URIs: artistisen.com] >> 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL >> blocklist >> [URIs: artistisen.com] >> 0.8 DIGEST_MULTIPLE Message hits more than one network digest >> check >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 14:13:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I uncomment this in mailscanner.conf Spam List = ORDB-RBL SBL+XBL Also added this to spam.assassin.prefs.conf # JP data was taken out of the WS and SC SURBL zone files # JP will be a separate list in SA 3.1 urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html tflags URIBL_JP_SURBL net score URIBL_JP_SURBL 4.0 Restarted mailscanner and SA Have not see any notciable increase in system load yet... Rob... ----- Original Message ----- From: "Pete Russell" To: Sent: Thursday, November 03, 2005 8:58 PM Subject: Re: Lots ne wmedical related spam... > How do I find out which URIBL i have enabled? Or turn on more of the ones > that are built in? Because i dont see all of those in my reports. > Thanks > Pete > > Matt Kettler wrote: >> Rob wrote: >> >>>The source as form MS outlook express... >>> >> >> >> >> >> Well, you're not set up to generate spamcheck headers for nonspam.. >> That's such >> a horridly lame default in MailScanner. >> >> Unless you're ready/willing to grep your maillogs for the SMTP ID to find >> the >> actual spam check results I would *STRONGLY* suggest changing your >> MailScanner.conf to include: >> >> Always Include SpamAssassin Report = yes >> >> >> That aside, are you using DNS checks and URIBLs? >> >> I got a LOT of hits on that message when I tested it locally. I'm using >> SA >> 3.1.0, but most of these tests apply to SA 3.0.4 as well. >> >> Relevant optional features: >> I'm using DNS checks (RBLs responsible for 10.1 points) >> I'm using URIBLs with uribl.com lists added on (8.2 points) >> I'm using Razor (1.7 points) >> I'm using DCC (2.2 points) >> I'm using 70_sare_specific.cf from rulesemporium.com (0.2 points) >> I'm using bayes (1.0 points) >> >> Content analysis details: (26.1 points, 5.0 required) >> >> pts rule name description >> ---- ---------------------- -------------------------------------------------- >> 1.0 BAYES_60 BODY: Bayesian spam probability is 60 to 80% >> [score: 0.6448] >> 0.0 HTML_MESSAGE BODY: HTML included in message >> 0.2 SARE_SPEC_LEO_LINE03f RAW: common Leo body text >> 1.5 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level >> above 50% >> [cf: 100] >> 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) >> 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level >> above 50% >> [cf: 100] >> 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% >> [cf: 100] >> 2.2 DCC_CHECK Listed in DCC >> (http://rhyolite.com/anti-spam/dcc/) >> 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP >> address >> [216.230.157.133 listed in dnsbl.sorbs.net] >> 2.6 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org >> [] >> 1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net >> [Blocked - see >> ] >> 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL >> [216.230.157.133 listed in >> sbl-xbl.spamhaus.org] >> 1.6 URIBL_SBL Contains an URL listed in the SBL blocklist >> [URIs: artistisen.com] >> 2.5 URIBL_BLACK Contains an URL listed in the URIBL blacklist >> [URIs: artistisen.com] >> 4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL >> blocklist >> [URIs: artistisen.com] >> 0.8 DIGEST_MULTIPLE Message hits more than one network digest >> check >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Fri Nov 4 13:46:52 2005 From: w.reimink at GMAIL.COM (Wijnand Reimink) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Thanx for your response, Maybe I have to reconsider signing outgoing messages. That would indeed be an option Thank You Wijnand ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Fri Nov 4 13:46:52 2005 From: w.reimink at GMAIL.COM (Wijnand Reimink) Date: Thu Jan 12 21:31:07 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Thanx for your response, Maybe I have to reconsider signing outgoing messages. That would indeed be an option Thank You Wijnand ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:01:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I uncomment this in mailscanner.conf > > Spam List = ORDB-RBL SBL+XBL > > Also added this to spam.assassin.prefs.conf > > # JP data was taken out of the WS and SC SURBL zone files > # JP will be a separate list in SA 3.1 > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! Those rules already exist in the SA default config. You do not enable URIBLs by adding rules.. you enable them by loading the plugin. (see /etc/mail/spamassassin/*.pre) Force-adding the rules without the plugin loaded will cause parse errors in your config!!!!!!!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:01:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I uncomment this in mailscanner.conf > > Spam List = ORDB-RBL SBL+XBL > > Also added this to spam.assassin.prefs.conf > > # JP data was taken out of the WS and SC SURBL zone files > # JP will be a separate list in SA 3.1 > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > describe URIBL_JP_SURBL Has URI in JP at http://www.surbl.org/lists.html > tflags URIBL_JP_SURBL net > > score URIBL_JP_SURBL 4.0 OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! Those rules already exist in the SA default config. You do not enable URIBLs by adding rules.. you enable them by loading the plugin. (see /etc/mail/spamassassin/*.pre) Force-adding the rules without the plugin loaded will cause parse errors in your config!!!!!!!! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 16:09:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: Added in by default to SA 3.0.4 ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: 04 November 2005 16:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Lots ne wmedical related spam... > > Rob wrote: > > I uncomment this in mailscanner.conf > > > > Spam List = ORDB-RBL SBL+XBL > > > > Also added this to spam.assassin.prefs.conf > > > > # JP data was taken out of the WS and SC SURBL zone files > > # JP will be a separate list in SA 3.1 > > > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > > describe URIBL_JP_SURBL Has URI in JP at > http://www.surbl.org/lists.html > > tflags URIBL_JP_SURBL net > > > > score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 4 16:09:57 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: Added in by default to SA 3.0.4 ... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Matt Kettler > Sent: 04 November 2005 16:01 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Lots ne wmedical related spam... > > Rob wrote: > > I uncomment this in mailscanner.conf > > > > Spam List = ORDB-RBL SBL+XBL > > > > Also added this to spam.assassin.prefs.conf > > > > # JP data was taken out of the WS and SC SURBL zone files > > # JP will be a separate list in SA 3.1 > > > > urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 > > body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') > > describe URIBL_JP_SURBL Has URI in JP at > http://www.surbl.org/lists.html > > tflags URIBL_JP_SURBL net > > > > score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:10:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done... Sorry man, i do not get to play with SA or MS much, just not enough time. In the past default settings after install were always sufficient to fight spam, but now its more tough..... so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this back out too? I do not have any files in my /etc/mail/spamassassin that are *.pre Here is what i have 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_evilnum0.cf 70_sare_genlsubj.cf 70_sare_header.cf 70_sare_html.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_ratware.cf 70_sare_specific.cf 70_sare_spoof.cf 72_sare_bml_post25x.cf 72_sare_redirect_post3.0.0.cf 99_sare_fraud_post25x.cf directory -->RulesDuJour antidrug.cf bogus-virus-warnings.cf local.cf random.cf tripwire.cf Thanks and i really appriciate all the help i get on this list. :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:01 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> I uncomment this in mailscanner.conf >> >> Spam List = ORDB-RBL SBL+XBL >> >> Also added this to spam.assassin.prefs.conf >> >> # JP data was taken out of the WS and SC SURBL zone files >> # JP will be a separate list in SA 3.1 >> >> urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 >> body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') >> describe URIBL_JP_SURBL Has URI in JP at >> http://www.surbl.org/lists.html >> tflags URIBL_JP_SURBL net >> >> score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:10:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Done... Sorry man, i do not get to play with SA or MS much, just not enough time. In the past default settings after install were always sufficient to fight spam, but now its more tough..... so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this back out too? I do not have any files in my /etc/mail/spamassassin that are *.pre Here is what i have 70_sare_adult.cf 70_sare_bayes_poison_nxm.cf 70_sare_evilnum0.cf 70_sare_genlsubj.cf 70_sare_header.cf 70_sare_html.cf 70_sare_oem.cf 70_sare_random.cf 70_sare_ratware.cf 70_sare_specific.cf 70_sare_spoof.cf 72_sare_bml_post25x.cf 72_sare_redirect_post3.0.0.cf 99_sare_fraud_post25x.cf directory -->RulesDuJour antidrug.cf bogus-virus-warnings.cf local.cf random.cf tripwire.cf Thanks and i really appriciate all the help i get on this list. :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:01 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> I uncomment this in mailscanner.conf >> >> Spam List = ORDB-RBL SBL+XBL >> >> Also added this to spam.assassin.prefs.conf >> >> # JP data was taken out of the WS and SC SURBL zone files >> # JP will be a separate list in SA 3.1 >> >> urirhssub URIBL_JP_SURBL multi.surbl.org. A 64 >> body URIBL_JP_SURBL eval:check_uridnsbl('URIBL_JP_SURBL') >> describe URIBL_JP_SURBL Has URI in JP at >> http://www.surbl.org/lists.html >> tflags URIBL_JP_SURBL net >> >> score URIBL_JP_SURBL 4.0 > > > > OUCH! STOP! REMOVE THAT AT ONCE!!!!!!!! > > Those rules already exist in the SA default config. You do not enable > URIBLs by > adding rules.. you enable them by loading the plugin. (see > /etc/mail/spamassassin/*.pre) > > Force-adding the rules without the plugin loaded will cause parse errors > in your > config!!!!!!!! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:20:17 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Done... > > Sorry man, i do not get to play with SA or MS much, just not enough > time. In the past default settings after install were always sufficient > to fight spam, but now its more tough..... > > so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this > back out too? That isn't a SA thing.. So it doesn't matter. That enables RBL checking in MailScanner. Any message matching one of those RBLs will be spam tagged, no matter what SpamAssassin says. I personally have yet to see an RBL I trust enough to be an absolute spam criteria, but your results and sensitivity to FPs may differ from mine. > > I do not have any files in my /etc/mail/spamassassin that are *.pre Then you don't have a proper install of SA 3.0.0 or higher. Did you install from a distro-package, or from the source tarball? SA 3.0.0 and higher should add "init.pre". SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) If the init.pre is missing, and you installed from a distro package, send the maintainer a nastygram and re-install from the tarball. (who knows what other files they neglected to put in the right places) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:20:17 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Done... > > Sorry man, i do not get to play with SA or MS much, just not enough > time. In the past default settings after install were always sufficient > to fight spam, but now its more tough..... > > so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this > back out too? That isn't a SA thing.. So it doesn't matter. That enables RBL checking in MailScanner. Any message matching one of those RBLs will be spam tagged, no matter what SpamAssassin says. I personally have yet to see an RBL I trust enough to be an absolute spam criteria, but your results and sensitivity to FPs may differ from mine. > > I do not have any files in my /etc/mail/spamassassin that are *.pre Then you don't have a proper install of SA 3.0.0 or higher. Did you install from a distro-package, or from the source tarball? SA 3.0.0 and higher should add "init.pre". SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) If the init.pre is missing, and you installed from a distro package, send the maintainer a nastygram and re-install from the tarball. (who knows what other files they neglected to put in the right places) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Nov 4 16:27:37 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:07 2006 Subject: Time::HiRes for MessageBatch timing Message-ID: Julian, Per my recent request for batch timing in the logs, please look at my suggested changes for MessageBatch.pm (attached, against 4.47.4). My changes have NOT been tested at all, so I don't know if this will work. The changes: * added Time::HiRes for timing the start and end timing on a batch of messages. * changed output of information in EndBatch from integer to float * Added a "Batch Completed in x.x seconds" syslog, even if "Log Speed" is not turned on in the config file. Please see if my idea makes sense. Since HighRes is required for SpamAssassin, why not use it here too to give better info? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "MessageBatch.pm.diffs") 51 lines. ] [ Unable to print this part. ] From rob at THEHOSTMASTERS.COM Fri Nov 4 16:26:12 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] i am using 3.04 on Debian 3 dpkg -l |grep spam ii mailscanner 4.41.3-2 email virus scanner and spam tagger ii spamassassin 3.0.4-2 Perl-based spam filter using text analysis ii spamc 3.0.4-2 Client for SpamAssassin spam filtering daemo i will get the tarball and get the .pre files from it then? I like to use the apt-get as it makes it easy to maintain a bunch of servers... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:20 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> Done... >> >> Sorry man, i do not get to play with SA or MS much, just not enough >> time. In the past default settings after install were always sufficient >> to fight spam, but now its more tough..... >> >> so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this >> back out too? > > That isn't a SA thing.. So it doesn't matter. That enables RBL checking in > MailScanner. Any message matching one of those RBLs will be spam tagged, > no > matter what SpamAssassin says. > > I personally have yet to see an RBL I trust enough to be an absolute spam > criteria, but your results and sensitivity to FPs may differ from mine. >> >> I do not have any files in my /etc/mail/spamassassin that are *.pre > > Then you don't have a proper install of SA 3.0.0 or higher. Did you > install from > a distro-package, or from the source tarball? > > SA 3.0.0 and higher should add "init.pre". > SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) > > > If the init.pre is missing, and you installed from a distro package, send > the > maintainer a nastygram and re-install from the tarball. (who knows what > other > files they neglected to put in the right places) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:26:12 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] i am using 3.04 on Debian 3 dpkg -l |grep spam ii mailscanner 4.41.3-2 email virus scanner and spam tagger ii spamassassin 3.0.4-2 Perl-based spam filter using text analysis ii spamc 3.0.4-2 Client for SpamAssassin spam filtering daemo i will get the tarball and get the .pre files from it then? I like to use the apt-get as it makes it easy to maintain a bunch of servers... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:20 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> Done... >> >> Sorry man, i do not get to play with SA or MS much, just not enough >> time. In the past default settings after install were always sufficient >> to fight spam, but now its more tough..... >> >> so i leave ...... Spam List = ORDB-RBL SBL+XBL or do i comment this >> back out too? > > That isn't a SA thing.. So it doesn't matter. That enables RBL checking in > MailScanner. Any message matching one of those RBLs will be spam tagged, > no > matter what SpamAssassin says. > > I personally have yet to see an RBL I trust enough to be an absolute spam > criteria, but your results and sensitivity to FPs may differ from mine. >> >> I do not have any files in my /etc/mail/spamassassin that are *.pre > > Then you don't have a proper install of SA 3.0.0 or higher. Did you > install from > a distro-package, or from the source tarball? > > SA 3.0.0 and higher should add "init.pre". > SA 3.1.0 and higher should add "v310.pre" (in addition to init.pre) > > > If the init.pre is missing, and you installed from a distro package, send > the > maintainer a nastygram and re-install from the tarball. (who knows what > other > files they neglected to put in the right places) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jaearick at COLBY.EDU Fri Nov 4 16:27:37 2005 From: jaearick at COLBY.EDU (Jeff A. Earickson) Date: Thu Jan 12 21:31:07 2006 Subject: Time::HiRes for MessageBatch timing Message-ID: Julian, Per my recent request for batch timing in the logs, please look at my suggested changes for MessageBatch.pm (attached, against 4.47.4). My changes have NOT been tested at all, so I don't know if this will work. The changes: * added Time::HiRes for timing the start and end timing on a batch of messages. * changed output of information in EndBatch from integer to float * Added a "Batch Completed in x.x seconds" syslog, even if "Log Speed" is not turned on in the config file. Please see if my idea makes sense. Since HighRes is required for SpamAssassin, why not use it here too to give better info? Jeff Earickson Colby College ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "" Text/PLAIN (Name: "MessageBatch.pm.diffs") 51 lines. ] [ Unable to print this part. ] From mkettler at EVI-INC.COM Fri Nov 4 16:36:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i am using 3.04 on Debian 3 > > dpkg -l |grep spam > ii mailscanner 4.41.3-2 email virus scanner and spam tagger > ii spamassassin 3.0.4-2 Perl-based spam filter using text > analysis > ii spamc 3.0.4-2 Client for SpamAssassin spam filtering > daemo > > i will get the tarball and get the .pre files from it then? > > I like to use the apt-get as it makes it easy to maintain a bunch of > servers... > Ooooooh.. wait.. you've got a bigger problem... debian uses /etc/spamassassin as their siteconfig. You should not have an /etc/mail/spamassassin directory at all. Move your files up to the proper siteconfig path and rmdir /etc/mail/spamassassin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 16:36:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > i am using 3.04 on Debian 3 > > dpkg -l |grep spam > ii mailscanner 4.41.3-2 email virus scanner and spam tagger > ii spamassassin 3.0.4-2 Perl-based spam filter using text > analysis > ii spamc 3.0.4-2 Client for SpamAssassin spam filtering > daemo > > i will get the tarball and get the .pre files from it then? > > I like to use the apt-get as it makes it easy to maintain a bunch of > servers... > Ooooooh.. wait.. you've got a bigger problem... debian uses /etc/spamassassin as their siteconfig. You should not have an /etc/mail/spamassassin directory at all. Move your files up to the proper siteconfig path and rmdir /etc/mail/spamassassin. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:42:42 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /etc/mail/spamassassin is a link to /etc/spamassassin That should be ok, no? I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:42:42 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] /etc/mail/spamassassin is a link to /etc/spamassassin That should be ok, no? I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:46:01 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] looks like i finally got this guy marked now.... Return-Path: X-Original-To: hostmaster@thednsguys.com Delivered-To: rob@thehostmasters.com Received: from tcsnet.com (ile74-1-82-244-22-62.fbx.proxad.net [82.244.22.62]) by stewy (Postfix) with SMTP id 30EDFBF4A for ; Fri, 4 Nov 2005 09:43:21 -0500 (EST) From: "Lindsie Bucholtz" To: "Gioachino Raminez" Message-ID: <000401c5e14e$75347d00$c430a8c0@unhung> Subject: {Spam?} Re: Darrens just think about it Date: Fri, 4 Nov 2005 09:45:54 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E124.8C5E7500" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: spam, SBL+XBL, SpamAssassin (score=0.063, required 4, BAYES_50 0.00, HTML_90_100 0.02, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 0.04) X-MailScanner-From: linds@tcsnet.com Yuppie!! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 16:46:01 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] looks like i finally got this guy marked now.... Return-Path: X-Original-To: hostmaster@thednsguys.com Delivered-To: rob@thehostmasters.com Received: from tcsnet.com (ile74-1-82-244-22-62.fbx.proxad.net [82.244.22.62]) by stewy (Postfix) with SMTP id 30EDFBF4A for ; Fri, 4 Nov 2005 09:43:21 -0500 (EST) From: "Lindsie Bucholtz" To: "Gioachino Raminez" Message-ID: <000401c5e14e$75347d00$c430a8c0@unhung> Subject: {Spam?} Re: Darrens just think about it Date: Fri, 4 Nov 2005 09:45:54 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E124.8C5E7500" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: spam, SBL+XBL, SpamAssassin (score=0.063, required 4, BAYES_50 0.00, HTML_90_100 0.02, HTML_MESSAGE 0.00, MIME_QP_LONG_LINE 0.04) X-MailScanner-From: linds@tcsnet.com Yuppie!! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 11:36 AM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> i am using 3.04 on Debian 3 >> >> dpkg -l |grep spam >> ii mailscanner 4.41.3-2 email virus scanner and spam tagger >> ii spamassassin 3.0.4-2 Perl-based spam filter using text >> analysis >> ii spamc 3.0.4-2 Client for SpamAssassin spam filtering >> daemo >> >> i will get the tarball and get the .pre files from it then? >> >> I like to use the apt-get as it makes it easy to maintain a bunch of >> servers... >> > Ooooooh.. wait.. you've got a bigger problem... > > > debian uses /etc/spamassassin as their siteconfig. > > You should not have an /etc/mail/spamassassin directory at all. > > Move your files up to the proper siteconfig path and rmdir > /etc/mail/spamassassin. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 17:26:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > /etc/mail/spamassassin is a link to /etc/spamassassin > > That should be ok, no? Yes, it should be fine.. SA will look for both (and a few others in places) and use the first one it finds. For what it's worth, here's SA's search order, as of SA 3.1.0 @site_rules_path = ( '__local_rules_dir__', '__prefix__/etc/mail/spamassassin', '__prefix__/etc/spamassassin', '/usr/local/etc/spamassassin', '/usr/pkg/etc/spamassassin', '/usr/etc/spamassassin', '/etc/mail/spamassassin', '/etc/spamassassin', ); where __local_rules_dir__ is a variable optionally passed to perl Makefile.pm. > > I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 17:26:41 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > /etc/mail/spamassassin is a link to /etc/spamassassin > > That should be ok, no? Yes, it should be fine.. SA will look for both (and a few others in places) and use the first one it finds. For what it's worth, here's SA's search order, as of SA 3.1.0 @site_rules_path = ( '__local_rules_dir__', '__prefix__/etc/mail/spamassassin', '__prefix__/etc/spamassassin', '/usr/local/etc/spamassassin', '/usr/pkg/etc/spamassassin', '/usr/etc/spamassassin', '/etc/mail/spamassassin', '/etc/spamassassin', ); where __local_rules_dir__ is a variable optionally passed to perl Makefile.pm. > > I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and restart > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 17:40:08 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I also just installed Razor via apt-get install razor and ran..... razor-client razor-admin --create razor-admin --register The docs with debian say nothing else to do as SA will see razor is installed and use it... that seems a little too magically for me.... is there anything i should do to test that razor is installed properly? Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 12:26 PM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> /etc/mail/spamassassin is a link to /etc/spamassassin >> >> That should be ok, no? > > Yes, it should be fine.. SA will look for both (and a few others in > places) and > use the first one it finds. > > For what it's worth, here's SA's search order, as of SA 3.1.0 > > @site_rules_path = ( > '__local_rules_dir__', > '__prefix__/etc/mail/spamassassin', > '__prefix__/etc/spamassassin', > '/usr/local/etc/spamassassin', > '/usr/pkg/etc/spamassassin', > '/usr/etc/spamassassin', > '/etc/mail/spamassassin', > '/etc/spamassassin', > ); > > where __local_rules_dir__ is a variable optionally passed to perl > Makefile.pm. > > > >> >> I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and >> restart >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 17:40:08 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I also just installed Razor via apt-get install razor and ran..... razor-client razor-admin --create razor-admin --register The docs with debian say nothing else to do as SA will see razor is installed and use it... that seems a little too magically for me.... is there anything i should do to test that razor is installed properly? Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 12:26 PM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> /etc/mail/spamassassin is a link to /etc/spamassassin >> >> That should be ok, no? > > Yes, it should be fine.. SA will look for both (and a few others in > places) and > use the first one it finds. > > For what it's worth, here's SA's search order, as of SA 3.1.0 > > @site_rules_path = ( > '__local_rules_dir__', > '__prefix__/etc/mail/spamassassin', > '__prefix__/etc/spamassassin', > '/usr/local/etc/spamassassin', > '/usr/pkg/etc/spamassassin', > '/usr/etc/spamassassin', > '/etc/mail/spamassassin', > '/etc/spamassassin', > ); > > where __local_rules_dir__ is a variable optionally passed to perl > Makefile.pm. > > > >> >> I just untarred SA 3.04 and cp init.pre into /etc/spamassassin and >> restart >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 18:00:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I also just installed Razor via apt-get install razor and ran..... > > razor-client > razor-admin --create > razor-admin --register > > The docs with debian say nothing else to do as SA will see razor is > installed and use it... that seems a little too magically for me.... is > there anything i should do to test that razor is installed properly? > > Thanks... Actually, if you're using SA 3.1.0, you need to enable the razor plugin in v310.pre. However, in SA 3.0.x, and lower it's purely automatic. If you want to see if razor is found by SA, you can run spamassassin --lint -D. You should see a pile of razor related lines in the debug output. SA 3.1.0 should have this in the debug output: ---------------- [9612] dbg: diag: module installed: Razor2::Client::Agent, version 2.71 [9612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [9612] dbg: razor2: razor2 is available, version 2.7 [9612] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [9612] dbg: razor2: results: spam? 0 [9612] dbg: razor2: results: engine 8, highest cf score: 0 [9612] dbg: razor2: results: engine 4, highest cf score: 0 [9612] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Pl ugin::Razor2=HASH(0x9174f0c)) [9612] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plu gin::Pyzor=HASH(0x90e9d34)) ---------------- 3.0.4 will have similar output, but it won't have anything about plugins.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Fri Nov 4 18:00:02 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:07 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > I also just installed Razor via apt-get install razor and ran..... > > razor-client > razor-admin --create > razor-admin --register > > The docs with debian say nothing else to do as SA will see razor is > installed and use it... that seems a little too magically for me.... is > there anything i should do to test that razor is installed properly? > > Thanks... Actually, if you're using SA 3.1.0, you need to enable the razor plugin in v310.pre. However, in SA 3.0.x, and lower it's purely automatic. If you want to see if razor is found by SA, you can run spamassassin --lint -D. You should see a pile of razor related lines in the debug output. SA 3.1.0 should have this in the debug output: ---------------- [9612] dbg: diag: module installed: Razor2::Client::Agent, version 2.71 [9612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC [9612] dbg: razor2: razor2 is available, version 2.7 [9612] dbg: razor2: part=0 engine=4 contested=0 confidence=0 [9612] dbg: razor2: results: spam? 0 [9612] dbg: razor2: results: engine 8, highest cf score: 0 [9612] dbg: razor2: results: engine 4, highest cf score: 0 [9612] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Pl ugin::Razor2=HASH(0x9174f0c)) [9612] dbg: plugin: registering glue method for check_pyzor (Mail::SpamAssassin::Plu gin::Pyzor=HASH(0x90e9d34)) ---------------- 3.0.4 will have similar output, but it won't have anything about plugins.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:08:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: update_phishing_sites script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fair enough. Done. I added /usr/etc as well just in case (IRIX users will appreciate this). Jeff A. Earickson wrote: > Julian, > > After upgrading to 4.47.2, I surmised that I needed a > daily cronjob to run update_phishing_sites, to get the > latest info from you. So I added one. It failed, > since root does not have /usr/local/bin in its path > on my box. I suggest the following addition to update_phishing_sites: > > *** update_phishing_sites.orig Thu Nov 3 08:33:10 2005 > --- update_phishing_sites Thu Nov 3 08:36:12 2005 > *************** > *** 31,36 **** > --- 31,38 ---- > # United Kingdom > # > > + PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin > + > if [ -d /opt/MailScanner/etc ]; then > cd /opt/MailScanner/etc > else > > Jeff Earickson > Colby College > > PS. Sorry to hear about your fire. When are you going > to start writing "FireScanner"? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:08:08 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: update_phishing_sites script Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Fair enough. Done. I added /usr/etc as well just in case (IRIX users will appreciate this). Jeff A. Earickson wrote: > Julian, > > After upgrading to 4.47.2, I surmised that I needed a > daily cronjob to run update_phishing_sites, to get the > latest info from you. So I added one. It failed, > since root does not have /usr/local/bin in its path > on my box. I suggest the following addition to update_phishing_sites: > > *** update_phishing_sites.orig Thu Nov 3 08:33:10 2005 > --- update_phishing_sites Thu Nov 3 08:36:12 2005 > *************** > *** 31,36 **** > --- 31,38 ---- > # United Kingdom > # > > + PATH=/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin > + > if [ -d /opt/MailScanner/etc ]; then > cd /opt/MailScanner/etc > else > > Jeff Earickson > Colby College > > PS. Sorry to hear about your fire. When are you going > to start writing "FireScanner"? > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:25:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All you need to do is make rulesets for the configuration options you need to change, such as the inline.sig.txt report, each of which contains the hardcoded domain names you want and doesn't use the %variables%. You can't use rulesets for the %variables%, but you just need to hard code that text into the report and then have a different report file for each customer's domain, and use a ruleset to switch between the rulees depending on the customer sending the mail. Read the book or the wiki for a plentiful supply of examples and tutorials on this. Wijnand Reimink wrote: >Thanx for your response, > >Maybe I have to reconsider signing outgoing messages. >That would indeed be an option > >Thank You > >Wijnand > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 18:25:25 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] All you need to do is make rulesets for the configuration options you need to change, such as the inline.sig.txt report, each of which contains the hardcoded domain names you want and doesn't use the %variables%. You can't use rulesets for the %variables%, but you just need to hard code that text into the report and then have a different report file for each customer's domain, and use a ruleset to switch between the rulees depending on the customer sending the mail. Read the book or the wiki for a plentiful supply of examples and tutorials on this. Wijnand Reimink wrote: >Thanx for your response, > >Maybe I have to reconsider signing outgoing messages. >That would indeed be an option > >Thank You > >Wijnand > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From w.reimink at GMAIL.COM Fri Nov 4 19:03:09 2005 From: w.reimink at GMAIL.COM (Wijnand Reimink) Date: Thu Jan 12 21:31:08 2006 Subject: Value of the variables %org-name% %org-long-name% %web-site% set by a ruleset Message-ID: Fair enough ! I Will buy the book and this way make a donation to your project ! Grtz Wijnand ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Fri Nov 4 19:15:38 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:08 2006 Subject: Lots ne wmedical related spam... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yup i see a bunch of razor stuff spewing out, cool... Thanks guy for all the help! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Friday, November 04, 2005 1:00 PM Subject: Re: Lots ne wmedical related spam... > Rob wrote: >> I also just installed Razor via apt-get install razor and ran..... >> >> razor-client >> razor-admin --create >> razor-admin --register >> >> The docs with debian say nothing else to do as SA will see razor is >> installed and use it... that seems a little too magically for me.... is >> there anything i should do to test that razor is installed properly? >> >> Thanks... > > Actually, if you're using SA 3.1.0, you need to enable the razor plugin in > v310.pre. > > However, in SA 3.0.x, and lower it's purely automatic. > > If you want to see if razor is found by SA, you can run > spamassassin --lint -D. > You should see a pile of razor related lines in the debug output. > > > SA 3.1.0 should have this in the debug output: > ---------------- > [9612] dbg: diag: module installed: Razor2::Client::Agent, version 2.71 > > > [9612] dbg: plugin: loading Mail::SpamAssassin::Plugin::Razor2 from @INC > [9612] dbg: razor2: razor2 is available, version 2.7 > > > > > [9612] dbg: razor2: part=0 engine=4 contested=0 confidence=0 > [9612] dbg: razor2: results: spam? 0 > [9612] dbg: razor2: results: engine 8, highest cf score: 0 > [9612] dbg: razor2: results: engine 4, highest cf score: 0 > [9612] dbg: plugin: registering glue method for check_razor2 > (Mail::SpamAssassin::Pl > ugin::Razor2=HASH(0x9174f0c)) > [9612] dbg: plugin: registering glue method for check_pyzor > (Mail::SpamAssassin::Plu > gin::Pyzor=HASH(0x90e9d34)) > > ---------------- > > 3.0.4 will have similar output, but it won't have anything about plugins.. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Fri Nov 4 19:35:30 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: We have Mailscanner setup to block .js/.htm/.exe attachments, but whats happening is when a customer has a zip file that contains any of these files, its blocked as well! How can we allow uninfected .zip thru that contain these file types yet block these types from being primarily attached to emails? Do I just have to start allowing all these file types all together? MailScanner with ClamAV ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Nov 4 19:38:27 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Brian Lewis wrote: > We have Mailscanner setup to block .js/.htm/.exe attachments, but whats > happening is when a customer has a zip file that contains any of these > files, its blocked as well! How can we allow uninfected .zip thru that > contain these file types yet block these types from being primarily > attached to emails? Do I just have to start allowing all these file types > all together? > Have a look in MailScanner.conf You need to find the setting for "scan depth" in zip files. If you set it to "0" zipped .exe's will be allowed through Sorry I can't remember the exact line but it's Friday evening :) Michele -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Fri Nov 4 19:40:45 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight.ie wrote: >Brian Lewis wrote: > > >>We have Mailscanner setup to block .js/.htm/.exe attachments, but whats >>happening is when a customer has a zip file that contains any of these >>files, its blocked as well! How can we allow uninfected .zip thru that >>contain these file types yet block these types from being primarily >>attached to emails? Do I just have to start allowing all these file types >>all together? >> >> >> >Have a look in MailScanner.conf > >You need to find the setting for "scan depth" in zip files. If you set >it to "0" zipped .exe's will be allowed through > >Sorry I can't remember the exact line but it's Friday evening :) > >Michele > > > It is quite dangerous, though, because many viruses travel inside ZIP files nowadays... Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Nov 4 19:46:40 2005 From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin wrote: > It is quite dangerous, though, because many viruses travel inside ZIP > files nowadays... Maybe, but do you want your support staff to spend their entire day releasing blocked exe files? -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 19:53:13 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Michele Neylon :: Blacknight.ie wrote: >Denis Beauchemin wrote: > > >>It is quite dangerous, though, because many viruses travel inside ZIP >>files nowadays... >> >> > >Maybe, but do you want your support staff to spend their entire day >releasing blocked exe files? > > We are shortly going to publish a little managed quarantine retrieval system, so releasing a message attachment for someone is about 2 or 3 clicks. We have a few other issues to contend with at the moment, but hopefully it will be released soon when my colleague has time to finish it off and package it up. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From test at NEXTMILL.NET Fri Nov 4 20:08:58 2005 From: test at NEXTMILL.NET (Brian Lewis) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: Will an infected ZIP still be blocked if ClamAV scans it and identifies a virus inside the zip? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 4 20:26:49 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes. Brian Lewis wrote: >Will an infected ZIP still be blocked if ClamAV scans it and identifies a >virus inside the zip? > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Fri Nov 4 21:34:04 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: Has anyone read this? http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 New%20Exploit/164278_1.aspx Thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Fri Nov 4 21:47:16 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ClamAV isn't on the list, so at least my servers will be fine. I'm going to guess that the file utility will not likely miss-guess the header, so it may be a good idea to have the linux file utility do its job. On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: Has anyone read this? http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 New%20Exploit/164278_1.aspx Thoughts? Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 12:41:23 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, My sendmail system will not accept mail from anything other than localhost. I have tried to telnet onto port 25 from a workstation and it does not connact but if I try from the server it does. What have I missed? Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 13:08:08 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: This exact question came up on the CentOS list yesterday :) Mike ________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig Sent: Saturday, November 05, 2005 7:06 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: Basic Sendmail question Thanks Mike Will give that a go Lance Mike Kercher wrote: Look at your sendmail.mc Your DEAMON_OPTIONS are telling sendmail to listen on 127.0.0.1 Make that line look like mine below, regen your .cf and restart. dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Mike -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 08:55:07 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Guys, I am having trouble finding the place to add the sendmail -bd -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in line to my SUSE box. I have found a sendmail file in the init.d but the entries there do not look anything like the documentation. Can someone enlighten me please. latest MS and SUSE 93 Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jrudd at UCSC.EDU Fri Nov 4 21:49:02 2005 From: jrudd at UCSC.EDU (John Rudd) Date: Thu Jan 12 21:31:08 2006 Subject: Semi-OT: ClamAV Vulnerability Message-ID: Speaking of virus scanner vulnerabilities, here's one for ClamAV: Begin forwarded message: > > This one looks a bit nasty: > > http://lwn.net/Articles/158666/ > > I'd upgrade to ClamAV 0.87.1 if you run Clam. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Sat Nov 5 07:48:40 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:08 2006 Subject: quarnatine release not working Message-ID: I've tried to release a e-mail that was quarantined, but it has not shown up. When looking at the listing it shows up "green" and marked 'W/L" but still no e-mail. Any idea how to release this e-mail? Regards, Jon L. Miller, ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl "I don't know the key to success, but the key to failure is trying to please everybody." -Bill Cosby ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Sat Nov 5 08:02:27 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:08 2006 Subject: quarantined mail Message-ID: This is the error I just discovered form MS after trying to release the mail again, anyone care to enlighten me as to what this all means. SA Learn: error code 13 returned from sa-learn: bayes expire_old_tokens: lock: 343 cannot create tmp lockfile /var/lib/MailScanner/bayes.lock.mail.mmtnetworks.com.au.343 for /var/lib/MailScanner/bayes.lock: Permission denied lock: 343 cannot create tmp lockfile /var/lib/MailScanner/bayes.lock.mail.mmtnetworks.com.au.343 for /var/lib/MailScanner/bayes.lock: Permission denied Learned from 0 message(s) (1 message(s) examined). Delete: not deleting file /var/spool/MailScanner/quarantine/20051105/3EBCE1500EC.29828/C1.bmp due to previous errors ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 12:44:24 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: Look at your sendmail.mc Your DEAMON_OPTIONS are telling sendmail to listen on 127.0.0.1 Make that line look like mine below, regen your .cf and restart. dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 6:41 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Basic Sendmail question > > Hi, > > My sendmail system will not accept mail from anything other > than localhost. > > I have tried to telnet onto port 25 from a workstation and it > does not connact but if I try from the server it does. > > What have I missed? > > Lance > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Fri Nov 4 22:01:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:08 2006 Subject: Stop blocking content inside zips Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Denis Beauchemin spake the following on 11/4/2005 11:40 AM: > Michele Neylon :: Blacknight.ie wrote: > >> Brian Lewis wrote: >> >> >>> We have Mailscanner setup to block .js/.htm/.exe attachments, but >>> whats happening is when a customer has a zip file that contains any >>> of these files, its blocked as well! How can we allow uninfected >>> .zip thru that contain these file types yet block these types from >>> being primarily attached to emails? Do I just have to start allowing >>> all these file types all together? >>> >>> >> >> Have a look in MailScanner.conf >> >> You need to find the setting for "scan depth" in zip files. If you set >> it to "0" zipped .exe's will be allowed through >> >> Sorry I can't remember the exact line but it's Friday evening :) >> >> Michele >> >> >> > It is quite dangerous, though, because many viruses travel inside ZIP > files nowadays... > > Denis > But it doesn't stop the virus scanners from checking zip files, just the filename/filetype filters. But I guess it could get a little dangerous if something goes through before the virus scanner updates are out. With daily updates,and 3 virus scanners, I haven't had this for a year or more. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 13:06:26 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Mike Will give that a go Lance Mike Kercher wrote: Look at your sendmail.mc Your DEAMON_OPTIONS are telling sendmail to listen on 127.0.0.1 Make that line look like mine below, regen your .cf and restart. dnl # dnl # The following causes sendmail to only listen on the IPv4 loopback address dnl # 127.0.0.1 and not on any other network devices. Remove the loopback dnl # address restriction to accept email from the internet or intranet. dnl # DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Mike -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 13:27:36 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Unfortunately that did not work for me mike :-( Any other ideas as to what might be wrong? Thanks Lance Mike Kercher wrote: >This exact question came up on the CentOS list yesterday :) > >Mike > > > >________________________________ > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 7:06 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Basic Sendmail question > > > Thanks Mike > > Will give that a go > > Lance > > Mike Kercher wrote: > > Look at your sendmail.mc Your DEAMON_OPTIONS are telling >sendmail to listen > on 127.0.0.1 Make that line look like mine below, regen >your .cf and > restart. > > > dnl # > dnl # The following causes sendmail to only listen on the >IPv4 loopback > address dnl # 127.0.0.1 and not on any other network >devices. Remove the > loopback dnl # address restriction to accept email from the >internet or > intranet. > dnl # > DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl > > > Mike > > > > -----Original Message----- > From: MailScanner mailing list > > ------------------------ MailScanner list >------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk > with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki >(http://wiki.mailscanner.info/) > and > the archives >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off >the website! > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 13:41:26 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: Can you send me your sendmail.mc? Did you restart MailScanner after rebuilding your sendmail.cf? Did you rebuild your sendmail.cf? Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 7:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Basic Sendmail question > > Unfortunately that did not work for me mike :-( > > Any other ideas as to what might be wrong? > > Thanks > > Lance > > > Mike Kercher wrote: > > >This exact question came up on the CentOS list yesterday :) > > > >Mike > > > > > > > >________________________________ > > > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >On Behalf Of Lance Haig > > Sent: Saturday, November 05, 2005 7:06 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Basic Sendmail question > > > > > > Thanks Mike > > > > Will give that a go > > > > Lance > > > > Mike Kercher wrote: > > > > Look at your sendmail.mc Your DEAMON_OPTIONS > are telling sendmail to > >listen > > on 127.0.0.1 Make that line look like mine > below, regen your .cf and > > restart. > > > > > > dnl # > > dnl # The following causes sendmail to only > listen on the > >IPv4 loopback > > address dnl # 127.0.0.1 and not on any other > network devices. Remove > >the > > loopback dnl # address restriction to accept > email from the internet > >or > > intranet. > > dnl # > > DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl > > > > > > Mike > > > > > > > > -----Original Message----- > > From: MailScanner mailing list > > > > ------------------------ MailScanner list > >------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki > >(http://wiki.mailscanner.info/) > > and > > the archives > >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy > the book off the website! > > > > > >------------------------ MailScanner list > ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Sat Nov 5 13:42:03 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: Is iptables running? Mike > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Lance Haig > Sent: Saturday, November 05, 2005 7:28 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Basic Sendmail question > > Unfortunately that did not work for me mike :-( > > Any other ideas as to what might be wrong? > > Thanks > > Lance > > > Mike Kercher wrote: > > >This exact question came up on the CentOS list yesterday :) > > > >Mike > > > > > > > >________________________________ > > > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] > >On Behalf Of Lance Haig > > Sent: Saturday, November 05, 2005 7:06 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: Basic Sendmail question > > > > > > Thanks Mike > > > > Will give that a go > > > > Lance > > > > Mike Kercher wrote: > > > > Look at your sendmail.mc Your DEAMON_OPTIONS > are telling sendmail to > >listen > > on 127.0.0.1 Make that line look like mine > below, regen your .cf and > > restart. > > > > > > dnl # > > dnl # The following causes sendmail to only > listen on the > >IPv4 loopback > > address dnl # 127.0.0.1 and not on any other > network devices. Remove > >the > > loopback dnl # address restriction to accept > email from the internet > >or > > intranet. > > dnl # > > DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl > > > > > > Mike > > > > > > > > -----Original Message----- > > From: MailScanner mailing list > > > > ------------------------ MailScanner list > >------------------------ > > > > To unsubscribe, email jiscmail@jiscmail.ac.uk > > with the words: > > > > 'leave mailscanner' in the body of the email. > > > > Before posting, read the Wiki > >(http://wiki.mailscanner.info/) > > and > > the archives > >(http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > > > > > Support MailScanner development - buy > the book off the website! > > > > > >------------------------ MailScanner list > ------------------------ To > >unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the > >archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 14:07:40 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Semi-OT: ClamAV Vulnerability Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My ClamAV+SA installation package contains ClamAV 0.87.1. John Rudd wrote: > Speaking of virus scanner vulnerabilities, here's one for ClamAV: > > Begin forwarded message: > >> >> This one looks a bit nasty: >> >> http://lwn.net/Articles/158666/ >> >> I'd upgrade to ClamAV 0.87.1 if you run Clam. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 14:10:31 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Mike, iptables is not running. I rebuilt the sendmail.cf and also restarted the whole server. In SUSE the sendmail.cf is called linux.cf attached is mine. Thanks Lance Mike Kercher wrote: Can you send me your sendmail.mc? Did you restart MailScanner after rebuilding your sendmail.cf? Did you rebuild your sendmail.cf? Mike -----Original Message----- From: MailScanner mailing list ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Sat Nov 5 14:11:18 2005 From: Dave (Dave) Date: Thu Jan 12 21:31:08 2006 Subject: smX and MailScanner Message-ID: Has nyone tried this yet? -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 14:57:50 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You should be using the SuSE distribution of MailScanner. If you do that, everything will be done for you, just read the instructions in the output at the end of ./install.sh. You don't need to mess with any of this stuff by hand, you'll just get in a bit of a mess :-) Lance Haig wrote: > Hi Guys, > > I am having trouble finding the place to add the > >sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in > > >line to my SUSE box. I have found a sendmail file in the init.d but the entries there do not >look anything like the documentation. > >Can someone enlighten me please. > >latest MS and SUSE 93 > >Thanks > >Lance > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 15:13:52 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian, I think I am in a mess :-) Can I reinstall MS ? When I tried the last time it told me it was already installed. Thanks Lance Julian Field wrote: > You should be using the SuSE distribution of MailScanner. > If you do that, everything will be done for you, just read the > instructions in the output at the end of ./install.sh. > > You don't need to mess with any of this stuff by hand, you'll just get > in a bit of a mess :-) > > Lance Haig wrote: > >> Hi Guys, >> >> I am having trouble finding the place to add the >> >> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >> -OQueueDirectory=/var/spool/mqueue.in >> >> >> line to my SUSE box. I have found a sendmail file in the init.d but >> the entries there do not >> look anything like the documentation. >> >> Can someone enlighten me please. >> >> latest MS and SUSE 93 >> >> Thanks >> >> Lance >> >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> *Support MailScanner development - buy the book off the website!* > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 15:22:32 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] checked the mail log and found this unable to write pid to /var/run/sendmail.pid file in use by another process could that be causeing this? Lance Lance Haig wrote: > Julian, > > I think I am in a mess :-) > > Can I reinstall MS ? When I tried the last time it told me it was > already installed. > > Thanks > > Lance > > > Julian Field wrote: > >> You should be using the SuSE distribution of MailScanner. >> If you do that, everything will be done for you, just read the >> instructions in the output at the end of ./install.sh. >> >> You don't need to mess with any of this stuff by hand, you'll just >> get in a bit of a mess :-) >> >> Lance Haig wrote: >> >>> Hi Guys, >>> >>> I am having trouble finding the place to add the >>> >>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>> -OQueueDirectory=/var/spool/mqueue.in >>> >>> >>> line to my SUSE box. I have found a sendmail file in the init.d but >>> the entries there do not >>> look anything like the documentation. >>> >>> Can someone enlighten me please. >>> >>> latest MS and SUSE 93 >>> >>> Thanks >>> >>> Lance >>> >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 15:24:40 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] This is what is in the sendmail.pid 8384 /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly -OQueueDirectory=/var/spool/mqueue.in -O DaemonPortOptions=Addr=127.0.0.1 -L sendmail-in -Am -bd -om Lance Lance Haig wrote: > Julian, > > I think I am in a mess :-) > > Can I reinstall MS ? When I tried the last time it told me it was > already installed. > > Thanks > > Lance > > > Julian Field wrote: > >> You should be using the SuSE distribution of MailScanner. >> If you do that, everything will be done for you, just read the >> instructions in the output at the end of ./install.sh. >> >> You don't need to mess with any of this stuff by hand, you'll just >> get in a bit of a mess :-) >> >> Lance Haig wrote: >> >>> Hi Guys, >>> >>> I am having trouble finding the place to add the >>> >>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>> -OQueueDirectory=/var/spool/mqueue.in >>> >>> >>> line to my SUSE box. I have found a sendmail file in the init.d but >>> the entries there do not >>> look anything like the documentation. >>> >>> Can someone enlighten me please. >>> >>> latest MS and SUSE 93 >>> >>> Thanks >>> >>> Lance >>> >>> >>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> *Support MailScanner development - buy the book off the website!* >> >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 15:33:20 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] You certainly don't want the DaemonPortOptions settings you have got, that will stop it receiving mail from the outside world. If you want me to log in remotely and fix it all up for you, give me a shout off list with access details and passwords. Be warned that I will expect some sort of recompense for doing this for you, I can't always work for nothing :-) But I can probably sort you out fairly quickly. Lance Haig wrote: > This is what is in the sendmail.pid > > 8384 > /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly > -OQueueDirectory=/var/spool/mqueue.in -O > DaemonPortOptions=Addr=127.0.0.1 -L sendmail-in -Am -bd -om > > > Lance > > Lance Haig wrote: > >> Julian, >> >> I think I am in a mess :-) >> >> Can I reinstall MS ? When I tried the last time it told me it was >> already installed. >> >> Thanks >> >> Lance >> >> >> Julian Field wrote: >> >>> You should be using the SuSE distribution of MailScanner. >>> If you do that, everything will be done for you, just read the >>> instructions in the output at the end of ./install.sh. >>> >>> You don't need to mess with any of this stuff by hand, you'll just >>> get in a bit of a mess :-) >>> >>> Lance Haig wrote: >>> >>>> Hi Guys, >>>> >>>> I am having trouble finding the place to add the >>>> >>>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>>> -OQueueDirectory=/var/spool/mqueue.in >>>> >>>> >>>> line to my SUSE box. I have found a sendmail file in the init.d but >>>> the entries there do not >>>> look anything like the documentation. >>>> >>>> Can someone enlighten me please. >>>> >>>> latest MS and SUSE 93 >>>> >>>> Thanks >>>> >>>> Lance >>>> >>>> >>>> >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> *Support MailScanner development - buy the book off the website!* >>> >>> >>> >>> >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Sat Nov 5 16:00:18 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:08 2006 Subject: Adding line in SUSE for sendmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, I solved the problem by running the SUSE sendmail setup from YAST It then allowed me to recieve mail from anyone. Thanks for the offer though. Lance Julian Field wrote: > You certainly don't want the DaemonPortOptions settings you have got, > that will stop it receiving mail from the outside world. > > If you want me to log in remotely and fix it all up for you, give me a > shout off list with access details and passwords. Be warned that I > will expect some sort of recompense for doing this for you, I can't > always work for nothing :-) > > But I can probably sort you out fairly quickly. > > Lance Haig wrote: > >> This is what is in the sendmail.pid >> >> 8384 >> /usr/sbin/sendmail -OPrivacyOptions=noetrn -ODeliveryMode=queueonly >> -OQueueDirectory=/var/spool/mqueue.in -O >> DaemonPortOptions=Addr=127.0.0.1 -L sendmail-in -Am -bd -om >> >> >> Lance >> >> Lance Haig wrote: >> >>> Julian, >>> >>> I think I am in a mess :-) >>> >>> Can I reinstall MS ? When I tried the last time it told me it was >>> already installed. >>> >>> Thanks >>> >>> Lance >>> >>> >>> Julian Field wrote: >>> >>>> You should be using the SuSE distribution of MailScanner. >>>> If you do that, everything will be done for you, just read the >>>> instructions in the output at the end of ./install.sh. >>>> >>>> You don't need to mess with any of this stuff by hand, you'll just >>>> get in a bit of a mess :-) >>>> >>>> Lance Haig wrote: >>>> >>>>> Hi Guys, >>>>> >>>>> I am having trouble finding the place to add the >>>>> >>>>> sendmail -bd *-OPrivacyOptions=noetrn* -ODeliveryMode=queueonly >>>>> -OQueueDirectory=/var/spool/mqueue.in >>>>> >>>>> >>>>> line to my SUSE box. I have found a sendmail file in the init.d >>>>> but the entries there do not >>>>> look anything like the documentation. >>>>> >>>>> Can someone enlighten me please. >>>>> >>>>> latest MS and SUSE 93 >>>>> >>>>> Thanks >>>>> >>>>> Lance >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------ MailScanner list ------------------------ >>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>>> 'leave mailscanner' in the body of the email. >>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>>> >>>>> *Support MailScanner development - buy the book off the website!* >>>> >>>> >>>> >>>> >>>> >>>> >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >>> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Sat Nov 5 17:54:09 2005 From: ajos1 at onion.demon.co.uk (Dj Ajos1) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: Urgent update... as lots of people's mcafee systems will be out of date (I think it has been wrong for months)! In file:- /usr/lib/MailScanner/mcafee-autoupdate The line/entry... FTPDIR=http://download.nai.com/products/datfiles/4.x/nai Does not work any more... But this one does! FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x Thanks in advance... == ===================================================================== = = "What time is it when both hands are pointing up? Time to hand = over the money!" = = "Landlordism is, in any case, a philosophy of idleness..." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From victorm at ULA.VE Sat Nov 5 17:45:42 2005 From: victorm at ULA.VE (Victor Mendoza) Date: Thu Jan 12 21:31:08 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I didn't receive your linux.cf but... I would check /etc/hosts.{allow,deny} Victor Lance Haig wrote: > Hi Mike, > > iptables is not running. > > I rebuilt the sendmail.cf and also restarted the whole server. > > In SUSE the sendmail.cf is called linux.cf > > attached is mine. > > Thanks > > Lance > > Mike Kercher wrote: > >>Can you send me your sendmail.mc? Did you restart MailScanner after >>rebuilding your sendmail.cf? Did you rebuild your sendmail.cf? >> >>Mike >> >> >> >> >>>-----Original Message----- >>>From: MailScanner mailing list >>> >>>------------------------ MailScanner list ------------------------ >>> >>>To unsubscribe, email jiscmail@jiscmail.ac.uk >>>with the words: >>> >>>'leave mailscanner' in the body of the email. >>> >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> >>> >>>*Support MailScanner development - buy the book off the website!* >>> ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 5 18:25:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Please can other people confirm that this new suggested location is the best place to use. Dj Ajos1 wrote: >Urgent update... as lots of people's mcafee systems will be out of date (I think it has been wrong for months)! > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > >The line/entry... > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > >Does not work any more... > >But this one does! > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > >Thanks in advance... > >== >===================================================================== >= >= "What time is it when both hands are pointing up? Time to hand >= over the money!" >= >= "Landlordism is, in any case, a philosophy of idleness..." >= >= Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... >= Call... +44 8457 90 90 90 http://www.samaritans.org/ >= >===================================================================== > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Sat Nov 5 19:34:47 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:08 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ours has been working fine with the default location. I see no need to switch to one somewhere in Europe. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Sat Nov 5 20:50:02 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:31:08 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > > Please can other people confirm that this new suggested location is the > best place to use. The original (download.nai.com) still works, there's no problem whatsoever and has never been over the last few months/years. IMHO http is preferred over ftp, due to easier securing/firewalling issues. If however ftp is used, the mentioned url is fine for sites in Europe. The ftp sites in the US use ftp.nai.com. It may even be the case thay DNS replies for ftp.nai.com are now automatically pointing to the nearest ftp repositories (think I read this somewhere). Regards, Mike. > Dj Ajos1 wrote: > > >Urgent update... as lots of people's mcafee systems will be out of date > (I think it has been wrong for months)! > > > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > > > >The line/entry... > > > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > > > >Does not work any more... > > > >But this one does! > > > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > > > >Thanks in advance... ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Sat Nov 5 21:10:48 2005 From: ajos1 at onion.demon.co.uk (Dj Ajos1) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: - Interesting replies... in the UK... from 3 different totally unrelated sites... we get... http://download.nai.com/products/datfiles/4.x/nai You are not authorized to view this page You might not have permission to view this directory or page using the credentials you supplied. Sounds like some form of IP origination firewalling? == ===================================================================== = = "What time is it when both hands are pointing up? Time to hand = over the money!" = = "Landlordism is, in any case, a philosophy of idleness..." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sat Nov 5 21:35:22 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dj Ajos1 writes: > Interesting replies... in the UK... from 3 different totally unrelated sites... we get... > > http://download.nai.com/products/datfiles/4.x/nai > > You are not authorized to view this page > You might not have permission to view this directory or page using the credentials you supplied. Try http://speedownload.nai.com/products/datfiles/4.x/nai, a few of us have been using this for months without any problems. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Sun Nov 6 03:45:46 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: Hi All, Has anyone got a simple how-to on this? I found some stuff from google about a gazilion things to modify, did it all and it fails still, one most google popular is some extract from a mailing list where it questions alot of useless doubling up, and using stuff from openprotect etc, still a miserable failure.. MS has a qmail-send program? but unless im blind (good chance) I see no docs on how to get this all working. One of the organisations I work for uses qmail and wont change, qmailscan is pretty CPU hogging and featureless, hence why if I cant put sendmail in (like i have on many working setups) then I need to find a way to get MS and qmail working happily, probably not going to happen tho, but as its approaching christmas I guess one can ask for small miracles :) Cheers ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michael at NOMENNESCIO.NET Sun Nov 6 10:06:44 2005 From: michael at NOMENNESCIO.NET (Mike) Date: Thu Jan 12 21:31:08 2006 Subject: McAfee DownLoad URL does not work... Message-ID: > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Dj Ajos1 > > Interesting replies... in the UK... from 3 different totally unrelated > sites... we get... > > http://download.nai.com/products/datfiles/4.x/nai > > You are not authorized to view this page > You might not have permission to view this directory or page using the > credentials you supplied. > > Sounds like some form of IP origination firewalling? No, it just means that there is no index.html file and the web user is not authorized to view the directory. The base URL is used to download files. If you try http://download.nai.com/products/datfiles/4.x/nai/update.ini, you will notice that files can be downloaded, provided that you specify the /correct/ filename. There is/should be no problem with the autoupdate script, as it downloads the ini file(s) to determine version information and afterwards, if necessary, downloads the specific files mentioned in the ini files. Regards, Mike. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sun Nov 6 10:51:34 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Res writes: > Hi All, > Has anyone got a simple how-to on this? > I found some stuff from google about a gazilion things to modify, did it > all and it fails still, one most google popular is some extract from a > mailing list where it questions alot of useless doubling up, and using > stuff from openprotect etc, still a miserable failure.. > MS has a qmail-send program? but unless im blind (good chance) I see no > docs on how to get this all working. You have 4 options a. Use a MS + sendmail/postfix front-end server to the qmail server (will require extra hardware). b. Use MS + sendmail/postfix on the same server and change the port for qmail to a different one (say 2525) c. Use Openprotect, they do a decent job for qmail integration. I also run at least 4 of them with qmail. d. See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/152.html for instructions on manually integrating qmail with MailScanner. hope that helps, - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From res at AUSICS.NET Sun Nov 6 12:30:51 2005 From: res at AUSICS.NET (Res) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: Hi, On Sun, 6 Nov 2005, Dhawal Doshy wrote: > Res writes: >> Hi All, >> Has anyone got a simple how-to on this? > > You have 4 options > a. Use a MS + sendmail/postfix front-end server to the qmail server (will > require extra hardware). not possible, we are also a carrier, and host many vISP mail domains > b. Use MS + sendmail/postfix on the same server and change the port for qmail > to a different one (say 2525) as above > c. Use Openprotect, they do a decent job for qmail integration. I also run at > least 4 of them with qmail. this looks only possible goer, its at a cost isnt it...i doubt my biosses will go for it > d. See http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/152.html for > instructions on manually integrating qmail with MailScanner. > hope that helps, thats the one we've tried and doesnt work. see the dilema :) -- Cheers Res ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dhawal at NETMAGICSOLUTIONS.COM Sun Nov 6 13:15:19 2005 From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Res writes: >> c. Use Openprotect, they do a decent job for qmail integration. I also >> run at least 4 of them with qmail. > > this looks only possible goer, its at a cost isnt it...i doubt my biosses > will go for it > Openprotect is free (beer/speech) unless you also opt for the kaspersky antivirus as well.. so go ahead and give it a try. - dhawal ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Sun Nov 6 13:04:25 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:08 2006 Subject: MS and *gulp* Qmail Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Res wrote: > >> c. Use Openprotect, they do a decent job for qmail integration. I also >> run at least 4 of them with qmail. > > > this looks only possible goer, its at a cost isnt it...i doubt my > biosses will go for it It's OSS afair -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From devonharding at GMAIL.COM Sun Nov 6 14:29:56 2005 From: devonharding at GMAIL.COM (Devon Harding) Date: Thu Jan 12 21:31:08 2006 Subject: IPBlock info? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Where can I find docs on IPBlock with MailScanner? Install info? -Devon ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sun Nov 6 18:27:02 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: IPBlock info? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Read the relevant bit of CustomConfig.pm, it contains installation instructions in the comments at the start of the code. Devon Harding wrote: > Where can I find docs on IPBlock with MailScanner? Install info? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ25K9xH2WUcUFbZUEQKDTACfW+3EYruviwj0TM2seTX9LdQYpGIAoKsQ a+4dEr9ZPciTq/pEJWjVZ8aC =WIie -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Sun Nov 6 22:05:09 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on Postfix/RHEL4 with the service command, instead the out put service MailScanner start is [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found Any ideas? Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Sun Nov 6 22:50:08 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 09:05:09 +1100 Peter Russell wrote: > I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on > Postfix/RHEL4 with the service command, instead the out put service > MailScanner start is > > [root@mail01 en]# service MailScanner start > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory I can confirm it on Fedora Core 4 and RHEL. For now I am using /etc/rc.d/init.d/MailScanner file from 4.46. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Sun Nov 6 22:53:39 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: /etc/cron.daily/update_phishing_sites Message-ID: Hello, could update_phishing_sites script's output be silenced like update_virus_scanner? Because now I get an email every night: From: Cron Daemon Subject: Cron run-parts /etc/cron.daily /etc/cron.daily/update_phishing_sites: --04:47:47-- http://www.mailscanner.info/phishing.safe.sites.conf.master => `phishing.safe.sites.conf.master' Resolving www.mailscanner.info... 152.78.68.160 Connecting to www.mailscanner.info[152.78.68.160]:80... connected. HTTP request sent, awaiting response... 302 Found Location: http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/phishing.safe.sites.conf.master [following] --04:47:47-- http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/phishing.safe.sites.conf.master => `phishing.safe.sites.conf.master' Resolving www.sng.ecs.soton.ac.uk... 152.78.68.160 Connecting to www.sng.ecs.soton.ac.uk[152.78.68.160]:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13,752 [text/plain] 0K .......... ... 100% 81.06 KB/s 04:47:48 (81.06 KB/s) - `phishing.safe.sites.conf.master' saved [13,752/13,752] Phishing safe sites list updated. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 00:03:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there any chance you can email me that file? The links on the MS website to the older beta version are busted and the file from 4.45 which i had doesnt work :( Thanks Pete Nerijus Baliunas wrote: > On Mon, 7 Nov 2005 09:05:09 +1100 Peter Russell wrote: > > >>I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on >>Postfix/RHEL4 with the service command, instead the out put service >>MailScanner start is >> >>[root@mail01 en]# service MailScanner start >>/etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory > > > I can confirm it on Fedora Core 4 and RHEL. For now I am using > /etc/rc.d/init.d/MailScanner file from 4.46. > > Regards, > Nerijus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 01:12:02 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks but even using that script gives an error. maybe this install is borked? The wiki and maq arent available does anyone know the procedure for reverting to my back up copy? I error i get when i use your startup script is; [root@mail01 ~]# MailScanner start Cannot open config file start, No such file or directory at /usr/lib/MailScanner/MailScanner/Config.pm line 592. Compilation failed in require at /usr/sbin/MailScanner line 65. BEGIN failed--compilation aborted at /usr/sbin/MailScanner line 65. But at those lines in those files there isnt unusal (to me) Appreciate any further tips. Pete Peter Russell wrote: > Is there any chance you can email me that file? The links on the MS > website to the older beta version are busted and the file from 4.45 > which i had doesnt work :( > Thanks > Pete > > Nerijus Baliunas wrote: > >> On Mon, 7 Nov 2005 09:05:09 +1100 Peter Russell >> wrote: >> >> >>> I just upgraded to 4.47 from 4.45 and now cannot start MailScanner on >>> Postfix/RHEL4 with the service command, instead the out put service >>> MailScanner start is >>> >>> [root@mail01 en]# service MailScanner start >>> /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or >>> directory >> >> >> >> I can confirm it on Fedora Core 4 and RHEL. For now I am using >> /etc/rc.d/init.d/MailScanner file from 4.46. >> >> Regards, >> Nerijus >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Mon Nov 7 01:27:49 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 12:12:02 +1100 Peter Russell wrote: > Thanks but even using that script gives an error. maybe this install is > borked? The wiki and maq arent available does anyone know the procedure > for reverting to my back up copy? > > I error i get when i use your startup script is; > [root@mail01 ~]# MailScanner start > Cannot open config file start, No such file or directory at You should use service MailScanner start or /etc/init.d/MailScanner start. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 02:36:46 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ahh thanks, moved to the corect dir and used the correct commands and it worked - how about that :) Thanks for your help Pete Nerijus Baliunas wrote: > On Mon, 7 Nov 2005 12:12:02 +1100 Peter Russell wrote: > > >>Thanks but even using that script gives an error. maybe this install is >>borked? The wiki and maq arent available does anyone know the procedure >>for reverting to my back up copy? >> >>I error i get when i use your startup script is; >>[root@mail01 ~]# MailScanner start >>Cannot open config file start, No such file or directory at > > > You should use service MailScanner start or /etc/init.d/MailScanner start. > > Regards, > Nerijus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From micoots at YAHOO.COM Mon Nov 7 02:42:29 2005 From: micoots at YAHOO.COM (Michael Mansour) Date: Thu Jan 12 21:31:08 2006 Subject: Deleting spam based on domain Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, For some domains I'd like to auto-delete spam, and for others keep them on the default "deliver". In MailScanner.conf, there's the following entries which relate to this: Spam Actions = deliver High Scoring Spam Actions = deliver In trying to make these into a ruleset ie: Spam Actions = %rules-dir%/spam.actions.rules High Scoring Spam Actions = %rules-dir%/high.scoring.spam.actions What do these files need to contain? will the following work? FromOrTo: *@domain1.com delete FromOrTo: default deliver Thanks. Michael. Send instant messages to your online friends http://au.messenger.yahoo.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 02:55:02 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:08 2006 Subject: Deleting spam based on domain Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Michael Mansour > Sent: Sunday, November 06, 2005 9:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Deleting spam based on domain > > Hi, > > For some domains I'd like to auto-delete spam, and for > others keep them on the default "deliver". > > In MailScanner.conf, there's the following entries > which relate to this: > > Spam Actions = deliver > > High Scoring Spam Actions = deliver > > In trying to make these into a ruleset ie: > > Spam Actions = %rules-dir%/spam.actions.rules > > High Scoring Spam Actions = > %rules-dir%/high.scoring.spam.actions > > What do these files need to contain? will the > following work? > > FromOrTo: *@domain1.com delete > FromOrTo: default deliver Should be fine. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From smf at F2S.COM Mon Nov 7 09:42:09 2005 From: smf at F2S.COM (Steve Freegard) Date: Thu Jan 12 21:31:08 2006 Subject: Mailscanner + sendmail SMTP code 552 Message-ID: Hi Jens, On Mon, 2005-11-07 at 09:17 +0100, Jens Ahlin wrote: > Hi, > > I have one installation with Tao4 (RHEL4) Mailscanner and sendmail. There > seems to be a maximum message size of 2Mb that i cannot get rid of. > > host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] said: 552 > Requested mail action aborted: exceeded storage allocation (in reply to > MAIL FROM command) > This looks like the recipient you are trying to send to has the limit - not your box. Unless the xxx.xxx... is your host and people are receiving the message above from your system when trying to send message in, in that case you've probably got quotas enabled. > Sendmail version 8.13.1-2. > > I have not configured any of SMPT, UUCP or MAX_MESSAGE_SIZE in sendmail > and Max message size in Mailscanner is set to -1. > As you are getting an SMTP rejection - this doesn't have anything to do with MailScanner as it isn't involved in SMTP at all. Kind regards, Steve. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailing_lists+mailscanner at caleotech.com Mon Nov 7 08:17:41 2005 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jan 12 21:31:08 2006 Subject: Mailscanner + sendmail SMTP code 552 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have one installation with Tao4 (RHEL4) Mailscanner and sendmail. There seems to be a maximum message size of 2Mb that i cannot get rid of. host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] said: 552 Requested mail action aborted: exceeded storage allocation (in reply to MAIL FROM command) I have the following configuration: Linux 2.6.9-22.EL #1 Thu Oct 6 13:07:33 EDT 2005 i686 i686 i386 GNU/Linux This is Tao Linux release 4 (Sponge) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.46.2 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.50 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.18 Net::CIDR::Lite 0.53 Net::DNS 0.31 Net::LDAP missing Parse::RecDescent missing SAVI 1.4 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.30 URI Sendmail version 8.13.1-2. I have not configured any of SMPT, UUCP or MAX_MESSAGE_SIZE in sendmail and Max message size in Mailscanner is set to -1. I have another mailserver with Tao1 Mailscanner and sendmail that doesn't behave like this. Any suggestions ? Jens ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 09:55:32 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Can someone give me a summary of this problem please? Is it something I have broken? And if so, what doesn't work and what output does it produce? Peter Russell wrote: > Ahh thanks, moved to the corect dir and used the correct commands and > it worked - how about that :) > > Thanks for your help > Pete > > Nerijus Baliunas wrote: > >> On Mon, 7 Nov 2005 12:12:02 +1100 Peter Russell >> wrote: >> >> >>> Thanks but even using that script gives an error. maybe this install >>> is borked? The wiki and maq arent available does anyone know the >>> procedure for reverting to my back up copy? >>> >>> I error i get when i use your startup script is; >>> [root@mail01 ~]# MailScanner start >>> Cannot open config file start, No such file or directory at >> >> >> >> You should use service MailScanner start or /etc/init.d/MailScanner >> start. >> >> Regards, >> Nerijus >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailing_lists+mailscanner at caleotech.com Mon Nov 7 10:47:14 2005 From: mailing_lists+mailscanner at caleotech.com (Jens Ahlin) Date: Thu Jan 12 21:31:08 2006 Subject: Mailscanner + sendmail SMTP code 552 Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > Hi Jens, > > On Mon, 2005-11-07 at 09:17 +0100, Jens Ahlin wrote: >> Hi, >> >> I have one installation with Tao4 (RHEL4) Mailscanner and sendmail. >> There >> seems to be a maximum message size of 2Mb that i cannot get rid of. >> >> host xxx.xxx.xxx.xxx[xxx.xxx.xxx.xxx] said: 552 >> Requested mail action aborted: exceeded storage allocation (in reply >> to >> MAIL FROM command) >> > > This looks like the recipient you are trying to send to has the limit - > not your box. > > Unless the xxx.xxx... is your host and people are receiving the message > above from your system when trying to send message in, in that case > you've probably got quotas enabled. > >> Sendmail version 8.13.1-2. >> >> I have not configured any of SMPT, UUCP or MAX_MESSAGE_SIZE in sendmail >> and Max message size in Mailscanner is set to -1. >> > xxx.xxx above is my box. What kind of quota ? I have not configured any quota at all unless RHEL4 have quotas by default. I have cyrus imapd as backend and no quotas enabled there. If any quota is present it must be some sort of "/ message" quota since mail is continously being transferred in/out. The only thing I get in the maillog is: Nov 7 11:43:16 xxxx sendmail[568]: jA7AhFxj000568: name.comp.tld [xxx.xxx.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Jens ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Mon Nov 7 10:54:09 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Julian, a Summary as requested. Julian Field wrote: > Can someone give me a summary of this problem please? RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link from your site, all steps appeard to work as expected. Go to run MS for the first time and get lots of nasty output at the console and no MTA and no MS. Nerijus is having the same issue on FC4. Out from service start command immedietly after upgrade is; [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found [root@mail01 en]# service MailScanner start /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or directory /etc/init.d/MailScanner: line 109: rc_reset: command not found Initializing incoming postfix Initializing outgoing postfix /etc/init.d/MailScanner: line 93: rc_status: command not found /etc/init.d/MailScanner: line 105: rc_status: command not found Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: command not found /etc/init.d/MailScanner: line 209: rc_exit: command not found ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at LISTS.COM.AR Mon Nov 7 13:19:28 2005 From: mailscanner at LISTS.COM.AR (Leonardo Helman) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: Famous last words... Probably your servers will not be so fine http://www.securityfocus.com/archive/1/415723 Saludos -- Leonardo Helman Pert Consultores Argentina On Fri, Nov 04, 2005 at 04:46:54PM -0500, Wess Bechard wrote: > > ClamAV isn't on the list, so at least my servers will be fine. > I'm going to guess that the file utility will not likely miss-guess > the header, so it may be a good idea to have the linux file utility do > its job. > On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: > > Has anyone read this? > > [1]http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > New%20Exploit/164278_1.aspx > > Thoughts? > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [2]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([3]http://wiki.mailscanner.info/) and > the archives ([4]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [5]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([6]http://wiki.mailscanner.info/) > and the archives > ([7]http://www.jiscmail.ac.uk/lists/mailscanner.html). > Support MailScanner development - buy the book off the website! > > References > > 1. http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > 2. mailto:jiscmail@jiscmail.ac.uk > 3. http://wiki.mailscanner.info/ > 4. http://www.jiscmail.ac.uk/lists/mailscanner.html > 5. file://localhost/tmp/jiscmail@jiscmail.ac.uk > 6. http://wiki.mailscanner.info/ > 7. http://www.jiscmail.ac.uk/lists/mailscanner.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Mon Nov 7 13:40:00 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 09:55:32 +0000 Julian Field wrote: > Can someone give me a summary of this problem please? > > Is it something I have broken? And if so, what doesn't work and what > output does it produce? See the first message in this thread. In short, RH/Fedora don't have rc.status, rc_reset, rc_exit commands which appeared in init.d script in 4.47. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From davidj at synaq.com Mon Nov 7 13:42:38 2005 From: davidj at synaq.com (David Jacobson) Date: Thu Jan 12 21:31:08 2006 Subject: Start up script problem 4.47 Message-ID: Hi, On Mon, 2005-11-07 at 15:40 +0200, Nerijus Baliunas wrote: > On Mon, 7 Nov 2005 09:55:32 +0000 Julian Field wrote: > > > Can someone give me a summary of this problem please? > > > > Is it something I have broken? And if so, what doesn't work and what > > output does it produce? > > See the first message in this thread. In short, RH/Fedora don't have > rc.status, rc_reset, rc_exit commands which appeared in init.d script > in 4.47. I can confirm this. This morning I was feeling brave after a rough weekend, so I decided to upgrade to the latest MailScanner version on our production box during peak hour traffic. I thought it would go through fine without problems, to my suprise there were all these init script errors as indicated above. I simply replaced the init script with my old init script and all was back to normal. It would seem the new init script breaks RH style init scripts. Regards, David Jacobson > > Regards, > Nerijus > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Regards, David Jacobson Technical Director SYNAQ (Pty) Ltd Tel: 011 245 5888 Direct: 011 245 5889 Fax: 011 783 9275 Cell: 083 235 0760 Mail: davidj@synaq.com Web: http://www.synaq.com Key Fingerprint 8246 FCE1 3C22 7EFB E61B 18DF 6E8B 65E8 BD50 78A1 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, "This is a digitally signed message part" ] [ Application/PGP-SIGNATURE 196bytes. ] [ Unable to print this part. ] From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 13:47:29 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: Clamav 0.87.1 was released last week to fix various bugs etc.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Leonardo Helman > Sent: 07 November 2005 13:19 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] New Exploit? > > Famous last words... > > Probably your servers will not be so fine > > http://www.securityfocus.com/archive/1/415723 > > Saludos > > -- > Leonardo Helman > Pert Consultores > Argentina > > > On Fri, Nov 04, 2005 at 04:46:54PM -0500, Wess Bechard wrote: > > > > ClamAV isn't on the list, so at least my servers will be fine. > > I'm going to guess that the file utility will not likely miss- > guess > > the header, so it may be a good idea to have the linux file utility > do > > its job. > > On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: > > > > Has anyone read this? > > > > > [1]http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20 > by%20 > > New%20Exploit/164278_1.aspx > > > > Thoughts? > > > > Mike > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email [2]jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ([3]http://wiki.mailscanner.info/) and > > the archives ([4]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email [5]jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki ([6]http://wiki.mailscanner.info/) > > and the archives > > ([7]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > References > > > > 1. > http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by% > 20 > > 2. mailto:jiscmail@jiscmail.ac.uk > > 3. http://wiki.mailscanner.info/ > > 4. http://www.jiscmail.ac.uk/lists/mailscanner.html > > 5. file://localhost/tmp/jiscmail@jiscmail.ac.uk > > 6. http://wiki.mailscanner.info/ > > 7. http://www.jiscmail.ac.uk/lists/mailscanner.html > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 13:46:10 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:08 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ... These darn Viagra emails.. They always come through as no spam... i get about 20 a day and so do my clients.... what do you guys do about this if the rules do not catch it.... Thanks.. Return-Path: X-Original-To: rob@thehostmasters.com Delivered-To: rob@thehostmasters.com Received: from danknapp.com (ip-85-160-10-61.eurotel.cz [85.160.10.61]) by stewy (Postfix) with SMTP id 6DF82BF4E for ; Sun, 6 Nov 2005 17:55:33 -0500 (EST) Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> From: "Tzviya Fife" To: "Enola Kimbrough" Subject: Re: Marcuss cool info Date: Sun, 6 Nov 2005 17:56:40 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: fif@danknapp.com This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C5E2FB.7060FC00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable V C A X P V A I m a r I L A b n o A I L i a z G U I e x a R M S n c A $85,45 $99,95 $69,95 http://lemenartedahluleta.tripod.com Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Mon Nov 7 13:50:35 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:08 2006 Subject: Phishing - Watch out for this Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I encountered this one Sat, it wasn't flagged as phising or spam. The "Click here" link is: Click here to activate your account So there isn't anything really there to catch. It points to a sub dir on what appears to be a Chinese University's web site. Received header is Received: from clust06-www03.powweb.com ([66.152.98.63]) I put the following local SA rule in place to catch it. header __Rc_EBAY_PHISH1 Subject =~ /(tko notice: eBay Account suspended \( Unauthorized Access \)|tko notice:)/i header __Rc_EBAY_PHISH2 Received !~/ebay\.com/i rawbody __Rc_EBAY_PHISH3 /library\.ws\.ac\.th|mfcisapicommand=signinfpp/i meta Rc_EBAY_PHISH ( __Rc_EBAY_PHISH1 && __Rc_EBAY_PHISH2 && __Rc_EBAY_PHISH3 ) score Rc_EBAY_PHISH 200 describe Rc_EBAY_PHISH META:Chinese Ebay Phishing Scam Rule Rc_EBAY_PHISH The rule basically states if the subject contains the full subject, or just the "tko notice:" part, and the recieved headers to not contain a host from ebay.com and there is a reference to either the website in question or the mfcisapicommand= then it's not from ebay and score it very high. I have posted the entire body if someone wants to see the information used for the above rule(s) Rick ================================= begin paste ======================================================= Subject: TKO NOTICE: eBay Account SUSPENDED ( Unauthorized Access ) Dear eBay Member, eBay is committed to maintaining a safe environment for its community of buyers and sellers. To protect the security of your account, eBay employs some of the most advanced security systems in the world and our anti-fraud teams regularly screen the PayPal system for unusual activity. Recently, our Account Review Team identified some unusual activity in your account. In accordance with eBay's User Agreement and to ensure that your account has not been compromised, access to your account was flagged. Your account will remain flagged until this issue has been resolved. This is a fraud prevention measure meant to ensure that your account is not compromised. In order to secure your account and quickly restore full access, we may require some specific information from you for the following reason: Our system requires further account verification. Case ID Number: EB-056-245-481 We encourage you to log in and restore full access as soon as possible. Should your account remain flagged for an extended period of time, it may result in further limitations on the use of your account or may result in eventual account closure. ----------------------------------------------------------------------- Click here to activate your account ---------------------------------------------------------------------- Thank you for your prompt attention to this matter. Please understand that this is a security measure meant to help protect you and your account. We apologize for any inconvenience. Sincerely, eBay Account Review Department eBay Email ID PP562 ====================================== End Paste ================================================== Rick Cooper -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at ELIQUID.COM Mon Nov 7 13:53:33 2005 From: mailscanner at ELIQUID.COM (Wess Bechard) Date: Thu Jan 12 21:31:08 2006 Subject: New Exploit? Message-ID: [ The following text is in the "utf-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Do not worry about me. :) My servers run Gentoo, so applying updates on a weekly basis is fairly trivial. This morning's update will likely upgrade ClamAV if I have the older version. Speaking of updates, I just installed Ubuntu Server at home this weekend on my webserver box. I imagine Ubuntu Server will grow into a very nice server OS, as Ubuntu's team rolls updates out quickly via apt. I do realize it is silly to assume you are always safe, but in my case I take precautions to limit the danger by dedicating Monday morning as patch up, and roll out time. [ebuild U ] app-antivirus/clamav-0.87.1 [0.87] Yep, Servers updating clamav package right now :) On Mon, 2005-11-07 at 10:19 -0300, Leonardo Helman wrote: Famous last words... Probably your servers will not be so fine http://www.securityfocus.com/archive/1/415723 Saludos -- Leonardo Helman Pert Consultores Argentina On Fri, Nov 04, 2005 at 04:46:54PM -0500, Wess Bechard wrote: > > ClamAV isn't on the list, so at least my servers will be fine. > I'm going to guess that the file utility will not likely miss-guess > the header, so it may be a good idea to have the linux file utility do > its job. > On Fri, 2005-11-04 at 15:34 -0600, Mike Kercher wrote: > > Has anyone read this? > > [1]http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > New%20Exploit/164278_1.aspx > > Thoughts? > > Mike > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [2]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([3]http://wiki.mailscanner.info/) and > the archives ([4]http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email [5]jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki ([6]http://wiki.mailscanner.info/) > and the archives > ([7]http://www.jiscmail.ac.uk/lists/mailscanner.html). > Support MailScanner development - buy the book off the website! > > References > > 1. http://www.security.ithub.com/article/Virus%20Scanners%20Made%20Moot%20by%20 > 2. mailto:jiscmail@jiscmail.ac.uk > 3. http://wiki.mailscanner.info/ > 4. http://www.jiscmail.ac.uk/lists/mailscanner.html > 5. file://localhost/tmp/jiscmail@jiscmail.ac.uk > 6. http://wiki.mailscanner.info/ > 7. http://www.jiscmail.ac.uk/lists/mailscanner.html ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 13:53:38 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Posting headers of spam emails... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Is there a special way to post spam headers? as whenever i send spam headers to this list , it never comes through... so the lists anti spam is doing something mine is not in catching these darn Viagra and cialis emails. I get dozens a day.... i tried to post the email headers but they get rejected by the list..... Any help appreciated... Thanks... Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Mon Nov 7 14:01:30 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: I'm running Matt Kettler's anti-drug rule set which is available from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using Rules Du Jour. It seems to catch most of them for me. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Monday, November 07, 2005 8:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] I can not seem to stop these emails... ... These darn Viagra emails.. They always come through as no spam... i get about 20 a day and so do my clients.... what do you guys do about this if the rules do not catch it.... Thanks.. Return-Path: X-Original-To: rob@thehostmasters.com Delivered-To: rob@thehostmasters.com Received: from danknapp.com (ip-85-160-10-61.eurotel.cz [85.160.10.61]) by stewy (Postfix) with SMTP id 6DF82BF4E for ; Sun, 6 Nov 2005 17:55:33 -0500 (EST) Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> From: "Tzviya Fife" To: "Enola Kimbrough" Subject: Re: Marcuss cool info Date: Sun, 6 Nov 2005 17:56:40 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: fif@danknapp.com This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C5E2FB.7060FC00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable V C A X P V A I m a r I L A b n o A I L i a z G U I e x a R M S n c A $85,45 $99,95 $69,95 http://lemenartedahluleta.tripod.com Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 14:20:34 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: Posting headers of spam emails... Message-ID: Best way it to put them up on a web page somewhere..... Also check you own MS settings that you are whitelisting this list... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 07 November 2005 13:54 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Posting headers of spam emails... > > Is there a special way to post spam headers? as whenever i send spam > headers to this list , it never comes through... so the lists anti spam is > doing something mine is not in catching these darn Viagra and cialis > emails. I get dozens a day.... i tried to post the email headers but they > get rejected by the list..... > > Any help appreciated... > > Thanks... > > Rob... > http://www.stupidguytalk.org > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 14:29:23 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Posting headers of spam emails... Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Oh never mind they came through this time.... :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: Rob To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 07, 2005 8:53 AM Subject: Posting headers of spam emails... Is there a special way to post spam headers? as whenever i send spam headers to this list , it never comes through... so the lists anti spam is doing something mine is not in catching these darn Viagra and cialis emails. I get dozens a day.... i tried to post the email headers but they get rejected by the list..... Any help appreciated... Thanks... Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 14:47:10 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Right i have that, although it seems to be over a year old.... . These emails are kind of new with respect to how they are made... the word Viagra is not in the email at all so i guess that rule will not work, although Viagra does show in the email when its viewed... you can see 2 examples of the emails here... http://www.dido.ca/spam/drug.txt Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: Aaron K. Moore To: MAILSCANNER@JISCMAIL.AC.UK Sent: Monday, November 07, 2005 9:01 AM Subject: Re: I can not seem to stop these emails... I'm running Matt Kettler's anti-drug rule set which is available from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using Rules Du Jour. It seems to catch most of them for me. -- Aaron Kent Moore Information Technology Services DeKalb Memorial Hospital, Inc. Auburn, IN E-mail: amoore@dekalbmemorial.com ________________________________________________________________________________ From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob Sent: Monday, November 07, 2005 8:46 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: [MAILSCANNER] I can not seem to stop these emails... ... These darn Viagra emails.. They always come through as no spam... i get about 20 a day and so do my clients.... what do you guys do about this if the rules do not catch it.... Thanks.. Return-Path: X-Original-To: rob@thehostmasters.com Delivered-To: rob@thehostmasters.com Received: from danknapp.com (ip-85-160-10-61.eurotel.cz [85.160.10.61]) by stewy (Postfix) with SMTP id 6DF82BF4E for ; Sun, 6 Nov 2005 17:55:33 -0500 (EST) Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> From: "Tzviya Fife" To: "Enola Kimbrough" Subject: Re: Marcuss cool info Date: Sun, 6 Nov 2005 17:56:40 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: fif@danknapp.com This is a multi-part message in MIME format. ------=_NextPart_000_0001_01C5E2FB.7060FC00 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable V C A X P V A I m a r I L A b n o A I L i a z G U I e x a R M S n c A $85,45 $99,95 $69,95 http://lemenartedahluleta.tripod.com Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 14:54:27 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] It appears that the SuSE init.d script somehow crept into the RedHat distribution. I have rebuilt the distributions and this problem appears to be fixed now. Sorry about that folks, haven't a clue how it happened. It would only have affected some MTA's and not others. Worst affected was Postfix. Pete Russell wrote: > Hi Julian, a Summary as requested. > > Julian Field wrote: > >> Can someone give me a summary of this problem please? > > RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 > > Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link > from your site, all steps appeard to work as expected. > > Go to run MS for the first time and get lots of nasty output at the > console and no MTA and no MS. > > Nerijus is having the same issue on FC4. > > Out from service start command immedietly after upgrade is; > > [root@mail01 en]# service MailScanner start > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > directory > /etc/init.d/MailScanner: line 109: rc_reset: command not found > Initializing incoming postfix Initializing outgoing postfix > /etc/init.d/MailScanner: line 93: rc_status: command not found > /etc/init.d/MailScanner: line 105: rc_status: command not found > Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: > command not found > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > [root@mail01 en]# service MailScanner start > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > directory > /etc/init.d/MailScanner: line 109: rc_reset: command not found > Initializing incoming postfix Initializing outgoing postfix > /etc/init.d/MailScanner: line 93: rc_status: command not found > /etc/init.d/MailScanner: line 105: rc_status: command not found > Initializing MailScanner/etc/init.d/MailScanner: line 128: startproc: > command not found > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 15:00:11 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Rob Results for 1... Content analysis details: (6.1 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 HTML_MESSAGE BODY: HTML included in message 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 0.0 UPPERCASE_25_50 message body is 25-50% uppercase 0.9 FM_NO_STYLE FM_NO_STYLE And 2.. Content analysis details: (7.7 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 HTML_MESSAGE BODY: HTML included in message 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.0 UPPERCASE_25_50 message body is 25-50% uppercase 0.9 FM_NO_STYLE FM_NO_STYLE Would have triggered my spamrules, but not my high spam.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 07 November 2005 14:47 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] I can not seem to stop these emails... > > Right i have that, although it seems to be over a year old.... . These > emails are kind of new with respect to how they are made... the word > Viagra is not in the email at all so i guess that rule will not work, > although Viagra does show in the email when its viewed... > > you can see 2 examples of the emails here... > > http://www.dido.ca/spam/drug.txt > > Thanks... > > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > > ----- Original Message ----- > From: Aaron K. Moore > To: MAILSCANNER@JISCMAIL.AC.UK > Sent: Monday, November 07, 2005 9:01 AM > Subject: Re: I can not seem to stop these emails... > > I'm running Matt Kettler's anti-drug rule set which is available > from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using > Rules Du Jour. > It seems to catch most of them for me. > > -- > Aaron Kent Moore > Information Technology Services > DeKalb Memorial Hospital, Inc. > Auburn, IN > E-mail: amoore@dekalbmemorial.com > > > > > ________________________________ > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob > Sent: Monday, November 07, 2005 8:46 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] I can not seem to stop these emails... > > > ... > > These darn Viagra emails.. > > They always come through as no spam... i get about 20 a day > and so do my clients.... what do you guys do about this if the rules do > not catch it.... > > Thanks.. > > > > Return-Path: > X-Original-To: rob@thehostmasters.com > Delivered-To: rob@thehostmasters.com > Received: from danknapp.com (ip-85-160-10-61.eurotel.cz > [85.160.10.61]) > by stewy (Postfix) with SMTP id 6DF82BF4E > for ; Sun, 6 Nov 2005 17:55:33 -0500 > (EST) > Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> > From: "Tzviya Fife" > To: "Enola Kimbrough" > Subject: Re: Marcuss cool info > Date: Sun, 6 Nov 2005 17:56:40 -0500 > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" > X-Priority: 3 > X-MSMail-Priority: Normal > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > X-Stewy-Dido-Internet-MailScanner: Found to be clean > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, > SpamAssassin (score=0.174, required 4, BAYES_50 0.00, > HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) > X-MailScanner-From: fif@danknapp.com > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0001_01C5E2FB.7060FC00 > Content-Type: text/plain; > charset="us-ascii" > Content-Transfer-Encoding: quoted-printable > > V C A X P V > A I m a r I > L A b n o A > I L i a z G > U I e x a R > M S n c A > $85,45 $99,95 $69,95 > http://lemenartedahluleta.tripod.com > > > > > Rob... > http://www.stupidguytalk.org > > > ------------------------ MailScanner list -------------------- > ---- > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the > website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 15:09:41 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Wow ok , so what am i doing wrong?? here are my rule sets i use.... [ "${TRUSTED_RULESETS}" ] || \ TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF SARE_REDIRECT_POST300 \ BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; P.S. How do you test that email with MS or SA, you run a command line thingy or something? my results in my email headers were this... X-Stewy-Dido-Internet-MailScanner: Found to be clean X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, SpamAssassin (score=0.174, required 4, BAYES_50 0.00, HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) X-MailScanner-From: harsccsxgqashleigh@infofin.com Thanks for your help.. Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Martin Hepworth" To: Sent: Monday, November 07, 2005 10:00 AM Subject: Re: I can not seem to stop these emails... > Rob > > Results for 1... > > Content analysis details: (6.1 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > 0.9 FM_NO_STYLE FM_NO_STYLE > > > And 2.. > > Content analysis details: (7.7 points, 5.0 required) > > pts rule name description > ---- ---------------------- > -------------------------------------------------- > 0.0 HTML_MESSAGE BODY: HTML included in message > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > [Blocked - see > ] > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > 0.9 FM_NO_STYLE FM_NO_STYLE > > > Would have triggered my spamrules, but not my high spam.. > > > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Rob >> Sent: 07 November 2005 14:47 >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: [MAILSCANNER] I can not seem to stop these emails... >> >> Right i have that, although it seems to be over a year old.... . These >> emails are kind of new with respect to how they are made... the word >> Viagra is not in the email at all so i guess that rule will not work, >> although Viagra does show in the email when its viewed... >> >> you can see 2 examples of the emails here... >> >> http://www.dido.ca/spam/drug.txt >> >> Thanks... >> >> >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> >> ----- Original Message ----- >> From: Aaron K. Moore >> To: MAILSCANNER@JISCMAIL.AC.UK >> Sent: Monday, November 07, 2005 9:01 AM >> Subject: Re: I can not seem to stop these emails... >> >> I'm running Matt Kettler's anti-drug rule set which is available >> from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using >> Rules Du Jour. >> It seems to catch most of them for me. >> >> -- >> Aaron Kent Moore >> Information Technology Services >> DeKalb Memorial Hospital, Inc. >> Auburn, IN >> E-mail: amoore@dekalbmemorial.com >> >> >> >> >> ________________________________ >> >> From: MailScanner mailing list >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob >> Sent: Monday, November 07, 2005 8:46 AM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: [MAILSCANNER] I can not seem to stop these > emails... >> >> >> ... >> >> These darn Viagra emails.. >> >> They always come through as no spam... i get about 20 a day >> and so do my clients.... what do you guys do about this if the rules do >> not catch it.... >> >> Thanks.. >> >> >> >> Return-Path: >> X-Original-To: rob@thehostmasters.com >> Delivered-To: rob@thehostmasters.com >> Received: from danknapp.com (ip-85-160-10-61.eurotel.cz >> [85.160.10.61]) >> by stewy (Postfix) with SMTP id 6DF82BF4E >> for ; Sun, 6 Nov 2005 17:55:33 > -0500 >> (EST) >> Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> >> From: "Tzviya Fife" >> To: "Enola Kimbrough" >> Subject: Re: Marcuss cool info >> Date: Sun, 6 Nov 2005 17:56:40 -0500 >> MIME-Version: 1.0 >> Content-Type: multipart/alternative; >> boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" >> X-Priority: 3 >> X-MSMail-Priority: Normal >> X-Mailer: Microsoft Outlook Express 6.00.2800.1106 >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 >> X-Stewy-Dido-Internet-MailScanner: Found to be clean >> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, >> SpamAssassin (score=0.174, required 4, BAYES_50 0.00, >> HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) >> X-MailScanner-From: fif@danknapp.com >> >> This is a multi-part message in MIME format. >> >> ------=_NextPart_000_0001_01C5E2FB.7060FC00 >> Content-Type: text/plain; >> charset="us-ascii" >> Content-Transfer-Encoding: quoted-printable >> >> V C A X P V >> A I m a r I >> L A b n o A >> I L i a z G >> U I e x a R >> M S n c A >> $85,45 $99,95 $69,95 >> http://lemenartedahluleta.tripod.com >> >> >> >> >> Rob... >> http://www.stupidguytalk.org >> >> >> ------------------------ MailScanner list > -------------------- >> ---- >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the > words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki > (http://wiki.mailscanner.info/) >> and the archives >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the >> website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! >> >> >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > > > ********************************************************************** > > This email and any files transmitted with it are confidential and > intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > the system manager. > > This footnote confirms that this email message has been swept > for the presence of computer viruses and is believed to be clean. > > ********************************************************************** > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Nov 7 15:23:00 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > It appears that the SuSE init.d script somehow crept into the RedHat > distribution. > I have rebuilt the distributions and this problem appears to be fixed > now. > > Sorry about that folks, haven't a clue how it happened. It would only > have affected some MTA's and not others. Worst affected was Postfix. That be me. Anyway I selected the link to download and I'm getting requested URL Not Found. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Nov 7 15:24:16 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Julian Field wrote: >> It appears that the SuSE init.d script somehow crept into the RedHat >> distribution. >> I have rebuilt the distributions and this problem appears to be fixed >> now. >> >> Sorry about that folks, haven't a clue how it happened. It would only >> have affected some MTA's and not others. Worst affected was Postfix. > That be me. Anyway I selected the link to download and I'm getting > requested URL Not Found. Ooops. Too much coffee, selected wrong link. Nevermind. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 15:32:43 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Rob My RDJ TRUSTED sets are.. TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_RANDOM RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_BML SARE_URI0 SARE_URI1 SARE_URI3 SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300 SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST SARE_WHITELIST_SPF SARE_WHITELIST_RCVD ZMI_GERMAN"; I've also got pyzor, a couple RBL's and all the URI-RBLs turned in (including the black and grey). I ran SA to get these with the -p set to my spam.assassin.prefs.conf.. spamaassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 07 November 2005 15:10 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] I can not seem to stop these emails... > > Wow ok , so what am i doing wrong?? here are my rule sets i use.... > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG > SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; > > > P.S. How do you test that email with MS or SA, you run a command line > thingy > or something? > > > my results in my email headers were this... > > X-Stewy-Dido-Internet-MailScanner: Found to be clean > X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, > SpamAssassin (score=0.174, required 4, BAYES_50 0.00, > HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) > X-MailScanner-From: harsccsxgqashleigh@infofin.com > > Thanks for your help.. > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Martin Hepworth" > To: > Sent: Monday, November 07, 2005 10:00 AM > Subject: Re: I can not seem to stop these emails... > > > > Rob > > > > Results for 1... > > > > Content analysis details: (6.1 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- > > -------------------------------------------------- > > 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel > letters > > 0.0 HTML_MESSAGE BODY: HTML included in message > > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > > 0.9 FM_NO_STYLE FM_NO_STYLE > > > > > > And 2.. > > > > Content analysis details: (7.7 points, 5.0 required) > > > > pts rule name description > > ---- ---------------------- > > -------------------------------------------------- > > 0.0 HTML_MESSAGE BODY: HTML included in message > > 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) > > 4.0 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net > > [Blocked - see > > ] > > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > > 0.9 FM_NO_STYLE FM_NO_STYLE > > > > > > Would have triggered my spamrules, but not my high spam.. > > > > > > > > -- > > Martin Hepworth > > Snr Systems Administrator > > Solid State Logic > > Tel: +44 (0)1865 842300 > > > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Rob > >> Sent: 07 November 2005 14:47 > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Re: [MAILSCANNER] I can not seem to stop these emails... > >> > >> Right i have that, although it seems to be over a year old.... . These > >> emails are kind of new with respect to how they are made... the word > >> Viagra is not in the email at all so i guess that rule will not work, > >> although Viagra does show in the email when its viewed... > >> > >> you can see 2 examples of the emails here... > >> > >> http://www.dido.ca/spam/drug.txt > >> > >> Thanks... > >> > >> > >> > >> Rob Morin > >> Dido Internet Inc. > >> Montreal, Canada > >> 514-990-4444 > >> http://www.dido.ca > >> > >> > >> ----- Original Message ----- > >> From: Aaron K. Moore > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Sent: Monday, November 07, 2005 9:01 AM > >> Subject: Re: I can not seem to stop these emails... > >> > >> I'm running Matt Kettler's anti-drug rule set which is available > >> from http://mywebpages.comcast.net/mkettler/sa/antidrug.cf and by using > >> Rules Du Jour. > >> It seems to catch most of them for me. > >> > >> -- > >> Aaron Kent Moore > >> Information Technology Services > >> DeKalb Memorial Hospital, Inc. > >> Auburn, IN > >> E-mail: amoore@dekalbmemorial.com > >> > >> > >> > >> > >> ________________________________ > >> > >> From: MailScanner mailing list > >> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rob > >> Sent: Monday, November 07, 2005 8:46 AM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: [MAILSCANNER] I can not seem to stop these > > emails... > >> > >> > >> ... > >> > >> These darn Viagra emails.. > >> > >> They always come through as no spam... i get about 20 a day > >> and so do my clients.... what do you guys do about this if the rules do > >> not catch it.... > >> > >> Thanks.. > >> > >> > >> > >> Return-Path: > >> X-Original-To: rob@thehostmasters.com > >> Delivered-To: rob@thehostmasters.com > >> Received: from danknapp.com (ip-85-160-10-61.eurotel.cz > >> [85.160.10.61]) > >> by stewy (Postfix) with SMTP id 6DF82BF4E > >> for ; Sun, 6 Nov 2005 17:55:33 > > -0500 > >> (EST) > >> Message-ID: <000401c5e325$59370400$89faa8c0@oatcake> > >> From: "Tzviya Fife" > >> To: "Enola Kimbrough" > >> Subject: Re: Marcuss cool info > >> Date: Sun, 6 Nov 2005 17:56:40 -0500 > >> MIME-Version: 1.0 > >> Content-Type: multipart/alternative; > >> boundary="----=_NextPart_000_0001_01C5E2FB.7060FC00" > >> X-Priority: 3 > >> X-MSMail-Priority: Normal > >> X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > >> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > >> X-Stewy-Dido-Internet-MailScanner: Found to be clean > >> X-Stewy-Dido-Internet-MailScanner-SpamCheck: not spam, > >> SpamAssassin (score=0.174, required 4, BAYES_50 0.00, > >> HTML_80_90 0.15, HTML_MESSAGE 0.00, UPPERCASE_25_50 0.03) > >> X-MailScanner-From: fif@danknapp.com > >> > >> This is a multi-part message in MIME format. > >> > >> ------=_NextPart_000_0001_01C5E2FB.7060FC00 > >> Content-Type: text/plain; > >> charset="us-ascii" > >> Content-Transfer-Encoding: quoted-printable > >> > >> V C A X P V > >> A I m a r I > >> L A b n o A > >> I L i a z G > >> U I e x a R > >> M S n c A > >> $85,45 $99,95 $69,95 > >> http://lemenartedahluleta.tripod.com > >> > >> > >> > >> > >> Rob... > >> http://www.stupidguytalk.org > >> > >> > >> ------------------------ MailScanner list > > -------------------- > >> ---- > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the > > words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki > > (http://wiki.mailscanner.info/) > >> and the archives > >> (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the > >> website! > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > >> > >> > >> > >> ------------------------ MailScanner list ------------------------ > >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >> 'leave mailscanner' in the body of the email. > >> Before posting, read the Wiki (http://wiki.mailscanner.info/) > >> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >> Support MailScanner development - buy the book off the website! > > > > > > > > ********************************************************************** > > > > This email and any files transmitted with it are confidential and > > intended solely for the use of the individual or entity to whom they > > are addressed. If you have received this email in error please notify > > the system manager. > > > > This footnote confirms that this email message has been swept > > for the presence of computer viruses and is believed to be clean. > > > > ********************************************************************** > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Mon Nov 7 15:35:17 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: Hi Julian, Is this on the download site yet as I am still seeing the problem? The version I am downloading/using is:- 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz Thanks Hywel > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field > Sent: 07 November 2005 14:54 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Start up script problem 4.47 - summary > > It appears that the SuSE init.d script somehow crept into the > RedHat distribution. > I have rebuilt the distributions and this problem appears to > be fixed now. > > Sorry about that folks, haven't a clue how it happened. It > would only have affected some MTA's and not others. Worst > affected was Postfix. > > Pete Russell wrote: > > > Hi Julian, a Summary as requested. > > > > Julian Field wrote: > > > >> Can someone give me a summary of this problem please? > > > > RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 > > > > Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link > > from your site, all steps appeard to work as expected. > > > > Go to run MS for the first time and get lots of nasty output at the > > console and no MTA and no MS. > > > > Nerijus is having the same issue on FC4. > > > > Out from service start command immedietly after upgrade is; > > > > [root@mail01 en]# service MailScanner start > > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > > directory > > /etc/init.d/MailScanner: line 109: rc_reset: command not found > > Initializing incoming postfix Initializing outgoing postfix > > /etc/init.d/MailScanner: line 93: rc_status: command not found > > /etc/init.d/MailScanner: line 105: rc_status: command not found > > Initializing MailScanner/etc/init.d/MailScanner: line 128: > startproc: > > command not found > > > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > > [root@mail01 en]# service MailScanner start > > /etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or > > directory > > /etc/init.d/MailScanner: line 109: rc_reset: command not found > > Initializing incoming postfix Initializing outgoing postfix > > /etc/init.d/MailScanner: line 93: rc_status: command not found > > /etc/init.d/MailScanner: line 105: rc_status: command not found > > Initializing MailScanner/etc/init.d/MailScanner: line 128: > startproc: > > command not found > > > > /etc/init.d/MailScanner: line 209: rc_exit: command not found > > > ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ebruce at HPMICH.COM Mon Nov 7 15:44:01 2005 From: ebruce at HPMICH.COM (Ed Bruce) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hywel Burris wrote: > Hi Julian, > > Is this on the download site yet as I am still seeing the problem? The > version I am downloading/using is:- > > 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz > > Thanks > > Hywel > Same here. I've downloaded twice and installed it twice more to be sure. But I'm still getting the same error. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From nerijus at USERS.SOURCEFORGE.NET Mon Nov 7 15:48:48 2005 From: nerijus at USERS.SOURCEFORGE.NET (Nerijus Baliunas) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Mon, 7 Nov 2005 15:35:17 -0000 Hywel Burris wrote: > Is this on the download site yet as I am still seeing the problem? The > version I am downloading/using is:- > > 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz Until Julian fixes download page, just replace -1 with -2 and you'll get corrected file. Regards, Nerijus ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 7 15:59:10 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: All Looks the SOA record for mailscanner.info it weird and therefore causing fun. Julian's been notified and I guess will attend to it ASAP. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ed Bruce > Sent: 07 November 2005 15:44 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: [MAILSCANNER] Start up script problem 4.47 - summary > > Hywel Burris wrote: > > Hi Julian, > > > > Is this on the download site yet as I am still seeing the problem? The > > version I am downloading/using is:- > > > > 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz > > > > Thanks > > > > Hywel > > > Same here. I've downloaded twice and installed it twice more to be sure. > But I'm still getting the same error. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 7 16:07:25 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... (antidrug.cf obsolete) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob wrote: > Right i have that, although it seems to be over a year old.... . That's correct, I've not updated antidrug.cf in a long time. Really, antidrug.cf is only for users of SA older than 3.0.0. If you've got 3.0.x or 3.1.x you don't need antidrug.cf, as it's now a built-in ruleset. In fact, if you have 3.0.0 or newer, you REALLY should NOT be using antidrug.cf, as if the SA devs make any improvements, you'll be covering them up with old rules. These > emails are kind of new with respect to how they are made... the word > Viagra is not in the email at all so i guess that rule will not work, > although Viagra does show in the email when its viewed... > > you can see 2 examples of the emails here... > > http://www.dido.ca/spam/drug.txt Yes, that's a newer variant that antidrug's techniques don't cover. It's yet another "table obfuscation" spam. SARE's "specific" ruleset covers these somewhat, but not this particular email. Razor, dcc, pyzor, etc are good measures against these, as is good bayes training. As for your example, here's the results I get out of SA 3.1.0 + razor +dcc -------------------------------------------------------- Content analysis details: (13.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 HTML_MESSAGE BODY: HTML included in message 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% [score: 1.0000] 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.2 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [70.49.221.195 listed in dnsbl.sorbs.net] 0.8 DIGEST_MULTIPLE Message hits more than one network digest check 0.0 UPPERCASE_25_50 message body is 25-50% uppercase ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 16:13:48 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No, you should be downloading 4.47.4-2 and not -1. Hywel Burris wrote: >Hi Julian, > >Is this on the download site yet as I am still seeing the problem? The >version I am downloading/using is:- > >4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz > >Thanks > >Hywel > > > >>-----Original Message----- >>From: MailScanner mailing list >>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field >>Sent: 07 November 2005 14:54 >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: Start up script problem 4.47 - summary >> >>It appears that the SuSE init.d script somehow crept into the >>RedHat distribution. >>I have rebuilt the distributions and this problem appears to >>be fixed now. >> >>Sorry about that folks, haven't a clue how it happened. It >>would only have affected some MTA's and not others. Worst >>affected was Postfix. >> >>Pete Russell wrote: >> >> >> >>>Hi Julian, a Summary as requested. >>> >>>Julian Field wrote: >>> >>> >>> >>>>Can someone give me a summary of this problem please? >>>> >>>> >>>RHEL4/POstfix 2.1.5/MailScanner4.45/SA3.1/Clam.87 >>> >>>Did an upgrade from 4.45 to 4.47 using usual RPM stable distro link >>>from your site, all steps appeard to work as expected. >>> >>>Go to run MS for the first time and get lots of nasty output at the >>>console and no MTA and no MS. >>> >>>Nerijus is having the same issue on FC4. >>> >>>Out from service start command immedietly after upgrade is; >>> >>>[root@mail01 en]# service MailScanner start >>>/etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or >>>directory >>>/etc/init.d/MailScanner: line 109: rc_reset: command not found >>>Initializing incoming postfix Initializing outgoing postfix >>>/etc/init.d/MailScanner: line 93: rc_status: command not found >>>/etc/init.d/MailScanner: line 105: rc_status: command not found >>>Initializing MailScanner/etc/init.d/MailScanner: line 128: >>> >>> >>startproc: >> >> >>>command not found >>> >>>/etc/init.d/MailScanner: line 209: rc_exit: command not found >>>[root@mail01 en]# service MailScanner start >>>/etc/init.d/MailScanner: line 108: /etc/rc.status: No such file or >>>directory >>>/etc/init.d/MailScanner: line 109: rc_reset: command not found >>>Initializing incoming postfix Initializing outgoing postfix >>>/etc/init.d/MailScanner: line 93: rc_status: command not found >>>/etc/init.d/MailScanner: line 105: rc_status: command not found >>>Initializing MailScanner/etc/init.d/MailScanner: line 128: >>> >>> >>startproc: >> >> >>>command not found >>> >>>/etc/init.d/MailScanner: line 209: rc_exit: command not found >>> >>> >>> > >************************************************************************ >This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. > >Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. > > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Mon Nov 7 16:16:12 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ed Bruce wrote: > Hywel Burris wrote: > >> Hi Julian, >> >> Is this on the download site yet as I am still seeing the problem? The >> version I am downloading/using is:- >> >> 4037682 Nov 5 14:24 MailScanner-4.47.4-1.rpm.tar.gz >> >> Thanks >> >> Hywel >> > > Same here. I've downloaded twice and installed it twice more to be > sure. But I'm still getting the same error. Somehow the new web pages didn't get pushed out to the website. The site now lists 4.47.4-2 which is what you should download. -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 16:32:26 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > These darn Viagra emails.. > > They always come through as no spam... i get about 20 a day and so do > my clients.... what do you guys do about this if the rules do not catch > it.... My rules pick them up it seems: PROLO_LEO1 0.10, PROLO_LEO2 0.10, PROLO_LEO3 0.10, PROLO_LEO4 0.10 PROLO_LEO_M1 8.00, Have a look at the SARE 'specific' ruleset will be updated soon and then you will be able to stop them also. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 16:35:53 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > Wow ok , so what am i doing wrong?? here are my rule sets i use.... > > [ "${TRUSTED_RULESETS}" ] || \ > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG SARE_ADULT > SARE_OEM SARE_BAYES_POISON_NXM \ > SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF > SARE_REDIRECT_POST300 \ > BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; > > > P.S. How do you test that email with MS or SA, you run a command line thingy > or something? Hmmm .... to stop this thread: PROLO_LEO1 0.10, PROLO_LEO2 0.10, PROLO_LEO3 0.10, PROLO_LEO4 0.10, PROLO_LEO_M1 8.00, # TEST FOR LEO CRAP body PROLO_LEO1 /\85\,45/ body PROLO_LEO2 /\69\,95/ body PROLO_LEO3 /\99\,95/ uri PROLO_LEO4 /http:\/\/.*tripod.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far Have fun, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 16:52:36 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... (antidrug.cf obsolete) Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] i am using 3.04 i will remove antidrug right away... thanks Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Matt Kettler" To: Sent: Monday, November 07, 2005 11:07 AM Subject: Re: I can not seem to stop these emails... (antidrug.cf obsolete) > Rob wrote: >> Right i have that, although it seems to be over a year old.... . > > That's correct, I've not updated antidrug.cf in a long time. Really, > antidrug.cf > is only for users of SA older than 3.0.0. If you've got 3.0.x or 3.1.x you > don't > need antidrug.cf, as it's now a built-in ruleset. > > In fact, if you have 3.0.0 or newer, you REALLY should NOT be using > antidrug.cf, > as if the SA devs make any improvements, you'll be covering them up with > old rules. > > > These >> emails are kind of new with respect to how they are made... the word >> Viagra is not in the email at all so i guess that rule will not work, >> although Viagra does show in the email when its viewed... > > >> >> you can see 2 examples of the emails here... >> >> http://www.dido.ca/spam/drug.txt > > > Yes, that's a newer variant that antidrug's techniques don't cover. It's > yet > another "table obfuscation" spam. SARE's "specific" ruleset covers these > somewhat, but not this particular email. > > Razor, dcc, pyzor, etc are good measures against these, as is good bayes > training. > > As for your example, here's the results I get out of SA 3.1.0 + razor +dcc > > -------------------------------------------------------- > Content analysis details: (13.5 points, 5.0 required) > > pts rule name description > ---- ---------------------- -------------------------------------------------- > 2.9 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters > 0.0 HTML_MESSAGE BODY: HTML included in message > 3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100% > [score: 1.0000] > 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) > 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level > above 50% > [cf: 100] > 0.2 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% > [cf: 100] > 2.2 DCC_CHECK Listed in DCC > (http://rhyolite.com/anti-spam/dcc/) > 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP > address > [70.49.221.195 listed in dnsbl.sorbs.net] > 0.8 DIGEST_MULTIPLE Message hits more than one network digest check > 0.0 UPPERCASE_25_50 message body is 25-50% uppercase > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 17:20:46 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hey Raymond sorry to be a pain, but those rules, where do i put them, i did a simple copy and paste into 70_sare_specific and did a spamassassin --lint stewy:/etc/spamassassin# spamassassin --lint Illegal octal digit '8' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '8' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /usr/share/perl5/Mail/SpamAssassin/Conf/Parser.pm line 766. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO3, line 1. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO3, line 1. Illegal octal digit '8' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO1, line 1. Illegal octal digit '8' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO1, line 1. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO2, line 1. Illegal octal digit '9' ignored at /etc/spamassassin/70_sare_specific.cf, rule PROLO_LEO2, line 1. And got errors, allthough i am not sure i did it correctly... Thanks... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Raymond Dijkxhoorn" To: Sent: Monday, November 07, 2005 11:35 AM Subject: Re: I can not seem to stop these emails... > Hi! > >> Wow ok , so what am i doing wrong?? here are my rule sets i use.... >> >> [ "${TRUSTED_RULESETS}" ] || \ >> TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS SARE_RANDOM ANTIDRUG >> SARE_ADULT SARE_OEM SARE_BAYES_POISON_NXM \ >> SARE_CODING SARE_HEADER SARE_SPECIFIC SARE_BML SARE_FRAUD SARE_SPOOF >> SARE_REDIRECT_POST300 \ >> BOGUSVIRUS SARE_HEADER_ABUSE RANDOMVAL SARE_GENLSUBJ"; >> >> >> P.S. How do you test that email with MS or SA, you run a command line >> thingy or something? > > Hmmm .... to stop this thread: > > PROLO_LEO1 0.10, PROLO_LEO2 0.10, PROLO_LEO3 0.10, PROLO_LEO4 0.10, > PROLO_LEO_M1 8.00, > > # TEST FOR LEO CRAP > > body PROLO_LEO1 /\85\,45/ > body PROLO_LEO2 /\69\,95/ > body PROLO_LEO3 /\99\,95/ > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && > PROLO_LEO3 && PROLO_LEO4) > > score PROLO_LEO1 0.1 > score PROLO_LEO2 0.1 > score PROLO_LEO3 0.1 > score PROLO_LEO4 0.1 > score PROLO_LEO_M1 8 > > describe PROLO_LEO1 Meta Catches all Leo drug > variations so far > describe PROLO_LEO2 Meta Catches all Leo drug > variations so far > describe PROLO_LEO3 Meta Catches all Leo drug > variations so far > describe PROLO_LEO4 Meta to catch Leo now using Tripod > describe PROLO_LEO_M1 Catches all Leo drug variations so > far > > Have fun, > Raymond. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 17:34:25 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > Hey Raymond sorry to be a pain, but those rules, where do i put them, i did a > simple copy and paste into 70_sare_specific and did a Oh wait, thats true. I cutted out some irrelevant parts but forgot to escape it afterwards. Either try them like this: # TEST FOR LEO CRAP body PROLO_LEO1 /\$85\,45/ body PROLO_LEO2 /\$69\,95/ body PROLO_LEO3 /\$99\,95/ uri PROLO_LEO4 /http:\/\/.*tripod.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far or # TEST FOR LEO CRAP body PROLO_LEO1 /85\,45/ body PROLO_LEO2 /69\,95/ body PROLO_LEO3 /99\,95/ uri PROLO_LEO4 /http:\/\/.*tripod.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Mon Nov 7 17:44:16 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hmmm, still not right: uri PROLO_LEO4 /http:\/\/.*tripod.com/ should be uri PROLO_LEO4 /http:\/\/*\.tripod\.com/ Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Raymond Dijkxhoorn > Sent: 07 November 2005 17:34 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: I can not seem to stop these emails... > > Hi! > > > Hey Raymond sorry to be a pain, but those rules, where do i > put them, > > i did a simple copy and paste into 70_sare_specific and did a > > Oh wait, thats true. I cutted out some irrelevant parts but > forgot to escape it afterwards. > > Either try them like this: > > # TEST FOR LEO CRAP > > body PROLO_LEO1 /\$85\,45/ > body PROLO_LEO2 /\$69\,95/ > body PROLO_LEO3 /\$99\,95/ > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > meta PROLO_LEO_M1 (PROLO_LEO1 && > PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) > > score PROLO_LEO1 0.1 > score PROLO_LEO2 0.1 > score PROLO_LEO3 0.1 > score PROLO_LEO4 0.1 > score PROLO_LEO_M1 8 > > describe PROLO_LEO1 Meta Catches all Leo > drug variations so far > describe PROLO_LEO2 Meta Catches all Leo > drug variations so far > describe PROLO_LEO3 Meta Catches all Leo > drug variations so far > describe PROLO_LEO4 Meta to catch Leo now > using Tripod > describe PROLO_LEO_M1 Catches all Leo drug > variations so far > > or > > # TEST FOR LEO CRAP > > body PROLO_LEO1 /85\,45/ > body PROLO_LEO2 /69\,95/ > body PROLO_LEO3 /99\,95/ > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > meta PROLO_LEO_M1 (PROLO_LEO1 && > PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) > > score PROLO_LEO1 0.1 > score PROLO_LEO2 0.1 > score PROLO_LEO3 0.1 > score PROLO_LEO4 0.1 > score PROLO_LEO_M1 8 > > describe PROLO_LEO1 Meta Catches all Leo > drug variations so far > describe PROLO_LEO2 Meta Catches all Leo > drug variations so far > describe PROLO_LEO3 Meta Catches all Leo > drug variations so far > describe PROLO_LEO4 Meta to catch Leo now > using Tripod > describe PROLO_LEO_M1 Catches all Leo drug > variations so far > > Bye, > Raymond. > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Mon Nov 7 17:49:24 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! > uri PROLO_LEO4 /http:\/\/.*tripod.com/ > > should be > > uri PROLO_LEO4 /http:\/\/*\.tripod\.com/ Feel free to alter whatever you like ;) Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 20:45:20 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] First off thanks to all for helping me out in the last few days on this list i really appreciate it... No i have another strange problem... MS seems to silently die, and mail keeps coming in but not being delivered.... Nothing in the logs other than the below... Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... When i run the /usr/sbin/check_mailscaner it says stewy:/var/log# /usr/sbin/check_mailscanner MailScanner running with pid 8146 8147 But when i watch the logs via tail -f i do not see any Mailscanner activity until i restart by /etc/init.d/mailscanner restart I am using MS 4.41.3-2 with postfix on debian 3.1 Any ideas? Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 20:53:22 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: Monday, November 07, 2005 3:45 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Its not ny day for mailscanner > > First off thanks to all for helping me out in the last few days on this > list i really appreciate it... > > No i have another strange problem... > > MS seems to silently die, and mail keeps coming in but not being > delivered.... > > Nothing in the logs other than the below... > > Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > > When i run the /usr/sbin/check_mailscaner it says > > stewy:/var/log# /usr/sbin/check_mailscanner > MailScanner running with pid 8146 8147 > > > But when i watch the logs via tail -f i do not see any Mailscanner > activity until i restart by /etc/init.d/mailscanner restart > > I am using MS 4.41.3-2 with postfix on debian 3.1 > > Any ideas? > > Rob... > http://www.stupidguytalk.org To make the error a little noisier, in MailScanner.conf please set: Debug = no Debug SpamAssassin = no Then stop and then start MailScanner from the command line. Watch the screen output. The reason for MailScanner dying should appear. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Mon Nov 7 20:56:11 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Rob spake the following on 11/7/2005 6:47 AM: > Right i have that, although it seems to be over a year old.... . These > emails are kind of new with respect to how they are made... the word > Viagra is not in the email at all so i guess that rule will not work, > although Viagra does show in the email when its viewed... > > you can see 2 examples of the emails here... > > http://www.dido.ca/spam/drug.txt > > Thanks... The first one shows up in DCC, Pyzor and Razor, and scores ; 2.3 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 HTML_MESSAGE BODY: HTML included in message 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% [cf: 100] 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% [cf: 100] 2.8 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) 1.4 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) 2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address [70.49.221.195 listed in dnsbl.sorbs.net] 0.2 DIGEST_MULTIPLE Message hits more than one network digest check 0.0 UPPERCASE_25_50 message body is 25-50% uppercase -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Mon Nov 7 21:01:00 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:09 2006 Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? Message-ID: I have installed FreeBSD 5.4 and latest port of MailScanner that bundles SpamAssassin 3.1. I am using sendmail to intercept all incoming/outgoing mail. In order to determine if MailScanner and Spam Assassin are working, which log files should I monitor? I normally monitor all incoming/outgoing mail from /var/log/maillog. What other log files should I look at??? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Mon Nov 7 21:14:50 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:09 2006 Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? Message-ID: On 7 Nov 2005, at 21:01, Marc Dufresne wrote: > I have installed FreeBSD 5.4 and latest port of MailScanner that > bundles > SpamAssassin 3.1. I am using sendmail to intercept all incoming/ > outgoing > mail. > > In order to determine if MailScanner and Spam Assassin are working, > which log files should I monitor? I normally monitor all > incoming/outgoing mail from /var/log/maillog. What other log files > should I look at??? Assuming you have left MailScanner.conf's logging options as the default then /var/log/maillog is all you have t look at. Don't forget that under FreeBSD you need to start MailScanner some thing like '/ usr/local/etc/rc.d/mailscanner.sh start' it doesn't start with your MTA. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Nov 7 21:19:44 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, me again ;-) I have just setup my new MS box ( replacing the one I had under my desk at home with one in a hosted facility) I have set one of my test domains to point to the new IP and when I send mail I get the following error. reject=553 5.1.8 ... Domain of sender address Lance.Haig@domain.com does not exist. Where is MS checking this? I know he address exists that I am sending from as it is my work address and we do not get mail stopped by other scanners. have I enabled something that is killing mail like this? I would appreciate any help. Thanks Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 7 21:16:45 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I forget on FreeBSD but either way tail -f the maillog or mail.log whatever you have and send yourself the eicar virus, a test virus that is for testing... you can get it hear, just copy and paste into an email http://www.eicar.org/anti_virus_test_file.htm you should see in the log file MailScanner detecting this virus and so on..... and we can go form there... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Marc Dufresne" To: Sent: Monday, November 07, 2005 4:01 PM Subject: Which logs to monitor to ensure MailScanner/SPAMASSASSIN are working??? >I have installed FreeBSD 5.4 and latest port of MailScanner that bundles > SpamAssassin 3.1. I am using sendmail to intercept all incoming/outgoing > mail. > > In order to determine if MailScanner and Spam Assassin are working, > which log files should I monitor? I normally monitor all > incoming/outgoing mail from /var/log/maillog. What other log files > should I look at??? > > > > > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Mon Nov 7 21:30:26 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig wrote: > Hi, > > me again ;-) > > I have just setup my new MS box ( replacing the one I had under my desk > at home with one in a hosted facility) > > I have set one of my test domains to point to the new IP and when I send > mail I get the following error. > > reject=553 5.1.8 ... Domain of sender address > Lance.Haig@domain.com does not exist. > > Where is MS checking this? It's not that's Sendmail.. Mailscanner CANNOT reject mail during the SMTP session due it it's design, therefore anything related to SMTP 4xx and 5xx error codes can not involve MailScanner. look up the accept_unresolvable_domains feature in your sendmail.mc.. by default Sendmail will not accept mail with an unresolvable return path unless this is enabled. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 21:29:59 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Monday, November 07, 2005 4:20 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: email being rejjjcted fro unknown domains > > Hi, > > me again ;-) > > I have just setup my new MS box ( replacing the one I had under my desk > at home with one in a hosted facility) > > I have set one of my test domains to point to the new IP and when I send > mail I get the following error. > > reject=553 5.1.8 ... Domain of sender address > Lance.Haig@domain.com does not exist. > > Where is MS checking this? I know he address exists that I am sending > from as it is my work address and we do not get mail stopped by other > scanners. > > have I enabled something that is killing mail like this? > > I would appreciate any help. > > Thanks > > Lance This is normal. You should see some lines like the ones below in you sendmail ".mc" file: dnl # We strongly recommend not accepting unresolvable domains if you want dnl # to protect yourself from spam. However, the laptop and users on computers dnl # that do not have 24x7 DNS do need this. dnl # FEATURE(`accept_unresolvable_domains')dnl But this is the typical configuration on most gateways and you probably do to want to accept email from un-resolvable domains. If you really want to turn this off change the line to: dnl FEATURE(`accept_unresolvable_domains')dnl And use m4 to rebuild your .cf from the .mc file. Then restart sendmail. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lhaig at HAIGMAIL.COM Mon Nov 7 22:09:02 2005 From: lhaig at HAIGMAIL.COM (Lance Haig) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Just to put thoings staight, Thanks for the help you two but it was my own stupidity. I forgot to add the DNS servers to the server so it could not compare the addresses. After doing that the mail was recieved just fine. So sorry for waisting yours. Just noticed that my mail log has the following error in it. dccproc[number] : open/dcc/map: No Such File exists. Looked in the dcc directory and can't find my map file. is there an easy way to rebuild it? or should I go asking on the dcc support area? Thanks again Lance Lance Haig wrote: > Hi, > > me again ;-) > > I have just setup my new MS box ( replacing the one I had under my > desk at home with one in a hosted facility) > > I have set one of my test domains to point to the new IP and when I > send mail I get the following error. > > reject=553 5.1.8 ... Domain of sender address > Lance.Haig@domain.com does not exist. > > Where is MS checking this? I know he address exists that I am sending > from as it is my work address and we do not get mail stopped by other > scanners. > > have I enabled something that is killing mail like this? > > I would appreciate any help. > > Thanks > > Lance > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Mon Nov 7 21:59:45 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Stephen Swaney wrote: >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Rob >> Sent: Monday, November 07, 2005 3:45 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Its not ny day for mailscanner >> >> First off thanks to all for helping me out in the last few days on this >> list i really appreciate it... >> >> No i have another strange problem... >> >> MS seems to silently die, and mail keeps coming in but not being >> delivered.... >> >> Nothing in the logs other than the below... >> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> >> When i run the /usr/sbin/check_mailscaner it says >> >> stewy:/var/log# /usr/sbin/check_mailscanner >> MailScanner running with pid 8146 8147 >> >> >> But when i watch the logs via tail -f i do not see any Mailscanner >> activity until i restart by /etc/init.d/mailscanner restart >> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >> >> Any ideas? >> >> Rob... >> http://www.stupidguytalk.org > > To make the error a little noisier, in MailScanner.conf please set: > > Debug = no > Debug SpamAssassin = no > > Then stop and then start MailScanner from the command line. Watch the screen > output. The reason for MailScanner dying should appear. > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > I'd say yes, Steve, not no :) Debug = yes Debug SpamAssassin = yes -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 22:49:56 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: email being rejjjcted fro unknown domains Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Lance Haig > Sent: Monday, November 07, 2005 5:09 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: email being rejjjcted fro unknown domains > > Just to put thoings staight, > > Thanks for the help you two but it was my own stupidity. > > I forgot to add the DNS servers to the server so it could not compare > the addresses. > > After doing that the mail was recieved just fine. > > So sorry for waisting yours. > > Just noticed that my mail log has the following error in it. > dccproc[number] : open/dcc/map: No Such File exists. > > Looked in the dcc directory and can't find my map file. > > is there an easy way to rebuild it? or should I go asking on the dcc > support area? > > Thanks again > > Lance > This should be installed by default. It typically resides in: /var/dcc/map Check the permissions. They should be: -rw------- 1 root root 4480 Jul 17 21:13 /var/dcc/map Probably just reinstall DCC would bethe quickest way to fix. Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Mon Nov 7 22:51:25 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Ugo Bellavance > Sent: Monday, November 07, 2005 5:00 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: Its not ny day for mailscanner > > Stephen Swaney wrote: > >> -----Original Message----- > >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >> Behalf Of Rob > >> Sent: Monday, November 07, 2005 3:45 PM > >> To: MAILSCANNER@JISCMAIL.AC.UK > >> Subject: Its not ny day for mailscanner > >> > >> First off thanks to all for helping me out in the last few days on this > >> list i really appreciate it... > >> > >> No i have another strange problem... > >> > >> MS seems to silently die, and mail keeps coming in but not being > >> delivered.... > >> > >> Nothing in the logs other than the below... > >> > >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus > Scanner > >> version 4.41.3 starting... > >> > >> When i run the /usr/sbin/check_mailscaner it says > >> > >> stewy:/var/log# /usr/sbin/check_mailscanner > >> MailScanner running with pid 8146 8147 > >> > >> > >> But when i watch the logs via tail -f i do not see any Mailscanner > >> activity until i restart by /etc/init.d/mailscanner restart > >> > >> I am using MS 4.41.3-2 with postfix on debian 3.1 > >> > >> Any ideas? > >> > >> Rob... > >> http://www.stupidguytalk.org > > > > To make the error a little noisier, in MailScanner.conf please set: > > > > Debug = no > > Debug SpamAssassin = no > > > > Then stop and then start MailScanner from the command line. Watch the > screen > > output. The reason for MailScanner dying should appear. > > > > Steve > > > > Stephen Swaney > > Fort Systems Ltd. > > stephen.swaney@fsl.com > > www.fsl.com > > > > I'd say yes, Steve, not no :) > > Debug = yes > Debug SpamAssassin = yes > > -- > Ugo Of course, Silly me. Thanks Ugo! Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mailscanner at BARENDSE.TO Tue Nov 8 10:09:41 2005 From: mailscanner at BARENDSE.TO (Remco Barendse) Date: Thu Jan 12 21:31:09 2006 Subject: Spam learning Message-ID: Hi! I'm using spam learning but to my opinion the yield from bayes is too limited. I have several mail addresses published on websites to attract lotso spam :) and the mail to these adresses is re-routed to a local user on the box. Should I white list all e-mail to this address to prevent spam checking? Or doesn't it matter? I guess I should also not do any virusscanning on it to prevent harmful html code from being cleaned thereby rendering the spam filter less effective? Ideas anyone? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Andreas.Doerfler at KEMPTEN.DE Tue Nov 8 10:33:37 2005 From: Andreas.Doerfler at KEMPTEN.DE ([iso-8859-1] Dörfler Andreas) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] hi there, still back from holiday, deadline for sa 3.1 upgrade comes closer and the knowledge baby is down ? or moved ? http://wiki.mailscanner.info/ Name Error: The domain name does not exist. is see no new link on the ms base page. greetings andy --free your mind, use open source http://www.mono-project.com ASCII ribbon campaign ( ) - against HTML email X & vCards / \ ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drew at THEMARSHALLS.CO.UK Tue Nov 8 11:23:37 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, November 8, 2005 10:33, Dörfler Andreas wrote: > hi there, > > still back from holiday, deadline for sa 3.1 upgrade comes closer > and the knowledge baby is down ? or moved ? Yes, down. One of the technology units at Southampton sadly suffered a fire ( http://news.bbc.co.uk/1/hi/england/hampshire/4390048.stm ) and knocked out connectivity to all the MailScanner sites. With a load of help from Blacknight www.mailscanner.info is back up and running but the wiki hasn't yet been recovered (Julian has just one or two more pressing things to do, like clearing up and restoring what they can). Post to the list and we will do what we can to help. Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Tue Nov 8 13:24:04 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:09 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 05/11/05, Mike wrote: > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Julian Field > > > > Please can other people confirm that this new suggested location is > the > > best place to use. > > The original (download.nai.com) still works, there's no problem > whatsoever and has never been over the last few months/years. Search the list and you'll see that there has been a number (read: at least two:-) of occasions where McAfee has goofed and not updated update.nai.com, but *has* updated speedownload.nai.com (where one usually downloads from anyway (redirs). I do agree though, that moving back to the bad old ftp mirrors would be a step in the wrong direction. They've got an even worse track record with those... Sloppiness like different file sets depending on which mirror you hit, leftover crud etc etc. Sigh. Ages ago I implemented my own DL thing (for another system...) that use the CommonUpdater thing and which use the Replica.log files of that beast (counting files, checking sizes and calculating SHA1-hashes... Going towards that might be interesting, but not switching to an arbitrary ftp mirror. > > IMHO http is preferred over ftp, due to easier securing/firewalling > issues. If however ftp is used, the mentioned url is fine for sites in > Europe. The ftp sites in the US use ftp.nai.com. It may even be the case > thay DNS replies for ftp.nai.com are now automatically pointing to the > nearest ftp repositories (think I read this somewhere). Last I checked it behaves more like a RR thing. I don't check that aspect that often though:-). > > Regards, > Mike. > > > Dj Ajos1 wrote: > > > > >Urgent update... as lots of people's mcafee systems will be out of > date > > (I think it has been wrong for months)! > > > > > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > > > > > >The line/entry... > > > > > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > > > > > >Does not work any more... > > > > > >But this one does! > > > > > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > > > > > >Thanks in advance... > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dfilchak at SYMPATICO.CA Tue Nov 8 14:26:07 2005 From: dfilchak at SYMPATICO.CA (Dave Filchak) Date: Thu Jan 12 21:31:09 2006 Subject: Odd error in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello all, Over the past two weeks or so, after an update to almost the latest ( have not installed the very last release yet ) I have started to see the following in my log reports: Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks like a filename. If this is a ruleset filename, it must end in .rule or .rules : 16 Time(s) This is odd because my rules file is named properly and in the right place. Can anyone shed some light on this? My box is a CentOS4 box, sendmail and the following: This is CentOS release 4.1 (Final) This is Perl version 5.008005 (5.8.5) This is MailScanner version 4.46.2 Module versions are: 1.00 AnyDBM_File 1.16 Archive::Zip 1.03 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.73 File::Basename 2.08 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.66 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.809 DB_File 1.08 Digest 1.01 Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 0.44 Inline 0.17 Mail::ClamAV 3.001000 Mail::SpamAssassin 1.997 Mail::SPF::Query 0.15 Net::CIDR::Lite 0.48 Net::DNS missing Net::LDAP 1.94 Parse::RecDescent missing SAVI 1.2 Sys::Hostname::Long 2.42 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced 1.35 URI Dave ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Dave Tue Nov 8 14:41:47 2005 From: Dave (Dave) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Tue, Nov 08, 2005 at 11:33:37AM +0100, Dörfler Andreas wrote: > hi there, > > still back from holiday, deadline for sa 3.1 upgrade comes closer > and the knowledge baby is down ? or moved ? > > > http://wiki.mailscanner.info/ > > Name Error: The domain name does not exist. > > > is see no new link on the ms base page. > There was a nasty fire in Southampton. > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Tue Nov 8 15:14:23 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:09 2006 Subject: Basic Sendmail question Message-ID: This is what I had to modify in my sendmail.cf file on FreeBSD 5.4: Search "sendmail.cf" for: #SMTP daemon options O DaemonPortOptions=Name=IPv4, Family=inet, addr= i.e. O DaemonPortOptions=Name=IPv4, Family=inet, addr=24.34.56.23 Restart sendmail. You should see it listen on the correct IP. Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> lhaig@HAIGMAIL.COM 11/5/2005 7:41 AM >>> Hi, My sendmail system will not accept mail from anything other than localhost. I have tried to telnet onto port 25 from a workstation and it does not connact but if I try from the server it does. What have I missed? Lance ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From dh at UPTIME.AT Tue Nov 8 15:16:27 2005 From: dh at UPTIME.AT (David H.) Date: Thu Jan 12 21:31:09 2006 Subject: Basic Sendmail question Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Marc Dufresne wrote: > This is what I had to modify in my sendmail.cf file on FreeBSD 5.4: > > Search "sendmail.cf" for: > > #SMTP daemon options > O DaemonPortOptions=Name=IPv4, Family=inet, addr= to listen on> > > i.e. > > O DaemonPortOptions=Name=IPv4, Family=inet, addr=24.34.56.23 > > Restart sendmail. You should see it listen on the correct IP. > Please NEVER EVER modify your *.cf files. Modify the *.mc files and generate the *.cf files using your m4 interpreter. You will end up in chaos if you to know follow this path with sendmail :) -d ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Tue Nov 8 15:10:52 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:09 2006 Subject: Spam learning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Remco Barendse wrote: > Hi! > > I'm using spam learning but to my opinion the yield from bayes is too > limited. > > I have several mail addresses published on websites to attract lotso > spam :) and the mail to these adresses is re-routed to a local user on > the box. > > Should I white list all e-mail to this address to prevent spam checking? > Or doesn't it matter? Easier to keep it on, it will auto-learn this way. > > I guess I should also not do any virusscanning on it to prevent harmful > html code from being cleaned thereby rendering the spam filter less > effective? That is a good idea. Just make sure no one has access to this mailbox... > > Ideas anyone? > -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Tue Nov 8 17:32:08 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:09 2006 Subject: wiki down ? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dörfler Andreas spake the following on 11/8/2005 2:33 AM: > hi there, > > still back from holiday, deadline for sa 3.1 upgrade comes closer > and the knowledge baby is down ? or moved ? > > > http://wiki.mailscanner.info/ > > Name Error: The domain name does not exist. > > > is see no new link on the ms base page. > > > greetings > andy > > --free your mind, use open source > http://www.mono-project.com > > ASCII ribbon campaign ( ) > - against HTML email X > & vCards / \ > Working as of 16:30 GMT At least from USA -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Tue Nov 8 19:10:44 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:31:09 2006 Subject: Odd error in logs Message-ID: On Tue, Nov 08, 2005 at 09:26:07AM -0500, Dave Filchak wrote: > Hello all, > > Over the past two weeks or so, after an update to almost the latest ( > have not installed the very last release yet ) I have started to see the > following in my log reports: > > Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks > like a filename. If this is a ruleset filename, it must end in .rule or > .rules : 16 Time(s) > > This is odd because my rules file is named properly and in the right > place. Can anyone shed some light on this? Not sure that I can, but I'll try ... The relevant code reads something like: $actions = MailScanner::Config::Value(CONFIG_OPTION, $this); (where CONFIG_OPTION is one of hamactions highscorespamactions spamactions) . . . @actions = split(" ", $actions); return unless @actions; # If they have just specified a filename, then something is wrong if ($#actions==0 && $actions[0] =~ /\//) { MailScanner::Log::WarnLog('Your spam actions "%s" looks like a filename.' . ' If this is a ruleset filename, it must end in .rule or .rules', $actions[0]); $actions[0] = 'deliver'; } So my wild guess is that Config::Value returns something like '/etc/mailscanner/rules/spamoptions.rules' (when what you wanted returned was inside there) At which point I'm wondering: grep -i ^[^#]*actions MailScanner.conf An example of ruleset configuration might look like: Virus Scanning = %rules-dir%/Virus.Scanning.rules I even wonder whether you have a '/etc/mailscanner/' instead of '/etc/Mailscanner/' ? If its failing to load you might see WarnLog("Cannot open filename-rules file %s, skipping" I get kind of dizzy when I grep "\$isrules =" Config.pm But that's all I got right now. Any help ? Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From paddy at PANICI.NET Tue Nov 8 19:16:09 2005 From: paddy at PANICI.NET (paddy) Date: Thu Jan 12 21:31:09 2006 Subject: Odd error in logs Message-ID: On Tue, Nov 08, 2005 at 07:10:44PM +0000, paddy wrote: > > I even wonder whether you have a '/etc/mailscanner/' instead of '/etc/Mailscanner/' ? See how easy it is to do :) of course, I mean MailScanner ^ ^ Regards, Paddy -- Perl 6 will give you the big knob. -- Larry Wall ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 20:28:54 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: Is it possible to skip the Max Attachments check at the user level? Either I can't get the syntax right for the rule file or it's not possible. This is what I put in the file: From: user@mydomain.com no FromOrTo: default yes Also, are there supposed to be spaces or tabs in between each field? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Tue Nov 8 20:35:27 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:09 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] ok so after doing this it scanned one message and gave me what seemed to be a normal output.... but i can not site at the consol all day running it in debug mode and restarting each time?? any other things i should look at.... BTW when i say die, it looks like its dead, as i see mailscanner processes in a ps but in the log file i see no mailscanner stuff running... could it be because recently i added RBLs and razor? Thanks... Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the phishing whitelist Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin auto-whitelist functionality... Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = flock Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, 22625 bytes Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 messages Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 found in SBL+XBL Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is spam, SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam messages Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message 51791BF61.03596 actions are delete Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: Starting Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav Nov 8 15:27:37 stewy MailScanner[670]: tag found in message 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to A53A5BF4C Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: from=, size=20795, nrcpt=1 (queue active) Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old age Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Stephen Swaney" To: Sent: Monday, November 07, 2005 5:51 PM Subject: Re: Its not ny day for mailscanner >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Ugo Bellavance >> Sent: Monday, November 07, 2005 5:00 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Its not ny day for mailscanner >> >> Stephen Swaney wrote: >> >> -----Original Message----- >> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> Behalf Of Rob >> >> Sent: Monday, November 07, 2005 3:45 PM >> >> To: MAILSCANNER@JISCMAIL.AC.UK >> >> Subject: Its not ny day for mailscanner >> >> >> >> First off thanks to all for helping me out in the last few days on >> >> this >> >> list i really appreciate it... >> >> >> >> No i have another strange problem... >> >> >> >> MS seems to silently die, and mail keeps coming in but not being >> >> delivered.... >> >> >> >> Nothing in the logs other than the below... >> >> >> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> >> >> When i run the /usr/sbin/check_mailscaner it says >> >> >> >> stewy:/var/log# /usr/sbin/check_mailscanner >> >> MailScanner running with pid 8146 8147 >> >> >> >> >> >> But when i watch the logs via tail -f i do not see any Mailscanner >> >> activity until i restart by /etc/init.d/mailscanner restart >> >> >> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >> >> >> >> Any ideas? >> >> >> >> Rob... >> >> http://www.stupidguytalk.org >> > >> > To make the error a little noisier, in MailScanner.conf please set: >> > >> > Debug = no >> > Debug SpamAssassin = no >> > >> > Then stop and then start MailScanner from the command line. Watch the >> screen >> > output. The reason for MailScanner dying should appear. >> > >> > Steve >> > >> > Stephen Swaney >> > Fort Systems Ltd. >> > stephen.swaney@fsl.com >> > www.fsl.com >> > >> >> I'd say yes, Steve, not no :) >> >> Debug = yes >> Debug SpamAssassin = yes >> >> -- >> Ugo > > Of course, Silly me. Thanks Ugo! > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Stephen Swaney" To: Sent: Monday, November 07, 2005 5:51 PM Subject: Re: Its not ny day for mailscanner >> -----Original Message----- >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> Behalf Of Ugo Bellavance >> Sent: Monday, November 07, 2005 5:00 PM >> To: MAILSCANNER@JISCMAIL.AC.UK >> Subject: Re: Its not ny day for mailscanner >> >> Stephen Swaney wrote: >> >> -----Original Message----- >> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >> >> Behalf Of Rob >> >> Sent: Monday, November 07, 2005 3:45 PM >> >> To: MAILSCANNER@JISCMAIL.AC.UK >> >> Subject: Its not ny day for mailscanner >> >> >> >> First off thanks to all for helping me out in the last few days on >> >> this >> >> list i really appreciate it... >> >> >> >> No i have another strange problem... >> >> >> >> MS seems to silently die, and mail keeps coming in but not being >> >> delivered.... >> >> >> >> Nothing in the logs other than the below... >> >> >> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >> Scanner >> >> version 4.41.3 starting... >> >> >> >> When i run the /usr/sbin/check_mailscaner it says >> >> >> >> stewy:/var/log# /usr/sbin/check_mailscanner >> >> MailScanner running with pid 8146 8147 >> >> >> >> >> >> But when i watch the logs via tail -f i do not see any Mailscanner >> >> activity until i restart by /etc/init.d/mailscanner restart >> >> >> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >> >> >> >> Any ideas? >> >> >> >> Rob... >> >> http://www.stupidguytalk.org >> > >> > To make the error a little noisier, in MailScanner.conf please set: >> > >> > Debug = no >> > Debug SpamAssassin = no >> > >> > Then stop and then start MailScanner from the command line. Watch the >> screen >> > output. The reason for MailScanner dying should appear. >> > >> > Steve >> > >> > Stephen Swaney >> > Fort Systems Ltd. >> > stephen.swaney@fsl.com >> > www.fsl.com >> > >> >> I'd say yes, Steve, not no :) >> >> Debug = yes >> Debug SpamAssassin = yes >> >> -- >> Ugo > > Of course, Silly me. Thanks Ugo! > > Steve > > Stephen Swaney > Fort Systems Ltd. > stephen.swaney@fsl.com > www.fsl.com > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dan.farmer at PHONEDIR.COM Tue Nov 8 20:44:49 2005 From: dan.farmer at PHONEDIR.COM (Dan Farmer) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: On Nov 8, 2005, at 1:28 PM, Chris W. Parker wrote: > Is it possible to skip the Max Attachments check at the user level? > Either I can't get the syntax right for the rule file or it's not > possible. > > This is what I put in the file: > > From: user@mydomain.com no > FromOrTo: default yes I don't think that is a yes/no parameter - I think you want to use numbers for that one, and iirc 0 disables the check. Check the comments in MailScanner.conf or the MailScanner book for more info. try: From: user@mydomain.com 0 FromOrTo: default 200 dan ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Denis.Beauchemin at USHERBROOKE.CA Tue Nov 8 20:47:04 2005 From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Chris W. Parker wrote: >Is it possible to skip the Max Attachments check at the user level? >Either I can't get the syntax right for the rule file or it's not >possible. > >This is what I put in the file: > >From: user@mydomain.com no >FromOrTo: default yes > >Also, are there supposed to be spaces or tabs in between each field? > > > Chris, You can use spaces OR tabs. If you want to set the Maximum Attachments Per Message, you do it this way: From: user@mydomain.com 5000 FromOrTo: default 200 If you want to set the Maximum Attachment Size, you do it this way: From: user@mydomain.com -1 FromOrTo: default 1000000 Denis -- _ °v° Denis Beauchemin, analyste /(_)\ Université de Sherbrooke, S.T.I. ^ ^ T: 819.821.8000x2252 F: 819.821.8045 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 20:49:57 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: Start up script problem 4.47 - summary Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thank YOU Julian. Will test with new package on Thursday. Julian Field wrote: > It appears that the SuSE init.d script somehow crept into the RedHat > distribution. > I have rebuilt the distributions and this problem appears to be fixed now. > > Sorry about that folks, haven't a clue how it happened. It would only > have affected some MTA's and not others. Worst affected was Postfix. > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 20:59:01 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:09 2006 Subject: User level Max Attachment exclusion Message-ID: Dan Farmer on Tuesday, November 08, 2005 12:45 PM said: > Check the > comments in MailScanner.conf or the MailScanner book for more info. Argh. Comments don't mention that (at least not immediately above Max Attachments). Thanks Dan and Dennis. Hopefully this will straighten things out! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 21:04:14 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:09 2006 Subject: Revisit: Emails with negative spam score Message-ID: Hello, Again I'm having issues with emails being marked as spam even though they end up having a negative score (sometimes as much as -10). Last time it was because emails were being found on spam lists but that is under control. This time the emails are not being found on any lists and on top of that the email address is whitelisted. The only thing I see in the logs that MailScanner might be flagging the email for is the following is an " tag" violation: Nov 3 13:58:42 localhost MailScanner[20826]: Message jA3LwZp6025097 from 66.94.237.36 (sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo. com) is whitelisted Nov 3 13:58:52 localhost MailScanner[20826]: tag found in message jA3LwZp6025097 from sentto-11936562-3897-1131055501-user=swatgear.com@returns.groups.yahoo.c om I searched the archives and Google and looked through MailScanner.conf but didn't find anything that made it apparent how I can solve this. Thanks! Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 21:10:53 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: I can not seem to stop these emails... Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi Martin can you confirm that your ruleset list is accurate? Because i tried to use this list and found heaps of them claim no to exist. Is more wrok required than just adding these names to trusted rulesets? I am using sa3.1 Pete Martin Hepworth wrote: > Rob > > My RDJ TRUSTED sets are.. > > TRUSTED_RULESETS="TRIPWIRE EVILNUMBERS EVILNUMBERS1 EVILNUMBERS2 SARE_RANDOM > RANDOMVAL BOGUSVIRUS SARE_ADULT SARE_BML SARE_URI0 SARE_URI1 SARE_URI3 > SARE_URI_ENG SARE_SPOOF SARE_BAYES_POISON_NXM SARE_OEM SARE_RANDOM > SARE_HEADER0 SARE_HEADER2 SARE_CODING SARE_SPECIFIC SARE_REDIRECT_POST300 > SARE_GENLSUBJ SARE_UNSUB SARE_OBFU SARE_OBFU2 SARE_OBFU3 SARE_WHITELIST > SARE_WHITELIST_SPF SARE_WHITELIST_RCVD ZMI_GERMAN"; > > I've also got pyzor, a couple RBL's and all the URI-RBLs turned in > (including the black and grey). > > I ran SA to get these with the -p set to my spam.assassin.prefs.conf.. > > spamaassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf > > -- > Martin Hepworth > Snr Systems Administrator > Solid State Logic > Tel: +44 (0)1865 842300 > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 21:20:28 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I would love to see from ruldujour config examples. I am now using SA 3.1 and unsure which of the SARE rules i should or shouldnt be using, and unsure which ones i can just add a name into TRUSTED_RULESETS or which ones i need to use a munge script for etc. WOuld anyone be kind enough to post a current, fully tested and working example of the ruledujour config file? Kind regards and many thanks Pete ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Tue Nov 8 22:11:11 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:31:09 2006 Subject: OT: leaving helper-app run mode Message-ID: Hi All, When I run a Lint I am getting some long times on leaving helper-app run mode this seems to be associated with razor, as if I disable it in spam.assassin.prefs it disapears. Has anyone else seen this or is 2-4 seconds the norm for this? [11441] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 0.0047 [11441] dbg: rules: running full-text regexp tests; score so far=0.738 0.00483 [11441] dbg: plugin: registering glue method for check_razor2_range (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00031 [11441] dbg: info: entering helper-app run mode 0.00059 [11441] dbg: info: leaving helper-app run mode 2.69093 [11441] dbg: razor2: part=0 engine=4 contested=0 confidence=0 0.00078 [11441] dbg: razor2: results: spam? 0 0.00019 [11441] dbg: razor2: results: engine 8, highest cf score: 0 0.00012 [11441] dbg: razor2: results: engine 4, highest cf score: 0 0.00015 [11441] dbg: plugin: registering glue method for check_razor2 (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00023 Thanks in advance Hywel ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 22:44:25 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:09 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry for replying my pown post. I figured out i need to upgrade my ruledujour it was a little old. I hadd the following rulesets and now, immedietly after doing so sa --lint test take 40sec+ I am using a dual 3ghz/2GB ram machine. TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI SARE_BML SARE_OEM SARE_HEADER SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 SARE_WHITELIST SARE_WHITELIST_RCVD SARE_WHITELIST_SPF ZMI_GERMAN" The worst offenders in the mailwatch lint test results are [22908] dbg: eval: all '*To' addrs: 5.02445 [22908] dbg: plugin: Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x98a1f34) implements 'finish_parsing_end' 26.05115 Any ideas on getting better performance, or is this part of using all these rules? Which woiuld be the best ones to drop to improve perfromance? Peter Russell wrote: > I would love to see from ruldujour config examples. I am now using SA > 3.1 and unsure which of the SARE rules i should or shouldnt be using, > and unsure which ones i can just add a name into TRUSTED_RULESETS or > which ones i need to use a munge script for etc. > > WOuld anyone be kind enough to post a current, fully tested and working > example of the ruledujour config file? > > Kind regards and many thanks > Pete > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 8 23:05:42 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:09 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Sorry for replying my pown post. > > I figured out i need to upgrade my ruledujour it was a little old. I > hadd the following rulesets and now, immedietly after doing so sa --lint > test take 40sec+ I am using a dual 3ghz/2GB ram machine. > > TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 > SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI SARE_BML SARE_OEM SARE_HEADER > SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS > SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB > SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 SARE_WHITELIST > SARE_WHITELIST_RCVD SARE_WHITELIST_SPF ZMI_GERMAN" > > > The worst offenders in the mailwatch lint test results are > [22908] dbg: eval: all '*To' addrs: 5.02445 > [22908] dbg: plugin: > Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x98a1f34) implements > 'finish_parsing_end' 26.05115 > > Any ideas on getting better performance, or is this part of using all > these rules? Which woiuld be the best ones to drop to improve perfromance? > It could be an effect of using all those rules, or it could be an effect of really slow DNS. Some quick checks: compare time spamassassin --lint to time spamassassin -L --lint If these are substantially different on the first shot, your problem is likely network test related. If repeated calls of the -L version are consistently slower than repeated calls of the non -L version, you have slow access to a DNS server and should consider a local caching DNS on the same box. If the two are the same, or close, but consistently high your problem lies in static rules. Try removing a few rulesets (note: you have to physically move them out of /etc/mail/spamassassin to disable them). I'd suggest looking at the size of the rulefiles and picking the largest ones as targets. For what it's worth I use the following SARE style rulesets: -rw-r--r-- 1 root root 31854 Sep 16 14:40 70_sare_adult.cf -rw-r--r-- 1 root root 24246 Sep 16 14:40 70_sare_evilnum0.cf -rw-r--r-- 1 root root 1574 Sep 16 14:40 70_sare_evilnum1.cf -rw-r--r-- 1 root root 45972 Oct 25 18:20 70_sare_genlsubj0.cf -rw-r--r-- 1 root root 51886 Oct 12 21:30 70_sare_obfu0.cf -rw-r--r-- 1 root root 17821 Oct 25 18:16 70_sare_random.cf -rw-r--r-- 1 root root 70262 Oct 25 18:15 70_sare_specific.cf -rw-r--r-- 1 root root 17879 Oct 12 21:33 70_sare_uri0.cf -rw-r--r-- 1 root root 1466 Sep 16 14:40 71_sare_adult_rescore.cf -rw-r--r-- 1 root root 57580 Sep 16 14:40 99_FVGT_Tripwire.cf -rw-r--r-- 1 root root 10231 Sep 16 14:40 99_sare_fraud_post25x.cf along with about 15 local rule files, most of which are about 1k, but one is 10k. My --lint times are about 8.5 sec. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From cparker at SWATGEAR.COM Tue Nov 8 23:18:14 2005 From: cparker at SWATGEAR.COM (Chris W. Parker) Date: Thu Jan 12 21:31:10 2006 Subject: Log line being cut off. Bug? Message-ID: Hello, I believe Julian said this was supposed to be fixed in the latest release of MailScanner v4.47.4 (which I am currently using) but I am still seeing the offending line. Nov 8 07:27:36 localhost MailScanner[5078]: Message jA8FRKic007809 from n.n.n.n (zvtv-0g4uk-eibjtb-h@d.d.d.d) to swatgear.com is The line gets cut off after the word "is". Any confirmations for a fix or the cause? Thanks, Chris. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Tue Nov 8 23:49:33 2005 From: pete at ENITECH.COM.AU (Peter Russell) Date: Thu Jan 12 21:31:10 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks Matt. Like you said, i moved all the cf files out one at a time until i found the culprit. I found it was the blacklist and blacklist_uri rules sets causing the issues. Lint test is back down to less than 8sec. DNS is a win2k server that is under powered, over loaded and about to be decommissioned. But have always had heaps of issues settibng up a cache in this network, another time maybe. Thanks very much Pete Matt Kettler wrote: > Peter Russell wrote: > >>Sorry for replying my pown post. >> >>I figured out i need to upgrade my ruledujour it was a little old. I >>hadd the following rulesets and now, immedietly after doing so sa --lint >>test take 40sec+ I am using a dual 3ghz/2GB ram machine. >> >>TRUSTED_RULESETS="TRIPWIRE SARE_EVILNUMBERS0 SARE_EVILNUMBERS1 >>SARE_EVILNUMBERS2 BLACKLIST BLACKLIST_URI SARE_BML SARE_OEM SARE_HEADER >>SARE_HTML0 SARE_RANDOM SARE_REDIRECT_POST300 SARE_FRAUD BOGUSVIRUS >>SARE_BAYES_POISON_NXM SARE_ADULT SARE_SPOOF SARE_SPECIFIC SARE_UNSUB >>SARE_URI0 SARE_URI1 SARE_OBFU0 SARE_GENLSUBJ0 SARE_WHITELIST >>SARE_WHITELIST_RCVD SARE_WHITELIST_SPF ZMI_GERMAN" >> >> >>The worst offenders in the mailwatch lint test results are >>[22908] dbg: eval: all '*To' addrs: 5.02445 >>[22908] dbg: plugin: >>Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x98a1f34) implements >>'finish_parsing_end' 26.05115 >> >>Any ideas on getting better performance, or is this part of using all >>these rules? Which woiuld be the best ones to drop to improve perfromance? >> > > > It could be an effect of using all those rules, or it could be an effect of > really slow DNS. > > Some quick checks: > > compare time spamassassin --lint to time spamassassin -L --lint > > If these are substantially different on the first shot, your problem is likely > network test related. > > If repeated calls of the -L version are consistently slower than repeated calls > of the non -L version, you have slow access to a DNS server and should consider > a local caching DNS on the same box. > > > If the two are the same, or close, but consistently high your problem lies in > static rules. Try removing a few rulesets (note: you have to physically move > them out of /etc/mail/spamassassin to disable them). I'd suggest looking at the > size of the rulefiles and picking the largest ones as targets. > > For what it's worth I use the following SARE style rulesets: > -rw-r--r-- 1 root root 31854 Sep 16 14:40 70_sare_adult.cf > -rw-r--r-- 1 root root 24246 Sep 16 14:40 70_sare_evilnum0.cf > -rw-r--r-- 1 root root 1574 Sep 16 14:40 70_sare_evilnum1.cf > -rw-r--r-- 1 root root 45972 Oct 25 18:20 70_sare_genlsubj0.cf > -rw-r--r-- 1 root root 51886 Oct 12 21:30 70_sare_obfu0.cf > -rw-r--r-- 1 root root 17821 Oct 25 18:16 70_sare_random.cf > -rw-r--r-- 1 root root 70262 Oct 25 18:15 70_sare_specific.cf > -rw-r--r-- 1 root root 17879 Oct 12 21:33 70_sare_uri0.cf > -rw-r--r-- 1 root root 1466 Sep 16 14:40 71_sare_adult_rescore.cf > -rw-r--r-- 1 root root 57580 Sep 16 14:40 99_FVGT_Tripwire.cf > -rw-r--r-- 1 root root 10231 Sep 16 14:40 99_sare_fraud_post25x.cf > > > along with about 15 local rule files, most of which are about 1k, but one is 10k. > > My --lint times are about 8.5 sec. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Tue Nov 8 23:57:05 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Peter Russell wrote: > Thanks Matt. Like you said, i moved all the cf files out one at a time > until i found the culprit. I found it was the blacklist and > blacklist_uri rules sets causing the issues. Lint test is back down to > less than 8sec. > > DNS is a win2k server that is under powered, over loaded and about to be > decommissioned. But have always had heaps of issues settibng up a cache > in this network, another time maybe. Really?? it shouldn't be very hard.. With named all you need to do is set two global options, forward only and forwarders. You'll probably want to add a hint zone for . and a pair of zonefiles for localhost/127.0.0.1, but that's simple too. Your whole named.conf would look something akin to this: options { forward only; forwarders { 192.168.x.x;192.168.x.x; }; zone "." IN { type hint; file "named.ca"; }; zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; allow-update { none; }; }; Poof.. done.. local caching named. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ajos1 at onion.demon.co.uk Wed Nov 9 00:30:16 2005 From: ajos1 at onion.demon.co.uk (Dj Ajos1) Date: Thu Jan 12 21:31:10 2006 Subject: Calling All MCAFEE Users: Re: McAfee DownLoad URL does not work... Message-ID: - I have done more research into this download.nai.com problem... it seems that most of the problems seem to be that the address does not resolve all of the time... not sure why... Sometimes it resolves as a single address... another time... lots of aliases... other times not at all. People are right that they can still get the files on the system (if your know the names)... even though you cannot browse the link. I have not had a single failure after changing to: ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x Not sure what the solution is... but I definitely recommend a change from http://download.nai.com/products/datfiles/4.x/nai to one of the others that has been mentioned. > > Dj Ajos1 wrote: > > > > >Urgent update... as lots of people's mcafee systems will be out of > date > > (I think it has been wrong for months)! > > > > > >In file:- /usr/lib/MailScanner/mcafee-autoupdate > > > > > >The line/entry... > > > > > > FTPDIR=http://download.nai.com/products/datfiles/4.x/nai > > > > > >Does not work any more... > > > > > >But this one does! > > > > > > FTPDIR=ftp://ftpeur.nai.com/pub/antivirus/datfiles/4.x > > > > > >Thanks in advance... == ===================================================================== = = "I tend to look off to the right and left when I indulge in linear = analysis." = = Need help dealing with Parking Tickets, Bailiffs, Capita or NTL... = Call... +44 8457 90 90 90 http://www.samaritans.org/ = ===================================================================== ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From hywel.burris at COMTEC-EUROPE.CO.UK Wed Nov 9 00:55:03 2005 From: hywel.burris at COMTEC-EUROPE.CO.UK (Hywel Burris) Date: Thu Jan 12 21:31:10 2006 Subject: FW: US-CERT Technical Cyber Security Alert TA05-312A -- Microsoft Windows Image Processing Vulnerabilities Message-ID: This could be a bit of an issue, I couldn't see it in the filename rules. To I added this # Microsoft Windows vulnerable to buffer overflow via specially crafted "WMF" file added HB 09/11/05 deny \.wmf$ Possible Microsoft Media vunerability Dangerous attachment according to Microsoft KB896424 More info here also http://www.microsoft.com/technet/security/Bulletin/MS05-053.mspx Hywel -----Original Message----- From: US-CERT Technical Alerts [mailto:technical-alerts@us-cert.gov] Sent: 09 November 2005 00:01 To: technical-alerts@us-cert.gov Subject: US-CERT Technical Cyber Security Alert TA05-312A -- Microsoft Windows Image Processing Vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-312A Microsoft Windows Image Processing Vulnerabilities Original release date: November 08, 2005 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows 2000 * Microsoft Windows XP * Microsoft Windows Server 2003 For more complete information, refer to Microsoft Security Bulletin MS05-053. Overview Microsoft has released updates that address critical vulnerabilities in Windows graphics rendering services. A remote, unauthenticated attacker exploiting these vulnerabilities could execute arbitrary code or cause a denial of service on an affected system. I. Description The Microsoft Security Bulletin for November 2005 addresses multiple buffer overflows in Windows image processing routines. Viewing a specially crafted image from an application that uses a vulnerable routine may trigger these vulnerabilities. If this application can access images from remote sources, such as web sites or email, then remote exploitation is possible. Further information is available in the following US-CERT Vulnerability Notes: VU#300549 - Microsoft Windows Graphics Rendering Engine buffer overflow vulnerability Microsoft Windows Graphics Rendering Engine contains a buffer overflow that may allow a remote attacker to execute arbitrary code on a vulnerable system. (CVE-2005-2123) VU#433341 - Microsoft Windows vulnerable to buffer overflow via specially crafted "WMF" file Microsoft Windows may be vulnerable to remote code execution via a buffer overflow in the Windows Metafile image format handling. (CVE-2005-2124) VU#134756 - Microsoft Windows buffer overflow in Enhanced Metafile rendering API Microsoft Windows Enhanced Metafile Format image rendering routines contain a buffer overflow flaw that may allow an attacker to cause a denial-of-service condition. (CVE-2005-0803) III. Solution Apply Updates Microsoft has provided the updates to correct these vulnerabilities in Microsoft Security Bulletin MS05-053. These updates are also available on the Microsoft Update site. II. Impact A remote, unauthenticated attacker exploiting these vulnerabilities could execute arbitrary code with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take control of an affected system. An attacker may also be able to cause a denial of service. Appendix A. References * Microsoft Security Bulletin MS05-053 - * Microsoft Security Bulletin Summary for November 2005 - * US-CERT Vulnerability Note VU#300549 - * US-CERT Vulnerability Note VU#433341 - * US-CERT Vulnerability Note VU#134756 - * Microsoft Update - _________________________________________________________________ The most recent version of this document can be found at: _________________________________________________________________ Feedback can be directed to US-CERT. Please send email to: with "TA05-312A Feedback VU#300549" in the subject. _________________________________________________________________ Revision History Nov 08, 2005: Initial release _________________________________________________________________ Produced 2005 by US-CERT, a government organization. Terms of use _________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit . -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ3E5BH0pj593lg50AQISLAf+NMAgk3Up6wWphjOIQ89miwTHvpXHGmIH /mxHQ3PoN82NPkr8NmnLHhNAHqi8+ZI15lrympvr6xvm8C8FTxPU+dCa9CxS3c4l FLbTDbACHeD/OYwgvbE70Gx5ZUG95MMXgCRMHGiwIHaSHRspUQRMjRN5JubPjsyL S737+Yr19hMw6JQOWhM+Pn0MyAs6qm+4gfnIxO2Z1PsmpnushpqW505U6B6ZkF7W zCU0zecdwtZCMhWTu+3L/MqAjzt7VCsd2iC+0HS7WLvAcWoFcEvlL6Ai/E/eJLDm HQnO34E8231CcKRT4VACvs1QPFV1pvw1pihOAXveiBFoHpCIdPLc6g== =faQS -----END PGP SIGNATURE----- ************************************************************************ This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Wed Nov 9 02:36:33 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: I'm looking to upgrade MailScanner and Spamassassin on a Debian 3.1, it was installed by someone else and they no longer work here. So this has landed in my lap, so pardon my lack of the correct term. I've noticed that using apt-get does not upgrade to the latest version for SA or MS. Is this done primary through compiling tar files or Perl installation? mail:/etc/MailScanner# sa-learn --version SpamAssassin version 3.0.3 mail:/etc/MailScanner# MailScanner --version Running on Linux mail 2.4.25-bf2.4-lit #2 Tue Feb 24 16:40:45 WST 2004 i686 GNU/Linux This is Perl version 5.008004 (5.8.4) This is MailScanner version 4.41.3 Module versions are: 1.00 AnyDBM_File 1.14 Archive::Zip 1.02 Carp 1.119 Convert::BinHex 1.00 DirHandle 1.05 Fcntl 2.72 File::Basename 2.07 File::Copy 2.01 FileHandle 1.06 File::Path 0.14 File::Temp 1.29 HTML::Entities 3.45 HTML::Parser 2.30 HTML::TokeParser 1.21 IO 1.10 IO::File 1.123 IO::Pipe 1.62 Mail::Header 3.04 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.08 POSIX 1.77 Socket 0.05 Sys::Syslog 1.02 Time::localtime Optional module versions are: 1.808 DB_File 1.06 Digest missing Digest::HMAC 2.33 Digest::MD5 2.10 Digest::SHA1 missing Inline missing Mail::ClamAV 3.000003 Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.40 Test::Harness 0.47 Test::Simple 1.95 Text::Balanced missing URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 9 02:46:14 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > I'm looking to upgrade MailScanner and Spamassassin on a Debian 3.1, it was installed by someone else and they no longer work here. So this has landed in my lap, so pardon my lack of the correct term. > I've noticed that using apt-get does not upgrade to the latest version for SA or MS. > Is this done primary through compiling tar files or Perl installation? I think the "debian way" is to use apt, but I could be completely wrong The perl modules list you provided looks like it is missing at least one important one: > This is MailScanner version 4.41.3 > > Optional module versions are: > 1.808 DB_File > 1.06 Digest > missing Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin <<< slightly out of date, but not ancient > missing Mail::SPF::Query > missing Net::CIDR::Lite > missing Net::DNS <<<< that's a rather important one to miss out on -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dl6mpg at GMAIL.COM Wed Nov 9 07:20:36 2005 From: dl6mpg at GMAIL.COM (Uwe) Date: Thu Jan 12 21:31:10 2006 Subject: FW: US-CERT Technical Cyber Security Alert TA05-312A -- Microsoft Windows Image Processing Vulnerabilities Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] 2005/11/9, Hywel Burris : > # Microsoft Windows vulnerable to buffer overflow via specially crafted > "WMF" file added HB 09/11/05 > deny \.wmf$ Possible Microsoft Media vunerability > Dangerous attachment according to Microsoft KB896424 Virusscanners can´t catch this virus inside the picture ? Uwe ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 9 08:41:51 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:10 2006 Subject: F-prot advisory.. Message-ID: FYI, if you are running f-prot http://www.securityfocus.com/bid/15293/discuss -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Wed Nov 9 09:10:52 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: I've been trying to install the file and all I'm getting is the following: cpan> install Mail::SpamAssassin CPAN: Storable loaded ok LWP not available CPAN: Net::FTP loaded ok Fetching with Net::FTP: ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz It just stays there, is there a way to check that the program is working properly? Is there a conf file that I can look at to see if the source(s) are correct? or is there a way to rerun the perl configuration to choose another source. Thanks Jon >>> michele@BLACKNIGHT.IE 10:46:14 am 9/11/2005 >>> Jon Miller wrote: > I'm looking to upgrade MailScanner and Spamassassin on a Debian 3.1, it was installed by someone else and they no longer work here. So this has landed in my lap, so pardon my lack of the correct term. > I've noticed that using apt-get does not upgrade to the latest version for SA or MS. > Is this done primary through compiling tar files or Perl installation? I think the "debian way" is to use apt, but I could be completely wrong The perl modules list you provided looks like it is missing at least one important one: > This is MailScanner version 4.41.3 > > Optional module versions are: > 1.808 DB_File > 1.06 Digest > missing Digest::HMAC > 2.33 Digest::MD5 > 2.10 Digest::SHA1 > missing Inline > missing Mail::ClamAV > 3.000003 Mail::SpamAssassin <<< slightly out of date, but not ancient > missing Mail::SPF::Query > missing Net::CIDR::Lite > missing Net::DNS <<<< that's a rather important one to miss out on -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 9 08:52:55 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: Odd error in logs Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 08/11/05, paddy wrote: > On Tue, Nov 08, 2005 at 09:26:07AM -0500, Dave Filchak wrote: > > Hello all, > > > > Over the past two weeks or so, after an update to almost the latest ( > > have not installed the very last release yet ) I have started to see the > > following in my log reports: > > > > Your spam actions "/etc/mailscanner/rules/spamoptions.rules" looks > > like a filename. If this is a ruleset filename, it must end in .rule or > > .rules : 16 Time(s) > > > > This is odd because my rules file is named properly and in the right > > place. Can anyone shed some light on this? > > Not sure that I can, but I'll try ... > > The relevant code reads something like: > > $actions = MailScanner::Config::Value(CONFIG_OPTION, $this); > > (where CONFIG_OPTION is one of hamactions highscorespamactions spamactions) > > . > . > . > > @actions = split(" ", $actions); > > return unless @actions; > > # If they have just specified a filename, then something is wrong > if ($#actions==0 && $actions[0] =~ /\//) { > MailScanner::Log::WarnLog('Your spam actions "%s" looks like a filename.' . > ' If this is a ruleset filename, it must end in .rule or .rules', > $actions[0]); > $actions[0] = 'deliver'; > } > > So my wild guess is that Config::Value returns something like > '/etc/mailscanner/rules/spamoptions.rules' (when what you wanted returned was inside there) > > At which point I'm wondering: > > grep -i ^[^#]*actions MailScanner.conf > > An example of ruleset configuration might look like: > > Virus Scanning = %rules-dir%/Virus.Scanning.rules > > I even wonder whether you have a '/etc/mailscanner/' instead of '/etc/Mailscanner/' ? > > If its failing to load you might see WarnLog("Cannot open filename-rules file %s, skipping" > > I get kind of dizzy when I grep "\$isrules =" Config.pm > > But that's all I got right now. > > Any help ? > > Regards, > Paddy > -- > Perl 6 will give you the big knob. -- Larry Wall I haven't checked *anything*, just thinking along... Might the spamoptions.rules filename contain "embedded non-printable chars"? Or might it lack read perms for the user MS is running as? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Wed Nov 9 08:59:29 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Jon Miller wrote: > I've been trying to install the file and all I'm getting is the following: > cpan> install Mail::SpamAssassin > CPAN: Storable loaded ok > LWP not available > CPAN: Net::FTP loaded ok > Fetching with Net::FTP: > ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz > > It just stays there, is there a way to check that the program is working properly? Is there a conf file that I can look at to see if the source(s) are correct? or is there a way to rerun the perl configuration to choose another source. > > Thanks > > Jon In a new cpan session run the command: "o conf init" ( no quotes) this will walk you through the configuration. However, if you are on debian you should be using apt-get / apt-cache search to find and install the perl libraries For example: apt-get update;apt-cache search perl|grep dns gives me: -- libnet-dns-perl - Perform DNS queries from a Perl script Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jlmiller at MMTNETWORKS.COM.AU Wed Nov 9 09:42:07 2005 From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller) Date: Thu Jan 12 21:31:10 2006 Subject: upgrade info request Message-ID: Yes, I got the same plus some extras. But what I want to do is upgrage SA and using apt-get does not yield anything regarding SA. I'm assuming the only way of doing this is either to download and compile the .tgz or a perl upgrade. I saw on the CPAN search there is SA version 3.1. Also I wanted to install the Net::DNS and this too only sits at the prompt. So either my perl isn't configured properly or something else has gone off. Jon >>> michele@BLACKNIGHT.IE 4:59:29 pm 9/11/2005 >>> Jon Miller wrote: > I've been trying to install the file and all I'm getting is the following: > cpan> install Mail::SpamAssassin > CPAN: Storable loaded ok > LWP not available > CPAN: Net::FTP loaded ok > Fetching with Net::FTP: > ftp://ftp.perl.org/pub/CPAN/authors/01mailrc.txt.gz > > It just stays there, is there a way to check that the program is working properly? Is there a conf file that I can look at to see if the source(s) are correct? or is there a way to rerun the perl configuration to choose another source. > > Thanks > > Jon In a new cpan session run the command: "o conf init" ( no quotes) this will walk you through the configuration. However, if you are on debian you should be using apt-get / apt-cache search to find and install the perl libraries For example: apt-get update;apt-cache search perl|grep dns gives me: -- libnet-dns-perl - Perform DNS queries from a Perl script Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Nov 9 09:31:34 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:10 2006 Subject: Which SARE Rules? Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Thanks i will look into this when i finish my loginscript project (grrr). In the past i ahve used the RH caching name server installation - never even looked at its config, it always just worked. We moved the server to this subnet and it stopped and i didnt put much more effort in - i am motivated now, will look at using your tips on Monday. Thanks Pete Matt Kettler wrote: > Peter Russell wrote: > >>Thanks Matt. Like you said, i moved all the cf files out one at a time >>until i found the culprit. I found it was the blacklist and >>blacklist_uri rules sets causing the issues. Lint test is back down to >>less than 8sec. >> >>DNS is a win2k server that is under powered, over loaded and about to be >>decommissioned. But have always had heaps of issues settibng up a cache >>in this network, another time maybe. > > > Really?? it shouldn't be very hard.. > > With named all you need to do is set two global options, forward only and > forwarders. > > > You'll probably want to add a hint zone for . and a pair of zonefiles for > localhost/127.0.0.1, but that's simple too. > > Your whole named.conf would look something akin to this: > > options { > > forward only; > forwarders { > 192.168.x.x;192.168.x.x; > }; > > zone "." IN { > type hint; > file "named.ca"; > }; > > zone "localhost" IN { > type master; > file "localhost.zone"; > allow-update { none; }; > }; > > zone "0.0.127.in-addr.arpa" IN { > type master; > file "named.local"; > allow-update { none; }; > }; > > Poof.. done.. local caching named. > > > > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From pete at ENITECH.COM.AU Wed Nov 9 09:32:27 2005 From: pete at ENITECH.COM.AU (Pete Russell) Date: Thu Jan 12 21:31:10 2006 Subject: OT: leaving helper-app run mode Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I get a this too, since i added a bunch of new SARE rules. Not sure why because i think that app helper mode refers to call razor or pyzor or dcc? Pete Hywel Burris wrote: > Hi All, > > When I run a Lint I am getting some long times on leaving helper-app run > mode this seems to be associated with razor, as if I disable it in > spam.assassin.prefs it disapears. Has anyone else seen this or is 2-4 > seconds the norm for this? > > > [11441] dbg: rules: running raw-body-text per-line regexp tests; score > so far=0.738 0.0047 > [11441] dbg: rules: running full-text regexp tests; score so far=0.738 > 0.00483 > [11441] dbg: plugin: registering glue method for check_razor2_range > (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00031 > [11441] dbg: info: entering helper-app run mode 0.00059 > [11441] dbg: info: leaving helper-app run mode 2.69093 > [11441] dbg: razor2: part=0 engine=4 contested=0 confidence=0 0.00078 > [11441] dbg: razor2: results: spam? 0 0.00019 > [11441] dbg: razor2: results: engine 8, highest cf score: 0 0.00012 > [11441] dbg: razor2: results: engine 4, highest cf score: 0 0.00015 > [11441] dbg: plugin: registering glue method for check_razor2 > (Mail::SpamAssassin::Plugin::Razor2=HASH(0xa3dd10c)) 0.00023 > > Thanks in advance > > Hywel > > > ************************************************************************ > This e-mail and any attachments are strictly confidential and intended solely for the addressee. They may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, you must not copy the e-mail or the attachments, or use them for any purpose or disclose their contents to any other person. To do so may be unlawful. If you have received this transmission in error, please notify us as soon as possible and delete the message and attachments from all places in your computer where they are stored. > > Although we have scanned this e-mail and any attachments for viruses, it is your responsibility to ensure that they are actually virus free. > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 9 11:38:50 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: sophos-wrapper IDE directory Message-ID: Hi, I am using MailScanner with Sophos on a Solaris 8, intel box. I am very pleased with how it works. Ever since I started using this configuration I have had to tweak default settings so that the sophos- wrapper script had the correct path to the Sophos IDE files. I used to tweak the sophos-wrapper script each time I upgraded, but I have now used a soft link to make it work. Does any one think the sophos- wrapper script should be modified. The situation is this: The Sophos install, out-of-the-box, no changes installs to the following directories: /usr/local/bin - Executables /usr/local/lib - Libraries /usr/local/sav - Virus library and identity files The MailScanner sophos-wrapper script is configured expecting the IDE files to be in PREFIX/ide, thus: SAV_IDE=$PackageDir/ide I notice that the sophos-autoupdate script also looks in this directory. I don't use this to update as I am using the EM Library to manage updates across the department. My question is, does other installs of Sophos put the IDE files in the ide directory? In which case should there be some form of check for OS? If this is the default for all installs, can the sophos- wrapper script be updated to reflect this? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "It is a sobering thought, for example, that when Mozart was my age, he had been dead for two years." - Tom Lehrer ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From G.Pentland at SOTON.AC.UK Wed Nov 9 12:28:20 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:31:10 2006 Subject: sophos-wrapper IDE directory Message-ID: MailScanner mailing list wrote: > I notice that the sophos-autoupdate script also looks in this > directory. Yes it does... > I don't use this to update as I am using the EM Library > to manage updates across the department. That'll be the difference... Ignore the fact that I have /opt/local/sophos for my $PackageDir, which is a link to the installed version... $ ls -l /opt/local/sophos lrwxrwxrwx 1 root root 10 Nov 9 10:30 /opt/local/sophos -> sophos.397 $ ls -l /opt/local/sophos.397/ total 28 drwxr-xr-x 2 root root 12288 Nov 9 12:01 397.200511091201 drwxr-xr-x 2 root root 4096 Sep 14 10:19 bin lrwxrwxrwx 1 root root 34 Nov 9 12:01 ide -> /opt/local/sophos/397.200511091201 drwxr-xr-x 2 root root 4096 Sep 14 10:37 lib The "ide" link is created by the update script after it has downloaded the IDE files and put them in the . directory. > My question is, does other installs of Sophos put the IDE files in > the ide directory? In which case should there be some form of check > for OS? If this is the default for all installs, can the sophos- > wrapper script be updated to reflect this? I'd suggest that the existing wrapper script be left as-is but there is potential for an additional one for use with SophosEM. just my 2c, Gary ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From warren at SOFTOV.CO.IL Wed Nov 9 12:22:59 2005 From: warren at SOFTOV.CO.IL (Warren Burstein) Date: Thu Jan 12 21:31:10 2006 Subject: message from mailscanner: ignoring text in character set Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm running MailScanner-4.47.4-2 on CentOS release 3.4 (which I understand is a derivative of Redhat Enterprise Edition). When I run MailScanner in Debug mode, if a message is in the queue with a subject containing text in windows-1255, I see the following message: ignoring text in character set `WINDOWS-1255' at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 359 I searched the archives and found in http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind02&L=MAILSCANNER&P=R309317&I=-3 that there was a similar message in 2002 regarding windows-1252, and it was fixed. I also read that this was not something to worry about, so I'm not worrying, but I like to get rid of error messages so that if there is a real problem it will stand out. So, if anyone remembers what was done to make this work for windows-1252, could you tell me, and I'll see if I can do likewise for 1255? thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 9 12:47:13 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: sophos-wrapper IDE directory Message-ID: Hi, That makes sense. In that case I would agree that a wrapper that worked with a standard install of Sophos as well as the one that works with the MailScanner update scripts would be useful. The EM stuff is a bit of a red herring, as I have only just updated the Solaris boxes to use it. I had the same issue when working with the standard install of Sophos. I realise that MailScanner is very much geared up to install and configure the whole system these days, inc SpamAssassin, ClamAV, MTA etc. But I had a lot of these installed (to their default places) _before_ I installed MailScanner, and I am not ready to adopt a completely new way of working. It seems to me that there are probably other people who also like to work with the separate packages. > MailScanner mailing list wrote: > > I notice that the sophos-autoupdate script also looks in this > > directory. > > Yes it does... > > > I don't use this to update as I am using the EM Library > > to manage updates across the department. > > That'll be the difference... > > Ignore the fact that I have /opt/local/sophos for my $PackageDir, > which is a link to the installed version... > > $ ls -l /opt/local/sophos > lrwxrwxrwx 1 root root 10 Nov 9 10:30 /opt/local/sophos -> > sophos.397 $ ls -l /opt/local/sophos.397/ total 28 drwxr-xr-x 2 root > root 12288 Nov 9 12:01 397.200511091201 drwxr-xr-x 2 root root 4096 > Sep 14 10:19 bin lrwxrwxrwx 1 root root 34 Nov 9 12:01 ide -> > /opt/local/sophos/397.200511091201 drwxr-xr-x 2 root root 4096 Sep > 14 10:37 lib > > The "ide" link is created by the update script after it has downloaded > the IDE files and put them in the . directory. > > > My question is, does other installs of Sophos put the IDE files in > > the ide directory? In which case should there be some form of check > > for OS? If this is the default for all installs, can the sophos- > > wrapper script be updated to reflect this? > > I'd suggest that the existing wrapper script be left as-is but there > is potential for an additional one for use with SophosEM. > > just my 2c, > > Gary > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "Computer software consists of only two components: ones and zeros, in roughly equal proportions. All that is required is to sort them into the correct order. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Wed Nov 9 14:14:55 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command relevent for MailScanner bundle Message-ID: I've came across this command spamassassin -D --lint on the Rules Emporium website. They indicate you must run this command before implementing new Live rules. Should this command be used even if I am using MailsScanner port for FreeBSD? I installed MailScanner bundle using (install-ClamSA). What are the command line arguments -D --lint?? I can't seem to find docs explaining what each argument is and why? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From drew at THEMARSHALLS.CO.UK Wed Nov 9 14:26:46 2005 From: drew at THEMARSHALLS.CO.UK (Drew Marshall) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wed, November 9, 2005 14:14, Marc Dufresne wrote: > I've came across this command spamassassin -D --lint on the Rules > Emporium website. They indicate you must run this command before > implementing new Live rules. > > Should this command be used even if I am using MailsScanner port for > FreeBSD? I installed MailScanner bundle using (install-ClamSA). Yes, although I would also add -p /usr/local/etc/MailScanner/spam.assasin.rules > > What are the command line arguments -D --lint?? I can't seem to find > docs explaining what each argument is and why? -D is debug, --lint is the rules test (There is probably a better explaination but you get the idea), -p path to prefs file HTH Drew -- In line with our policy, this message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. www.themarshalls.co.uk/policy ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Wed Nov 9 14:32:31 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command relevent for MailScanner bundle Message-ID: Hi, Running spamassassin from the command line runs the spamassassin program. -D runs the program in debug mode --lint runs the program and tests that the config files are contain no errors. This is a good test to ensure that you haven't introduced any syntax errors into the config files when you updated the rules. > I've came across this command spamassassin -D --lint on the Rules > Emporium website. They indicate you must run this command before > implementing new Live rules. > > Should this command be used even if I am using MailsScanner port for > FreeBSD? I installed MailScanner bundle using (install-ClamSA). > > What are the command line arguments -D --lint?? I can't seem to find > docs explaining what each argument is and why? > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' but 'That's funny....'" -- Isaac Asimov ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Wed Nov 9 14:32:55 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:10 2006 Subject: run spamassassin -D --lint Is this command relevent for MailScanner bundle Message-ID: Marc Most people use RulesDuJour to update their rules from Rulesemporium etc. You'll need to ammend the lint check to something like.. spamassassin -p /usr/local/etc/MailScanner/spam.assassin.prefs.conf -D --lint (all one line, check the path is correct, I don't run the FreeBSD port version) This checks any new rules for syntax errors before you restart MailScanner, as you want the new rules to work before you restart MS and implement these new rules.... -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Marc Dufresne > Sent: 09 November 2005 14:15 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] run spamassassin -D --lint Is this command relevent > for MailScanner bundle > > I've came across this command spamassassin -D --lint on the Rules > Emporium website. They indicate you must run this command before > implementing new Live rules. > > Should this command be used even if I am using MailsScanner port for > FreeBSD? I installed MailScanner bundle using (install-ClamSA). > > What are the command line arguments -D --lint?? I can't seem to find > docs explaining what each argument is and why? > > > > Marc Dufresne, Corporate IT Officer > St. Lawrence Parks Commission > 13740 County Road 2 > Morrisburg, ON K0C 1X0 > > E-mail: Marc.Dufresne@parks.on.ca > Voice: 613-543-3704 Ext#2455 > Fax: 613-543-2847 > Corporate website: www.parks.on.ca > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Wed Nov 9 14:39:33 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:10 2006 Subject: Basic Sendmail question Message-ID: Your right, I missed that statement at the top of the Sendmail.cf. Sendmail seems to be working, and I don't want to risk misconfiguring it now. Since I modified the wrong file with that statement, what do you suggest I do? Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca >>> dh@UPTIME.AT 11/8/2005 10:16 AM >>> Marc Dufresne wrote: > This is what I had to modify in my sendmail.cf file on FreeBSD 5.4: > > Search "sendmail.cf" for: > > #SMTP daemon options > O DaemonPortOptions=Name=IPv4, Family=inet, addr= to listen on> > > i.e. > > O DaemonPortOptions=Name=IPv4, Family=inet, addr=24.34.56.23 > > Restart sendmail. You should see it listen on the correct IP. > Please NEVER EVER modify your *.cf files. Modify the *.mc files and generate the *.cf files using your m4 interpreter. You will end up in chaos if you to know follow this path with sendmail :) -d ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From chris at TAC.ESI.NET Wed Nov 9 14:39:54 2005 From: chris at TAC.ESI.NET (chris hammond) Date: Thu Jan 12 21:31:10 2006 Subject: MailScanner book reviews? Message-ID: I received my copy last Friday and have been reading through it. IMHO, yes the book is worth the cost. My $.02 American Chris >>>jeff@DYNAMICTELECARD.COM 11/01/05 4:11 pm >>> Has anyone on the list purchased the latest edition of the Mailscanner book? I'm curious about what you think of it. (If not the updated August 2005 version, a previous version is okay.) Do you think the book is worth the cost? Perhaps you don't think it's worth it but want to support the project. I can't find a list of what is covered in the book so I'm left with a public plea for information. Feel free to email me offlist if you prefer not to make a public statement. Thanks, -Jeff ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Wed Nov 9 15:13:29 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: Hi There has been a little desussion between me and other mail admins, working in same line of bussiness running a shared RBL-server. Since the heaalthcare business here have rules and regulations its sometimes hard to use external RBL's that we can't controll. There is a mix of systems but mainly Exchange/Notes and of course sendmail/mailscanner running in different locations. Has anyone got any experince in running RBL and could shed some light if its worth running it of just a wast of time. Our mail goals would be distributed servers and fairly easy updates of lists since the might be alot of manual workbeacause of laws/regulations /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From taz at TAZ-MANIA.COM Wed Nov 9 17:10:52 2005 From: taz at TAZ-MANIA.COM (Dennis Willson) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] The most work is keeping it curent. I use an automated system I wrote to collect addresses of Spam sources. There are also the remove requests that come along and they have to be handled. I store my entries in an SQL database and then run a cron job that dumps the database into a zone file. That allows me to use an un-modifed version of bind. I have, in the past, maintained the zone files by hand... lots of work if it's a busy RBL All the adds and removes. Depending on how you use it, there may not be so many removes. Once I figured out a couple of ways to attract the Zombie Army I was getting much fewer removes since no real email ever comes from those machines and the owners don't know their listed. Having a local RBL can be very benificial as you're in complete control. Add what you want and remove what you want based on you're own criteria. I have also hosted public RBLs and they really get problamatic becase if you're at all effective, you will be attacked. I finally had to shutdown the public lists because I couldn't afford being attacked all the time. Dennis Anders Andersson, IT wrote: >Hi >There has been a little desussion between me and other mail admins, >working in same line of bussiness running a shared RBL-server. Since the >heaalthcare business here have rules and regulations its sometimes hard >to use external RBL's that we can't controll. There is a mix of systems >but mainly Exchange/Notes and of course sendmail/mailscanner running in >different locations. >Has anyone got any experince in running RBL and could shed some light if >its worth running it of just a wast of time. >Our mail goals would be distributed servers and fairly easy updates of >lists since the might be alot of manual workbeacause of laws/regulations > >/Anders > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Wed Nov 9 17:39:33 2005 From: dyioulos at FIRSTBHPH.COM (Diggy) Date: Thu Jan 12 21:31:10 2006 Subject: MCP cf Message-ID: Hello to all. This morning I enabled mcp on the latest release of MS running on a CentOS 3.5 box along with sendmail-8.12.11-4.RHEL3.1. Documentation says I should install a sendmail patch for mcp to scan certain attachments. Is that the case with my version of sendmail? Also, Are there any examples of mcp cf, other than the sample included with MS, that I can have a look at? I'm really not a coder at all, but can learn easily if I see some examples. Thanks so much. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed Nov 9 18:00:11 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:10 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I still am having problems and cannot figure out why.... Nov 9 12:20:45 stewy MailScanner[946]: New Batch: Scanning 1 messages, 8128 bytes Nov 9 12:20:45 stewy MailScanner[946]: Spam Checks: Starting Nov 9 12:20:49 stewy MailScanner[946]: Virus and Content Scanning: Starting Nov 9 12:20:50 stewy MailScanner[946]: tag found in message 50B34BEDB.A57E4 from terry@helliker.net Nov 9 12:20:50 stewy MailScanner[946]: Requeue: 50B34BEDB.A57E4 to AA2D0BF4C Nov 9 12:20:50 stewy MailScanner[946]: Uninfected: Delivered 1 messages Nov 9 12:21:42 stewy MailScanner[10390]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 9 12:21:42 stewy MailScanner[10390]: Read 120 hostnames from the phishing whitelist Nov 9 12:21:43 stewy MailScanner[10390]: Enabling SpamAssassin auto-whitelist functionality... Nov 9 12:21:47 stewy MailScanner[10390]: Using locktype = flock Died at he time above but still had MailScanner processes running... I then restarted at the time below Nov 9 12:54:30 stewy MailScanner[14310]: MailScanner E-Mail Virus Scanner version 4.41.3 starting... Nov 9 12:54:30 stewy MailScanner[14310]: Read 120 hostnames from the phishing whitelist Nov 9 12:54:31 stewy MailScanner[14310]: Enabling SpamAssassin auto-whitelist functionality... Nov 9 12:54:36 stewy MailScanner[14310]: Using locktype = flock Nov 9 12:54:36 stewy MailScanner[14310]: New Batch: Found 63 messages waiting It very unreliable now, i have to restart every 15 mins to make sure mail gets delivered.... Any suggestions on what to look for?? The debug did not seem to help much... Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Rob" To: Sent: Tuesday, November 08, 2005 3:35 PM Subject: Re: Its not ny day for mailscanner > ok so after doing this it scanned one message and gave me what seemed to > be a normal output.... but i can not site at the consol all day running it > in debug mode and restarting each time?? > > any other things i should look at.... > BTW when i say die, it looks like its dead, as i see mailscanner processes > in a ps but in the log file i see no mailscanner stuff running... could > it be because recently i added RBLs and razor? > > Thanks... > > Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the > phishing whitelist > Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin > auto-whitelist functionality... > Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = > flock > Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 > Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock > Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, > 22625 bytes > Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 > messages > Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting > Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 > Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 > Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 found > in SBL+XBL > Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 > Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 > Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from > 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is spam, > SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, > DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, > DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP > 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, > RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) > Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam messages > Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message > 51791BF61.03596 actions are delete > Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: > Starting > Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... > Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav > Nov 8 15:27:37 stewy MailScanner[670]: tag found in message > 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca > Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to > A53A5BF4C > Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages > Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages > Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: > from=, size=20795, nrcpt=1 > (queue active) > Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old age > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Stephen Swaney" > To: > Sent: Monday, November 07, 2005 5:51 PM > Subject: Re: Its not ny day for mailscanner > > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Ugo Bellavance >>> Sent: Monday, November 07, 2005 5:00 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Its not ny day for mailscanner >>> >>> Stephen Swaney wrote: >>> >> -----Original Message----- >>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> >> Behalf Of Rob >>> >> Sent: Monday, November 07, 2005 3:45 PM >>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>> >> Subject: Its not ny day for mailscanner >>> >> >>> >> First off thanks to all for helping me out in the last few days on >>> >> this >>> >> list i really appreciate it... >>> >> >>> >> No i have another strange problem... >>> >> >>> >> MS seems to silently die, and mail keeps coming in but not being >>> >> delivered.... >>> >> >>> >> Nothing in the logs other than the below... >>> >> >>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> >>> >> When i run the /usr/sbin/check_mailscaner it says >>> >> >>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>> >> MailScanner running with pid 8146 8147 >>> >> >>> >> >>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>> >> activity until i restart by /etc/init.d/mailscanner restart >>> >> >>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>> >> >>> >> Any ideas? >>> >> >>> >> Rob... >>> >> http://www.stupidguytalk.org >>> > >>> > To make the error a little noisier, in MailScanner.conf please set: >>> > >>> > Debug = no >>> > Debug SpamAssassin = no >>> > >>> > Then stop and then start MailScanner from the command line. Watch the >>> screen >>> > output. The reason for MailScanner dying should appear. >>> > >>> > Steve >>> > >>> > Stephen Swaney >>> > Fort Systems Ltd. >>> > stephen.swaney@fsl.com >>> > www.fsl.com >>> > >>> >>> I'd say yes, Steve, not no :) >>> >>> Debug = yes >>> Debug SpamAssassin = yes >>> >>> -- >>> Ugo >> >> Of course, Silly me. Thanks Ugo! >> >> Steve >> >> Stephen Swaney >> Fort Systems Ltd. >> stephen.swaney@fsl.com >> www.fsl.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Stephen Swaney" > To: > Sent: Monday, November 07, 2005 5:51 PM > Subject: Re: Its not ny day for mailscanner > > >>> -----Original Message----- >>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> Behalf Of Ugo Bellavance >>> Sent: Monday, November 07, 2005 5:00 PM >>> To: MAILSCANNER@JISCMAIL.AC.UK >>> Subject: Re: Its not ny day for mailscanner >>> >>> Stephen Swaney wrote: >>> >> -----Original Message----- >>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>> >> Behalf Of Rob >>> >> Sent: Monday, November 07, 2005 3:45 PM >>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>> >> Subject: Its not ny day for mailscanner >>> >> >>> >> First off thanks to all for helping me out in the last few days on >>> >> this >>> >> list i really appreciate it... >>> >> >>> >> No i have another strange problem... >>> >> >>> >> MS seems to silently die, and mail keeps coming in but not being >>> >> delivered.... >>> >> >>> >> Nothing in the logs other than the below... >>> >> >>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>> Scanner >>> >> version 4.41.3 starting... >>> >> >>> >> When i run the /usr/sbin/check_mailscaner it says >>> >> >>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>> >> MailScanner running with pid 8146 8147 >>> >> >>> >> >>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>> >> activity until i restart by /etc/init.d/mailscanner restart >>> >> >>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>> >> >>> >> Any ideas? >>> >> >>> >> Rob... >>> >> http://www.stupidguytalk.org >>> > >>> > To make the error a little noisier, in MailScanner.conf please set: >>> > >>> > Debug = no >>> > Debug SpamAssassin = no >>> > >>> > Then stop and then start MailScanner from the command line. Watch the >>> screen >>> > output. The reason for MailScanner dying should appear. >>> > >>> > Steve >>> > >>> > Stephen Swaney >>> > Fort Systems Ltd. >>> > stephen.swaney@fsl.com >>> > www.fsl.com >>> > >>> >>> I'd say yes, Steve, not no :) >>> >>> Debug = yes >>> Debug SpamAssassin = yes >>> >>> -- >>> Ugo >> >> Of course, Silly me. Thanks Ugo! >> >> Steve >> >> Stephen Swaney >> Fort Systems Ltd. >> stephen.swaney@fsl.com >> www.fsl.com >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Wed Nov 9 18:04:02 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:10 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] If it helps i also added an init.pre file from SA source as debian did not have it in /etc/spamassassin the contents of the file are below.... # RelayCountry - add metadata for Bayes learning, marking the countries # a message was relayed through # # loadplugin Mail::SpamAssassin::Plugin::RelayCountry # URIDNSBL - look up URLs found in the message against several DNS # blocklists. # loadplugin Mail::SpamAssassin::Plugin::URIDNSBL # Hashcash - perform hashcash verification. # loadplugin Mail::SpamAssassin::Plugin::Hashcash # SPF - perform SPF verification. # loadplugin Mail::SpamAssassin::Plugin::SPF Could this be causing anything? Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Rob" To: Sent: Wednesday, November 09, 2005 1:00 PM Subject: Re: Its not ny day for mailscanner >I still am having problems and cannot figure out why.... > > Nov 9 12:20:45 stewy MailScanner[946]: New Batch: Scanning 1 messages, > 8128 bytes > Nov 9 12:20:45 stewy MailScanner[946]: Spam Checks: Starting > Nov 9 12:20:49 stewy MailScanner[946]: Virus and Content Scanning: > Starting > Nov 9 12:20:50 stewy MailScanner[946]: tag found in message > 50B34BEDB.A57E4 from terry@helliker.net > Nov 9 12:20:50 stewy MailScanner[946]: Requeue: 50B34BEDB.A57E4 to > AA2D0BF4C > Nov 9 12:20:50 stewy MailScanner[946]: Uninfected: Delivered 1 messages > Nov 9 12:21:42 stewy MailScanner[10390]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 9 12:21:42 stewy MailScanner[10390]: Read 120 hostnames from the > phishing whitelist > Nov 9 12:21:43 stewy MailScanner[10390]: Enabling SpamAssassin > auto-whitelist functionality... > Nov 9 12:21:47 stewy MailScanner[10390]: Using locktype = flock > > Died at he time above but still had MailScanner processes running... > I then restarted at the time below > > Nov 9 12:54:30 stewy MailScanner[14310]: MailScanner E-Mail Virus Scanner > version 4.41.3 starting... > Nov 9 12:54:30 stewy MailScanner[14310]: Read 120 hostnames from the > phishing whitelist > Nov 9 12:54:31 stewy MailScanner[14310]: Enabling SpamAssassin > auto-whitelist functionality... > Nov 9 12:54:36 stewy MailScanner[14310]: Using locktype = flock > Nov 9 12:54:36 stewy MailScanner[14310]: New Batch: Found 63 messages > waiting > > It very unreliable now, i have to restart every 15 mins to make sure mail > gets delivered.... > > Any suggestions on what to look for?? > The debug did not seem to help much... > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Rob" > To: > Sent: Tuesday, November 08, 2005 3:35 PM > Subject: Re: Its not ny day for mailscanner > > >> ok so after doing this it scanned one message and gave me what seemed to >> be a normal output.... but i can not site at the consol all day running >> it in debug mode and restarting each time?? >> >> any other things i should look at.... >> BTW when i say die, it looks like its dead, as i see mailscanner >> processes in a ps but in the log file i see no mailscanner stuff >> running... could it be because recently i added RBLs and razor? >> >> Thanks... >> >> Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner >> version 4.41.3 starting... >> Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the >> phishing whitelist >> Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin >> auto-whitelist functionality... >> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = >> flock >> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 >> Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock >> Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, >> 22625 bytes >> Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 >> messages >> Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting >> Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 >> Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 >> Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 found >> in SBL+XBL >> Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 >> Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 >> Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from >> 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is >> spam, SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, >> DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, >> DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP >> 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, >> RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) >> Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam >> messages >> Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message >> 51791BF61.03596 actions are delete >> Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: >> Starting >> Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... >> Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav >> Nov 8 15:27:37 stewy MailScanner[670]: tag found in message >> 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca >> Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to >> A53A5BF4C >> Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages >> Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages >> Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: >> from=, size=20795, nrcpt=1 >> (queue active) >> Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old >> age >> >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> ----- Original Message ----- >> From: "Stephen Swaney" >> To: >> Sent: Monday, November 07, 2005 5:51 PM >> Subject: Re: Its not ny day for mailscanner >> >> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Ugo Bellavance >>>> Sent: Monday, November 07, 2005 5:00 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Its not ny day for mailscanner >>>> >>>> Stephen Swaney wrote: >>>> >> -----Original Message----- >>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> >> On >>>> >> Behalf Of Rob >>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>> >> Subject: Its not ny day for mailscanner >>>> >> >>>> >> First off thanks to all for helping me out in the last few days on >>>> >> this >>>> >> list i really appreciate it... >>>> >> >>>> >> No i have another strange problem... >>>> >> >>>> >> MS seems to silently die, and mail keeps coming in but not being >>>> >> delivered.... >>>> >> >>>> >> Nothing in the logs other than the below... >>>> >> >>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> >>>> >> When i run the /usr/sbin/check_mailscaner it says >>>> >> >>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>> >> MailScanner running with pid 8146 8147 >>>> >> >>>> >> >>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>> >> >>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>> >> >>>> >> Any ideas? >>>> >> >>>> >> Rob... >>>> >> http://www.stupidguytalk.org >>>> > >>>> > To make the error a little noisier, in MailScanner.conf please set: >>>> > >>>> > Debug = no >>>> > Debug SpamAssassin = no >>>> > >>>> > Then stop and then start MailScanner from the command line. Watch the >>>> screen >>>> > output. The reason for MailScanner dying should appear. >>>> > >>>> > Steve >>>> > >>>> > Stephen Swaney >>>> > Fort Systems Ltd. >>>> > stephen.swaney@fsl.com >>>> > www.fsl.com >>>> > >>>> >>>> I'd say yes, Steve, not no :) >>>> >>>> Debug = yes >>>> Debug SpamAssassin = yes >>>> >>>> -- >>>> Ugo >>> >>> Of course, Silly me. Thanks Ugo! >>> >>> Steve >>> >>> Stephen Swaney >>> Fort Systems Ltd. >>> stephen.swaney@fsl.com >>> www.fsl.com >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> ----- Original Message ----- >> From: "Stephen Swaney" >> To: >> Sent: Monday, November 07, 2005 5:51 PM >> Subject: Re: Its not ny day for mailscanner >> >> >>>> -----Original Message----- >>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>> Behalf Of Ugo Bellavance >>>> Sent: Monday, November 07, 2005 5:00 PM >>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>> Subject: Re: Its not ny day for mailscanner >>>> >>>> Stephen Swaney wrote: >>>> >> -----Original Message----- >>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>> >> On >>>> >> Behalf Of Rob >>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>> >> Subject: Its not ny day for mailscanner >>>> >> >>>> >> First off thanks to all for helping me out in the last few days on >>>> >> this >>>> >> list i really appreciate it... >>>> >> >>>> >> No i have another strange problem... >>>> >> >>>> >> MS seems to silently die, and mail keeps coming in but not being >>>> >> delivered.... >>>> >> >>>> >> Nothing in the logs other than the below... >>>> >> >>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>> Scanner >>>> >> version 4.41.3 starting... >>>> >> >>>> >> When i run the /usr/sbin/check_mailscaner it says >>>> >> >>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>> >> MailScanner running with pid 8146 8147 >>>> >> >>>> >> >>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>> >> >>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>> >> >>>> >> Any ideas? >>>> >> >>>> >> Rob... >>>> >> http://www.stupidguytalk.org >>>> > >>>> > To make the error a little noisier, in MailScanner.conf please set: >>>> > >>>> > Debug = no >>>> > Debug SpamAssassin = no >>>> > >>>> > Then stop and then start MailScanner from the command line. Watch the >>>> screen >>>> > output. The reason for MailScanner dying should appear. >>>> > >>>> > Steve >>>> > >>>> > Stephen Swaney >>>> > Fort Systems Ltd. >>>> > stephen.swaney@fsl.com >>>> > www.fsl.com >>>> > >>>> >>>> I'd say yes, Steve, not no :) >>>> >>>> Debug = yes >>>> Debug SpamAssassin = yes >>>> >>>> -- >>>> Ugo >>> >>> Of course, Silly me. Thanks Ugo! >>> >>> Steve >>> >>> Stephen Swaney >>> Fort Systems Ltd. >>> stephen.swaney@fsl.com >>> www.fsl.com >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 9 18:04:09 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Anders Andersson, IT wrote: >Hi >There has been a little desussion between me and other mail admins, >working in same line of bussiness running a shared RBL-server. Since the >heaalthcare business here have rules and regulations its sometimes hard >to use external RBL's that we can't controll. There is a mix of systems >but mainly Exchange/Notes and of course sendmail/mailscanner running in >different locations. >Has anyone got any experince in running RBL and could shed some light if >its worth running it of just a wast of time. >Our mail goals would be distributed servers and fairly easy updates of >lists since the might be alot of manual workbeacause of laws/regulations > >/Anders > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > I'd love to help. I can host/mirror if you like, on CentOS/RedHat. I've been thinking of setting up a latin american (or panamanian) RBL for local spammers/infected machines/etc. - and I could also set up honeypots or honeypot domains if needed. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From alex at NKPANAMA.COM Wed Nov 9 18:06:27 2005 From: alex at NKPANAMA.COM (Alex Neuman van der Hans) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Dennis Willson wrote: > > Having a local RBL can be very benificial as you're in complete > control. Add what you want and remove what you want based on you're > own criteria. I have also hosted public RBLs and they really get > problamatic becase if you're at all effective, you will be attacked. > I finally had to shutdown the public lists because I couldn't afford > being attacked all the time. If anyone reading this list wants to help setting up/hosting/mirroring a DNSBL I'd be happy to contribute with my server(s), and any expertise you might need testing/maintaining. I want to set one up for my country, but I don't mind helping out the rest of my MailScanner peeps :) I've got MySQL/Bind running on CentOS/Fedora, if it helps. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Wed Nov 9 18:22:28 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 09/11/05, Anders Andersson, IT wrote: > Hi > There has been a little desussion between me and other mail admins, > working in same line of bussiness running a shared RBL-server. Since the > heaalthcare business here have rules and regulations its sometimes hard > to use external RBL's that we can't controll. Really? Assuming you don't have any other rules than the ones governing any Swedish government works/institutions, you should be fine... at least using them for scoring and probably even for flat-out rejections. STAKO has a nice publication on the legal aspects of this for public institutions ... http://www.statskontoret.se/upload/Publikationer/2005/200505.pdf ... Perhaps worth reading for you too? -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 9 18:24:46 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:10 2006 Subject: MCP cf Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Diggy spake the following on 11/9/2005 9:39 AM: > Hello to all. > > This morning I enabled mcp on the latest release of MS running on a CentOS > 3.5 box along with sendmail-8.12.11-4.RHEL3.1. Documentation says I should > install a sendmail patch for mcp to scan certain attachments. Is that the > case with my version of sendmail? > > Also, Are there any examples of mcp cf, other than the sample included with > MS, that I can have a look at? I'm really not a coder at all, but can learn > easily if I see some examples. > > Thanks so much. > I believe you patch spamassassin, not sendmail. That is only to look inside non-text attachments, like word documents. See http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/ -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From vaughn at BLUEMTNET.COM Wed Nov 9 18:59:17 2005 From: vaughn at BLUEMTNET.COM (Vaughn Skinner) Date: Thu Jan 12 21:31:10 2006 Subject: Distributed spammer attacks? Message-ID: Using milter-sender we are getting many of the following syslog entries. (addresses changed to protect the innocent) Nov 9 04:25:03 server sendmail[26187]: jA9CP0Eb026187: Milter: helo=1.2.3.4 reject=550 5.7.1 HELO 1.2.3.4 claims to be us 'server.domain' [1.2.3.4], but the connection [220.184.102.95] is not us Yesterday we received 2901 of these. 2586 are unique machines and the most any one hit was 6 times. Here is a test session where I duplicated the abuse showing what others are doing. I expect we are looking at a distributed spam network. Has anyone else experienced this, and if so any thoughts about a solution? The only thing I can think of to counter this would be a common dnsbl. Vaughn 220 1.2.3.4 ESMTP Sendmail 1.0/1.0; Wed, 9 Nov 2005 10:30:39 -0800 HELO 1.2.3.4 250 1.2.3.4 Hello test [2.3.4.5], pleased to meet you mail from: 550 5.7.1 HELO 1.2.3.4 claims to be us '1.2.3.4' [1.2.3.4], but the connection [2.3.4.5] is not us ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mike at CAMAROSS.NET Wed Nov 9 19:13:22 2005 From: mike at CAMAROSS.NET (Mike Kercher) Date: Thu Jan 12 21:31:10 2006 Subject: Distributed spammer attacks? Message-ID: MailScanner mailing list <> scribbled on Wednesday, November 09, 2005 12:59 PM: > Using milter-sender we are getting many of the following > syslog entries. > (addresses changed to protect the innocent) > > Nov 9 04:25:03 server sendmail[26187]: jA9CP0Eb026187: > Milter: helo=1.2.3.4 reject=550 5.7.1 HELO 1.2.3.4 claims to > be us 'server.domain' [1.2.3.4], but the connection > [220.184.102.95] is not us > > Yesterday we received 2901 of these. 2586 are unique > machines and the most any one hit was 6 times. > > Here is a test session where I duplicated the abuse showing > what others are doing. > > I expect we are looking at a distributed spam network. Has > anyone else experienced this, and if so any thoughts about a > solution? The only thing I can think of to counter this > would be a common dnsbl. > > Vaughn > > 220 1.2.3.4 ESMTP Sendmail 1.0/1.0; Wed, 9 Nov 2005 10:30:39 > -0800 HELO 1.2.3.4 250 1.2.3.4 Hello test [2.3.4.5], pleased > to meet you mail from: 550 5.7.1 HELO 1.2.3.4 > claims to be us '1.2.3.4' [1.2.3.4], but the connection > [2.3.4.5] is not us > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! I use milter-sender too and I also see this in my logs all the time. I suspect the spammers are trying to exploit an MX that is configured to allow it's own IP address to relay (instead of 127.0.0.1). I may be wrong. I don't worry about these entries since milter-sender is preventing the junk from coming in. Mike ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dyioulos at FIRSTBHPH.COM Wed Nov 9 19:27:41 2005 From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos) Date: Thu Jan 12 21:31:10 2006 Subject: MCP cf Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On Wednesday November 09 2005 1:24 pm, Scott Silva wrote: > Diggy spake the following on 11/9/2005 9:39 AM: > > Hello to all. > > > > This morning I enabled mcp on the latest release of MS running on a > > CentOS 3.5 box along with sendmail-8.12.11-4.RHEL3.1. Documentation says > > I should install a sendmail patch for mcp to scan certain attachments. > > Is that the case with my version of sendmail? > > > > Also, Are there any examples of mcp cf, other than the sample included > > with MS, that I can have a look at? I'm really not a coder at all, but > > can learn easily if I see some examples. > > > > Thanks so much. > > I believe you patch spamassassin, not sendmail. That is only to look > inside non-text attachments, like word documents. > > See http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/ > > Scott, I really, really need to be careful about reading the how-to's. Thanks for pointing out that it's spamassassin I need to patch. Would the patch work on an rpm-based spamassassin installation? I have looked at http://www.sng.ecs.soton.ac.uk/mailscanner/install/mcp/, but as to the mcp cf, it says to look at the sample. The sample isn't that helpful to me (it's just me) - I was hoping to see a real-world example. If someone would be kind enough to share an mcp cf or two that they actually have in place, I'd be most appreciative. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Wed Nov 9 21:46:14 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:10 2006 Subject: lint test Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Lance Haig spake the following on 11/9/2005 1:29 PM: > HI Matt, > > Thanks for the response. > > This is the report from RDJ that I just recieved. > > RulesDuJour Run Summary on mailhost: > > SARE Abused Redirect Subject Ruleset for SpamAssassin (post3.0.0) has changed on mailhost. > Version line: # Version: 2.9.2 # > > EvilNumber has changed on mailhost. > Version line: # Version: 02.00.01 # The evilnumber set has been renamed to match SARE's updated standards, the new name is 70_sare_evilnum0.cf. Please remove evilnumber local language files > > SARE 70_sare_bayes_poison_nxm.cf Ruleset has changed on mailhost. > Version line: # Version: 1.00 > > SARE html Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.03.08 > > SARE html Ruleset (set 1 -- hits occasional ham) has changed on mailhost. > Version line: # Version: 01.03.08 > > SARE HEADER Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.03.16 > > SARE HEADER Ruleset (hits occasional ham) has changed on mailhost. > Version line: # Version: 01.03.16 > > SARE Specific Ruleset has changed on mailhost. > Version line: # Version: 01.03.08 > > SARE Adult Content Ruleset has changed on mailhost. > Version line: # Version: 01.02.03 # The Adult set has been renamed to match SARE's updated standards, the new name is 70_sare_adult.cf > > SARE BIZ/Marketing/Learning Ruleset (for SA ver. 2.5x and greater) has changed on mailhost. > Version line: # Version: 01.02.02 # The BML set has been renamed to match SARE's updated standards, the new name is 72_sare_bml_post25x.cf > > SARE Fraud Detection Ruleset (for SA ver. 2.5x and greater) has changed on mailhost. > Version line: # Version: 01.03.02 # NOTE: Please update your scripts to pull this file from it's new location http://www.rulesemporium.com/rules/99_sare_fraud_post25x.cf > > SARE Spoof Ruleset has changed on mailhost. > Version line: # Version: 1.09.01 > > SARE Random Ruleset for SpamAssassin 2.5x and higher has changed on mailhost. > Version line: # Version: 1.30.19 > > SARE OEM Ruleset has changed on mailhost. > Version line: # Version: 1.05.11 > > SARE General Subject Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.03.11 > > SARE General Subject Ruleset (set 1 -- hits occasional ham) has changed on mailhost. > Version line: # Version: 01.03.11 > > SARE Unsubscribe phrases Ruleset has changed on mailhost. > Version line: # Version: .80 > > SARE URI Ruleset (set 0 -- hits mostly spam) has changed on mailhost. > Version line: # Version: 01.01.03 > > TripWire has changed on mailhost. > Version line: # Version 1.18 More Typo's fixed. > > EvilNumbers1 has changed on mailhost. > Version line: # Version: 01.00.00 # > > EvilNumbers2 has changed on mailhost. > Version line: # Version: 01.00.00 # > > William Stearn's RANDOM WORD Ruleset has changed on mailhost. > Version line: #release: 2004052501 > > Tim Jackson's (et al) bogus virus warnings has changed on mailhost. > Version line: # bogus-virus-warnings.cf version 1.160 (2005-06-22) - NB new Rules Emporium address > > Ruleset for header abuse (sets 0-3) has changed on mailhost. > Version line: # Version: 01.03.16 > > SARE html Ruleset (combined sets 0-3) has changed on mailhost. > Version line: # Version: 01.03.08 > > ***WARNING***: /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf --lint failed. > Rolling configuration files back, not restarting SpamAssassin. > Rollback command is: mv -f /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf /etc/mail/spamassassin/RulesDuJour/72_sare_redirect_post3.0.0.cf.2; rm -f /etc/mail/spamassassin/72_sare_redirect_post3.0.0.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum0.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum0.cf; mv -f /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf /etc/mail/spamassassin/RulesDuJour/70_sare_bayes_poison_nxm.cf.2; rm -f /etc/mail/spamassassin/70_sare_bayes_poison_nxm.cf; mv -f /etc/mail/spamassassin/70_sare_html0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_html0.cf.2; rm -f /etc/mail/spamassassin/70_sare_html0.cf; mv -f /etc/mail/spamassassin/70_sare_html1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_html1.cf.2; rm -f /etc/mail/spamassassin/70_sare_html1.cf; mv -f /etc/mail/spamassassin/70_sare_header0.cf /etc/mail > /spamassassin/RulesDuJour/70_sare_header0.cf.2; rm -f /etc/mail/spamassassin/70_sare_head > er0.cf; mv -f /etc/mail/spamassassin/70_sare_header1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_header1.cf.2; rm -f /etc/mail/spamassassin/70_sare_header1.cf; mv -f /etc/mail/spamassassin/70_sare_specific.cf /etc/mail/spamassassin/RulesDuJour/70_sare_specific.cf.2; rm -f /etc/mail/spamassassin/70_sare_specific.cf; mv -f /etc/mail/spamassassin/70_sare_adult.cf /etc/mail/spamassassin/RulesDuJour/70_sare_adult.cf.2; rm -f /etc/mail/spamassassin/70_sare_adult.cf; mv -f /etc/mail/spamassassin/72_sare_bml_post25x.cf /etc/mail/spamassassin/RulesDuJour/72_sare_bml_post25x.cf.2; rm -f /etc/mail/spamassassin/72_sare_bml_post25x.cf; mv -f /etc/mail/spamassassin/99_sare_fraud_post25x.cf /etc/mail/spamassassin/RulesDuJour/99_sare_fraud_post25x.cf.2; rm -f /etc/mail/spamassassin/99_sare_fraud_post25x.cf; mv -f /etc/mail/spamassassin/70_sare_spoof.cf /etc/mail/spamassassin/RulesDuJour/70_sare_spoof. > cf.2; rm -f /etc/mail/spamassassin/70_sare_spoof.cf; mv -f /etc/mail/spamassassin/70_sare_ > random.cf /etc/mail/spamassassin/RulesDuJour/70_sare_random.cf.2; rm -f /etc/mail/spamassassin/70_sare_random.cf; mv -f /etc/mail/spamassassin/70_sare_oem.cf /etc/mail/spamassassin/RulesDuJour/70_sare_oem.cf.2; rm -f /etc/mail/spamassassin/70_sare_oem.cf; mv -f /etc/mail/spamassassin/70_sare_genlsubj0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_genlsubj0.cf.2; rm -f /etc/mail/spamassassin/70_sare_genlsubj0.cf; mv -f /etc/mail/spamassassin/70_sare_genlsubj1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_genlsubj1.cf.2; rm -f /etc/mail/spamassassin/70_sare_genlsubj1.cf; mv -f /etc/mail/spamassassin/70_sare_unsub.cf /etc/mail/spamassassin/RulesDuJour/70_sare_unsub.cf.2; rm -f /etc/mail/spamassassin/70_sare_unsub.cf; mv -f /etc/mail/spamassassin/70_sare_uri0.cf /etc/mail/spamassassin/RulesDuJour/70_sare_uri0.cf.2; rm -f /etc/mail/spamassassin/70_sare_uri0.cf; mv -f /etc/mail/spamassassin/tr > ipwire.cf /etc/mail/spamassassin/RulesDuJour/99_FVGT_Tripwire.cf.2; rm -f /etc/mail/spamas > sassin/tripwire.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum1.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum1.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum1.cf; mv -f /etc/mail/spamassassin/70_sare_evilnum2.cf /etc/mail/spamassassin/RulesDuJour/70_sare_evilnum2.cf.2; rm -f /etc/mail/spamassassin/70_sare_evilnum2.cf; mv -f /etc/mail/spamassassin/random.cf /etc/mail/spamassassin/RulesDuJour/random.current.cf.2; rm -f /etc/mail/spamassassin/random.cf; mv -f /etc/mail/spamassassin/bogus-virus-warnings.cf /etc/mail/spamassassin/RulesDuJour/bogus-virus-warnings.cf.2; mv -f /etc/mail/spamassassin/RulesDuJour/bogus-virus-warnings.cf.20051109-2052 /etc/mail/spamassassin/bogus-virus-warnings.cf; mv -f /etc/mail/spamassassin/70_sare_header.cf /etc/mail/spamassassin/RulesDuJour/70_sare_header.cf.2; rm -f /etc/mail/spamassassin/70_sare_header.cf; mv -f /etc/mail/spamassassin/70_sare_h > tml.cf /etc/mail/spamassassin/RulesDuJour/70_sare_html.cf.2; rm -f /etc/mail/spamassassin/ > 70_sare_html.cf; > > Lint output: [21191] warn: config: warning: score set for non-existent rule RCVD_IN_RSL > > [21191] warn: lint: 1 issues detected, please rerun with debug enabled for more information > > > Matt Kettler wrote: > Look in your /etc/mailscanner/spam.assassin.prefs file for something like; score RCVD_IN_RSL and comment out that line. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From victor at PIXELMAGICFX.COM Wed Nov 9 23:10:16 2005 From: victor at PIXELMAGICFX.COM (Victor DiMichina) Date: Thu Jan 12 21:31:10 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Searching through the archives, I have found a lot of questions but no answers on how to actually get the Panda Wrapper to work. Below is the output of two tests on an EICAR virus. The first command was done with the wrapper. Here you see the command and the output of "Virus: 0" even though there is clearly an eicar virus in that directory.: [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex -nso -aut -cmp . Virus: 0 and the very next command was run with pavcl in the same directoy, finding the virus: [root@hoshi 715]# pavcl -nsb -eng -aex -nso -aut -cmp . Panda Antivirus Linux, Copyright 1989-2003 (c) Panda Software Time employed for scan .............: 00:00:00 Number of files scanned ............: 5 Number of files infected ...........: 4 Number of files disinfected ........: 0 Number of files renamed ............: 0 Number of files deleted ............: 0 Has anyone gotten the Panda Wrapper to actually work? Vic RH 8 Mail Scanner 4.47.4-2 CGPro ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From raymond at PROLOCATION.NET Wed Nov 9 22:45:40 2005 From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn) Date: Thu Jan 12 21:31:10 2006 Subject: I can not seem to stop these emails... Message-ID: Hi! >> uri PROLO_LEO4 /http:\/\/.*tripod.com/ >> >> should be >> >> uri PROLO_LEO4 /http:\/\/*\.tripod\.com/ > Feel free to alter whatever you like ;) Oh btw, next time please test before posting a 'better' one. The one i originally posted wasnt strict, true, but it was working. The second one wasnt working at all. A working one would be: uri PROLO_LEO4 /http:\/\/.*\.tripod\.com/ Currently we have running: body PROLO_LEO1 /85\,45|1\,21/ body PROLO_LEO2 /69\,95|3\,33/ body PROLO_LEO3 /99\,95|3\,75/ uri PROLO_LEO4 /http:\/\/.*\.tripod\.com/ meta PROLO_LEO_M1 (PROLO_LEO1 && PROLO_LEO2 && PROLO_LEO3 && PROLO_LEO4) score PROLO_LEO1 0.1 score PROLO_LEO2 0.1 score PROLO_LEO3 0.1 score PROLO_LEO4 0.1 score PROLO_LEO_M1 8 describe PROLO_LEO1 Meta Catches all Leo drug variations so far describe PROLO_LEO2 Meta Catches all Leo drug variations so far describe PROLO_LEO3 Meta Catches all Leo drug variations so far describe PROLO_LEO4 Meta to catch Leo now using Tripod describe PROLO_LEO_M1 Catches all Leo drug variations so far Since they altered it again, like we are used with Leo's. Bye, Raymond. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ken at ACOTEC.COM Thu Nov 10 01:15:37 2005 From: ken at ACOTEC.COM (Ken Hilliard) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: I have installed MailScanner. It has been working well for months. Now users are getting a warnings like: "Warning: This message has had one or more attachments removed (updated-password.zip, updated-passwo.pif). Please Read the "domainname-Attachment-Warning.txt" attachment(s) for more information" The email that they are receiving is a form message. For example: "Dear user xxx, You have successfully updated the password of your domain-name account. If you did not authorize this change or if you need assistance with your account please contain domain-name customer service at: admininstrator@domain-name.com Thank you for using domain-name! The domain-name Support Team" I assumed that the PCs were infected with a virus that was generating the content but all the machines have anti-virus and we did online scans. Does anybody have any ideas. Thx, Ken ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Nov 10 01:35:46 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Ken Hilliard > Sent: Wednesday, November 09, 2005 8:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: {Spam?}{Filename?} warning > > > I have installed MailScanner. It has been working well for months. Now > users are getting a warnings like: > > "Warning: This message has had one or more attachments removed > (updated-password.zip, updated-passwo.pif). Please Read the > "domainname-Attachment-Warning.txt" attachment(s) for more information" > > The email that they are receiving is a form message. For example: > > "Dear user xxx, > > You have successfully updated the password of your domain-name account. > > If you did not authorize this change or if you need assistance with your > account please contain domain-name customer service at: > admininstrator@domain-name.com > > Thank you for using domain-name! > The domain-name Support Team" > > I assumed that the PCs were infected with a virus that was generating > the content but all the machines have anti-virus and we did online > scans. Does anybody have any ideas. > > Thx, Ken This looks like MyTob. MailScanner is stripping the payload but one would think it wouldn't get that far. What AV scanners are you running? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ken at ACOTEC.COM Thu Nov 10 02:07:49 2005 From: ken at ACOTEC.COM (Ken Hilliard) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: I am using MailScanner-Clamav on the Linux machine. The LAN PCs are using Macafee antivirus. It appears that messages is happening in outbound generated messages but I have to do more checking to verify this. -----Original Message----- From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Rick Cooper Sent: Thursday, November 10, 2005 8:36 AM To: MAILSCANNER@JISCMAIL.AC.UK Subject: Re: {Spam?}{Filename?} warning > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Ken Hilliard > Sent: Wednesday, November 09, 2005 8:16 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: {Spam?}{Filename?} warning > > > I have installed MailScanner. It has been working well for months. Now > users are getting a warnings like: > > "Warning: This message has had one or more attachments removed > (updated-password.zip, updated-passwo.pif). Please Read the > "domainname-Attachment-Warning.txt" attachment(s) for more information" > > The email that they are receiving is a form message. For example: > > "Dear user xxx, > > You have successfully updated the password of your domain-name account. > > If you did not authorize this change or if you need assistance with your > account please contain domain-name customer service at: > admininstrator@domain-name.com > > Thank you for using domain-name! > The domain-name Support Team" > > I assumed that the PCs were infected with a virus that was generating > the content but all the machines have anti-virus and we did online > scans. Does anybody have any ideas. > > Thx, Ken This looks like MyTob. MailScanner is stripping the payload but one would think it wouldn't get that far. What AV scanners are you running? Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Thu Nov 10 02:18:10 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:10 2006 Subject: {Spam?}{Filename?} warning Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Ken Hilliard > Sent: Wednesday, November 09, 2005 9:08 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: {Spam?}{Filename?} warning > > > I am using MailScanner-Clamav on the Linux machine. The LAN PCs are > using Macafee antivirus. It appears that messages is happening in > outbound generated messages but I have to do more checking to verify > this. > [...] I would look at the headers, are you scanning outbound for filename rules and spam? I would think the Received headers are going to show it came from outside (I hope) Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Thu Nov 10 07:25:46 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: > On 09/11/05, Anders Andersson, IT > wrote: > > Hi > > There has been a little desussion between me and other mail admins, > > working in same line of bussiness running a shared > RBL-server. Since > > the heaalthcare business here have rules and regulations > its sometimes > > hard to use external RBL's that we can't controll. > > Really? Assuming you don't have any other rules than the ones > governing any Swedish government works/institutions, you > should be fine... at least using them for scoring and > probably even for flat-out rejections. STAKO has a nice > publication on the legal aspects of this for public institutions ... > http://www.statskontoret.se/upload/Publikationer/2005/200505.pdf ... > Perhaps worth reading for you too? > > -- > -- Glenn Ive read it and its more or less on those grounds we been discussing. Nothing been desided but since we all get hammered from time to time and since we would all do our part it might be plausable solution :) There is still the problem finding out good workflows and how to handle it from different systems. Maybe a honeypot on each of our different domains harvesting emails. /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Nov 10 09:55:47 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: Sophos Wrapper a suggestion Message-ID: Hi, Following on from the discussion yesterday about the SAV_IDE directory setting for the sophos-wrapper script, I have been giving this some more thought, and have a proposed modification. Summary of the problem The sophos-wrapper script is designed to work hand in hand with the sophos-autoupdate script supplied with MailScanner. Which makes a lot of sense seeing as up until recently Sophos did not come with a default way of keeping it up to date automatically. This mechanism uses a non-Sophos directory for storing the virus identity files. This setup means that on systems that have Sophos installed into its standard locations the sophos-wrapper script does not work without either modifying the script, moving Sophos, or creating a link in the file system. In my case I had Sophos installed in its default location and had already created a script to update its identities. I had to do some furkling around under the bonnet to work out why the wrapper wasn't working and then put in place a workaround. Now that Sophos is able to auto-update itself (even the Unix versions) it is likely that more people may already have it installed in the default locations. Yesterday there was a suggestion of creating a new wrapper for standard Sophos installs. But this is only a case of setting one directory or another. I have attached a modified version of sophos- wrapper that sets the SAV_IDE environment variable depending on the existence or otherwise of the ide/sav directories. Hopefully this will work for both cases without anyone else having to check under the bonnet. The change is basically: SAV_IDE=$PackageDir/ide # Check to see if Sophos is using the Sophos install directory, # rather than the MailScanner Sophos # update directory if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then SAV_IDE=$PackageDir/sav fi So the wrapper defaults to the current situation, and if the ide directory does now exist and the sav directory does, it uses that one instead. Any comments? Can this be included in the MailScanner distribution? -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ I'm in shape. - ROUND is a shape. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2: "Text from file 'sophos-wrapper'" ] #!/bin/sh # MailScanner - SMTP E-Mail Virus Scanner # Copyright (C) 2001 Julian Field # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # The author, Julian Field, can be contacted by email at # Jules@JulianField.net # or by paper mail at # Julian Field # Dept of Electronics & Computer Science # University of Southampton # Southampton # SO17 1BJ # United Kingdom # # JKF Wrapper Sophos programs with the correct LD_LIBRARY_PATH # Modified for solaris by CJG # Then tweaked for heron by JKF again # Modified to check for the existence of the Sophos standard install directory, if the MailScanner ide dir # does not exist. AJP 10 Nov 2005 PackageDir=$1 shift prog=sweep # `basename $0` SAV_IDE=$PackageDir/ide # Check to see if Sophos is using the Sophos install directory, rather than the MailScanner Sophos # update directory if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then SAV_IDE=$PackageDir/sav fi LD_LIBRARY_PATH=$PackageDir/lib LANG=C export SAV_IDE export LD_LIBRARY_PATH export LANG if [ "x$1" = "x-IsItInstalled" ]; then [ -x ${PackageDir}/bin/$prog ] && exit 0 exit 1 fi exec ${PackageDir}/bin/$prog "$@" ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 10 11:10:55 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:10 2006 Subject: Sophos Wrapper a suggestion Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 10 Nov 2005, at 09:55, Anthony Peacock wrote: > Hi, > > Following on from the discussion yesterday about the SAV_IDE > directory setting for the sophos-wrapper script, I have been giving > this some more thought, and have a proposed modification. > > Summary of the problem > > The sophos-wrapper script is designed to work hand in hand with the > sophos-autoupdate script supplied with MailScanner. Which makes a > lot of sense seeing as up until recently Sophos did not come with a > default way of keeping it up to date automatically. This mechanism > uses a non-Sophos directory for storing the virus identity files. > This setup means that on systems that have Sophos installed into its > standard locations the sophos-wrapper script does not work without > either modifying the script, moving Sophos, or creating a link in the > file system. In my case I had Sophos installed in its default > location and had already created a script to update its identities. > I had to do some furkling around under the bonnet to work out why the > wrapper wasn't working and then put in place a workaround. Now that > Sophos is able to auto-update itself (even the Unix versions) it is > likely that more people may already have it installed in the default > locations. > > Yesterday there was a suggestion of creating a new wrapper for > standard Sophos installs. But this is only a case of setting one > directory or another. I have attached a modified version of sophos- > wrapper that sets the SAV_IDE environment variable depending on the > existence or otherwise of the ide/sav directories. Hopefully this > will work for both cases without anyone else having to check under > the bonnet. > > The change is basically: > > SAV_IDE=$PackageDir/ide > > # Check to see if Sophos is using the Sophos install directory, > # rather than the MailScanner Sophos > # update directory > if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then > SAV_IDE=$PackageDir/sav > fi > > So the wrapper defaults to the current situation, and if the ide > directory does now exist and the sav directory does, it uses that one > instead. > > Any comments? > > Can this be included in the MailScanner distribution? Once a few people have tried it and all agree that it works, then I will include it. People, can you test this please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3Mqwvw32o+k+q+hAQFHIQgAraTMnTr6sRg142ovfm5cY0Ramn8T4tC6 w0f+yeqgHYaAst7gtxCGbU0itEtx4CUziE0ZAZU7NqY9glLa64MT6OOevlpu1fK/ rCHckKRzTK+vIfD5T7SjpLVcsamWU7G7E2yKip3bYNYvzRhpno2ak6fHJwNZoyHW 3bIQkuRV3fXWZ4IHkRHDr7+amA8VjnK8/r6pbCswJmqY0SWjFzX8amYXfZh2G+Cf Qeqiaj7sANG/kpuWYJpSnuGu71TEhwCUAU5SnumyNATX7yDIHbRHsK/vqF1h0wpx c9oDMHCd8Vw9ypHw/PT2PYrmaAag4XEm0ZuxpiV9/v7ALjtcjVMneA== =YrIg -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Thu Nov 10 11:22:55 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:10 2006 Subject: Sophos Wrapper a suggestion Message-ID: Hi, > > So the wrapper defaults to the current situation, and if the ide > > directory does now exist and the sav directory does, it uses that That should have read as "...does NOT exist..." > > one instead. -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "In the beginning of a change, the patriot is a brave and scarce man, hated and scorned. When the cause succeeds, however, the timid join him...for then it costs nothing to be a patriot." -Mark Twain ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ramprasad at NETCORE.CO.IN Thu Nov 10 12:50:09 2005 From: ramprasad at NETCORE.CO.IN (Ramprasad) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: Hi, I want to sign all outgoing mails with a company logo. Can I have an embedded image in the the signature. I dont want to put an url because the logo must be visible offline too. Thanks Ram ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 10 12:43:50 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: OT: Regarding running RBL's inhouse Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 10/11/05, Anders Andersson, IT wrote: > > On 09/11/05, Anders Andersson, IT > > wrote: > > > Hi > > > There has been a little desussion between me and other mail admins, > > > working in same line of bussiness running a shared > > RBL-server. Since > > > the heaalthcare business here have rules and regulations > > its sometimes > > > hard to use external RBL's that we can't controll. > > > > Really? Assuming you don't have any other rules than the ones > > governing any Swedish government works/institutions, you > > should be fine... at least using them for scoring and > > probably even for flat-out rejections. STAKO has a nice > > publication on the legal aspects of this for public institutions ... > > http://www.statskontoret.se/upload/Publikationer/2005/200505.pdf ... > > Perhaps worth reading for you too? > > > > -- > > -- Glenn > Ive read it and its more or less on those grounds we been discussing. > Nothing been desided but since we all get hammered from time to time and > since we would all do our part it might be plausable solution :) Yes, of course! As they stress time and time again, the policy (as derived from applicable laws) is largely up to each institution... So defining ones own measure (RBL in this case) might be correct for one institution, but not another. Since the laws aren't specifically written with spam in mind (well, perhaps with the snail-mail variant, but not with email carried dittos:-), there is some room for interpretation... As I (and thankfully my organization) sees it, it is quite OK to use RBLs as long as we don't delete, but rather store, so that a designated handler (person) can review them... Means that someone has to glance through the quarantine (but not necessarily the actual mails... compare with throwing away a ... promotional ... catalog without checking inside it for a margin note/messages from a citizen to the government) in MW once/week (I keep my quarantine for 93 days, to be on the safe side;), but no one else need even look. And one could even use the law governing public archives as such that one could delete as a "preemptive culling"... although this is more ... murky waters. > > There is still the problem finding out good workflows and how to handle > it from different systems. Maybe a honeypot on each of our different > domains harvesting emails. > > > /Anders > Oh yes, by all means... Or perhaps just "harvest each others quarantines"... Would be rather funky to have some official "public sector owned" Swedish RBLs. Not sure the PHB would see it like that though:-). And there is the problem of each "participating" government agency having to ... sync .. their spam handling policies. Perhaps not doable. This RBL _should_ be handled/operated/funded by Sitic (Swedish IT-incident center: http://www.sitic.se/), but I rather doubt they'd agree:-). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From djlucas at ORCSD.ORG Thu Nov 10 13:37:38 2005 From: djlucas at ORCSD.ORG (David Lucas) Date: Thu Jan 12 21:31:10 2006 Subject: Trouble with SpamAssassin getting killed Message-ID: Hello, I've been noticing that MailScanner is reporting that Spamassassin has timed out and it killing the process. MailScanner[24804]: SpamAssassin timed out and was killed, failure 3 of 10 I've also been getting in the message header of messages: MailScanner-SpamCheck: not spam, SpamAssassin (timed out) Does anyone know why Spamassassin would time out?? Is there something wrong?!?! Thanks!! Dave ************************** David J. Lucas, CCNA Oyster River Cooperative School District Phone: (603) 868-5100 ext. 41 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Thu Nov 10 14:08:07 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:10 2006 Subject: Trouble with SpamAssassin getting killed Message-ID: Depends what SA timeout you have (mines 90), how loaded etc your machine is we to why SA is taking so long. (too many RBL's perhaps?) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of David Lucas > Sent: 10 November 2005 13:38 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Trouble with SpamAssassin getting killed > > Hello, > > I've been noticing that MailScanner is reporting that Spamassassin has > timed > out and it killing the process. > > MailScanner[24804]: SpamAssassin timed out and was killed, failure 3 of 10 > > I've also been getting in the message header of messages: > > MailScanner-SpamCheck: not spam, SpamAssassin (timed out) > > Does anyone know why Spamassassin would time out?? Is there something > wrong?!?! > > Thanks!! > > Dave > > ************************** > David J. Lucas, CCNA > Oyster River Cooperative School District > Phone: (603) 868-5100 ext. 41 > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From prandal at HEREFORDSHIRE.GOV.UK Thu Nov 10 14:15:03 2005 From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: Don't do it! It will attract only derision from the recipients. And it won't work in plain text emails, which is all that good net citizens should be sending, anyhow. You could try ASCII art, I guess ;-) Cheers, Phil ---- Phil Randal Network Engineer Herefordshire Council Hereford, UK > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Ramprasad > Sent: 10 November 2005 12:50 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Embedded image in inline signature > > Hi, > I want to sign all outgoing mails with a company logo. > Can I have an embedded image in the the signature. I dont > want to put an url because the logo must be visible offline too. > > Thanks > Ram > > ------------------------ MailScanner list > ------------------------ To unsubscribe, email > jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From tobias.axelsson at VXU.SE Thu Nov 10 14:06:39 2005 From: tobias.axelsson at VXU.SE (Tobias Axelsson) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] No hard feelings, but I really hope there is no solution. lol, You would force all messages to be formatted html and get an attachment on all mail... ...and it would feel... ...would feel... ...just wrong :) /Tobias Ramprasad wrote: >Hi, >I want to sign all outgoing mails with a company logo. >Can I have an embedded image in the the signature. I dont want to put an >url because the logo must be visible offline too. > >Thanks >Ram > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 10 14:22:46 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:10 2006 Subject: Embedded image in inline signature Message-ID: -----BEGIN PGP SIGNED MESSAGE----- This is possible, but it involves me writing custom code for you, which I don't do for free. So if you want me to do it, expect to have to pay me :-) On 10 Nov 2005, at 12:50, Ramprasad wrote: > Hi, > I want to sign all outgoing mails with a company logo. > Can I have an embedded image in the the signature. I dont want to > put an > url because the logo must be visible offline too. > > Thanks > Ram > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3NXuPw32o+k+q+hAQHaoAf/YeaW1rREzIll1qxk+Q12fxLbtzldwtIe 0CPeXVzXMA50PRhxPTTPrsl132JL0c5OsAB4ng06NHe5rqdYQA1hpYJP2vOw+VuT ofczkXdCHMC7tl+nPPAusMrb5lvhHGgOhPCLD5AlP7pC+jt7ilNvcbYM+wtH51ac JpvCRX7hdac3pAmdLMCE1afjcuR/eCHvPzjy2v4PAt9lHL6I3SLZru8vfldE7rUf 7tqil/zfB0cR8/6eTJOv00Paw5bVoqwQN3pbUZHg10v/BdOBkBdjm6yeDz+tBafF 8kJ/YoMT0yV0DB9jQT0DJbk3DstErZJsYpUq5RlnM7luHQWq3NPyjQ== =221l -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 10 14:52:11 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: Trouble with SpamAssassin getting killed Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] David Lucas wrote: > Hello, > > I've been noticing that MailScanner is reporting that Spamassassin has timed > out and it killing the process. > > MailScanner[24804]: SpamAssassin timed out and was killed, failure 3 of 10 > > I've also been getting in the message header of messages: > > MailScanner-SpamCheck: not spam, SpamAssassin (timed out) > > Does anyone know why Spamassassin would time out?? Is there something > wrong?!?! > Most likely it's only something wrong with MailScanner. check your bayes directory.. are there a bunch of bayes "expire" files laying around? If so, MailScanner is killing SA as it tries to expire tokens. Quite frankly, I've never had MailScanner "time out" spamassassin for any valid reason since SA 2.43. As a result have my spamassassin timeout set for 10 minutes now. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Thu Nov 10 14:55:31 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:10 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 10/11/05, Victor DiMichina wrote: > Searching through the archives, I have found a lot of questions but no > answers on how to actually get the Panda Wrapper to work. Below is > the output of two tests on an EICAR virus. > > The first command was done with the wrapper. Here you see the command > and the output of "Virus: 0" even though there is clearly an eicar virus > in that directory.: > > [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex > -nso -aut -cmp . > Virus: 0 > This is a matetr of how you are calling the wrapper, or rather how it differs from the directory layout when you call it compared to when it is called in MS. (As implied in my not http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:panda:install#notes_on_panda_support_in_mailscanner) It assumes that the files to scan is in subdirectories to the current working directory (the "." is ignored), and runs pavcl once/directory. so if you "cd .." and rerun the wrapper, it'll probably work OK.... And If you pass the EICAR through "the normal way" (http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mta:connexion) it'd probably work too. Rick Cooper (who wrote the current wrapper) can perhaps elaborate a bit on why it looks like it does (as well as if I'm right;). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From amoore at DEKALBMEMORIAL.COM Thu Nov 10 16:24:45 2005 From: amoore at DEKALBMEMORIAL.COM (Aaron K. Moore) Date: Thu Jan 12 21:31:10 2006 Subject: SAV for Linux was RE: [MAILSCANNER] Sophos Wrapper a suggestion Message-ID: I'm not sure how many people on the list are aware that Sophos is currently Beta testing a new version of SAV for Linux (5.0) which includes on-access scanning. More information on it can be found here http://www.sophos.com/products/es/beta/sav-linux/ . From G.Pentland at SOTON.AC.UK Thu Nov 10 16:51:55 2005 From: G.Pentland at SOTON.AC.UK (Pentland G.) Date: Thu Jan 12 21:31:10 2006 Subject: SAV for Linux Message-ID: Just a quick note... Sophos version 5 has caused us quite a few issues on Windows so I'd suggest caution and careful testing... Of course we always do that anyway, don't we? :-) Gary MailScanner mailing list wrote: > I'm not sure how many people on the list are aware that Sophos is > currently Beta testing a new version of SAV for Linux (5.0) which > includes on-access scanning. More information on it can be found > here http://www.sophos.com/products/es/beta/sav-linux/ . > > From the Beta FAQ ( > http://www.sophos.com/products/es/beta/sav-linux/faqs.html#i2 ): > > How long will Sophos Anti-Virus for Linux, version 3.xx, be available > after the launch of Sophos Anti-Virus for Linux, version 5.0? > > Because administrators have to uninstall Sophos Anti-Virus for Linux, > version 3.xx, in order to upgrade to version 5.0, we will support > version 3.xx for one year after version 5.0 becomes available. > > It also appears that there will also be better updating capabilities > with the new version. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at KONSULTEX.COM.BR Thu Nov 10 18:21:18 2005 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:31:10 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've been using Mail Scanner for 4 years on 4 servers. I've gone through many version updates and not once did I have any problem at all. Except for this morning and I was not doing any updating. This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. I noticed a problem because due to other maintenance I had to restart Mail Scanner. I normally stop it and the start again: /etc/rc.d/init.d/MailScanner stop /etc/rc.d/init.d/MailScanner start I also usually have to stop some sendmail processes that are left running: /etc/rc.d/init.d/sendmail stop It refused to start with a perl segmentation fault in this program and line: /usr/sbin/check_MailScanner line: 118 (which in my file is the last line) There was no magic I could conjure to make it work. (I checked running processes, Mailscanner.conf, restarted named). I tried to update to the latest version which was supposed to happen anyway but after running install.sh I got these types of errors for the first few perl modules: segmentation fault /var/tmp/rpm-tmp.94497 (not quite sure now of the exact message which indicated that the return from the make was bad) . I had to do something because complaints were starting to roll in. I also tried to reinstall the version I had running but the sale perl problems appeared. I then did something that I really, reall, reallyy hate to do: I restarted the server (shutdown -r now). Mail Scanner started up just fine. When the server restarted this is the normal message in /var/log/messages: Nov 10 11:43:21 rivendell MailScanner: Starting MailScanner daemons: Nov 10 11:43:21 rivendell MailScanner: incoming sendmail: Nov 10 11:43:22 rivendell MailScanner: succeeded Nov 10 11:43:22 rivendell MailScanner: ^[[60G Nov 10 11:43:22 rivendell MailScanner: Nov 10 11:43:22 rivendell MailScanner: outgoing sendmail: Nov 10 11:43:22 rivendell MailScanner: succeeded Nov 10 11:43:22 rivendell MailScanner: Nov 10 11:43:22 rivendell MailScanner: MailScanner: Nov 10 11:43:27 rivendell MailScanner: succeeded Nov 10 11:43:27 rivendell MailScanner: ^[[60G Nov 10 11:43:27 rivendell MailScanner: Nov 10 11:43:27 rivendell rc: Starting MailScanner: succeeded Prior to that and before rebooting, this is in the log: Nov 10 10:51:37 rivendell MailScanner: MailScanner -15 succeeded a few times. Since this particular text is not in the log (this month at least), maybe it points to some problem. I noticed in the /var/log/maillog that around the time the emails stopped being processed, there are many error lines like this: ERROR: MD5 verification error Nov 10 08:09:31 rivendell MailScanner[4005]: New Batch: Scanning 1 messages, 1641 bytes Nov 10 08:09:31 rivendell MailScanner[4005]: Virus and Content Scanning: Starting Nov 10 08:09:31 rivendell MailScanner[4005]: ERROR: MD5 verification error Nov 10 08:09:31 rivendell MailScanner[4005]: Uninfected: Delivered 1 messages Needless to say, right now I'm just happy to have this all working again (perhaps only for a short time until MailScanner needs to restart due to old age) and I did not try to restart manually. Has nybody had this problem? Any idea if that error message is relevant? Miguel -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 10 18:26:06 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren O'Brien de Lacy wrote: > I've been using Mail Scanner for 4 years on 4 servers. I've gone through > many version updates and not once did I have any problem at all. Except > for this morning and I was not doing any updating. > > This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. I > noticed a problem because due to other maintenance I had to restart Mail > Scanner. I normally stop it and the start again: > > ERROR: MD5 verification error That message is generated by clamav, and means that one of your cvd files is corrupted. You can fix it by removing the file and re-downloading with freshclam http://www.gossamer-threads.com/lists/clamav/users/22611 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Thu Nov 10 18:32:29 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:10 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Miguel Koren O'Brien de Lacy wrote: > I've been using Mail Scanner for 4 years on 4 servers. I've gone through > many version updates and not once did I have any problem at all. Except > for this morning and I was not doing any updating. > > This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. Oh, one more thing.. Clamav 0.87 has security holes . Update to 0.87.1 ASAP. Vulnerabilities in 0.87 include: FSG file buffer overflow: http://www.securityfocus.com/bid/15318 CAB file DoS: http://www.securityfocus.com/bid/15317 TNEF file DoS: http://www.securityfocus.com/bid/15316 OLE2 DoS: http://www.securityfocus.com/bid/15101 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Thu Nov 10 18:59:16 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: Sophos Wrapper a suggestion Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have made a bit of a change to simplify it: SAV_IDE=$PackageDir/ide # Check to see if Sophos is using the Sophos install directory, # rather than the MailScanner Sophos update directory. if [ \! -x ${PackageDir}/ide -a -x ${PackageDir}/sav ]; then SAV_IDE=$PackageDir/sav fi You need to escape the ! to make sure you don't hit problems with accessing the command history. And even /bin/sh on Solaris supports -a so everything else should too. Julian Field wrote: > * PGP Signed by an unmatched address: 11/10/05 at 11:10:58 > > > On 10 Nov 2005, at 09:55, Anthony Peacock wrote: > >> Hi, >> >> Following on from the discussion yesterday about the SAV_IDE >> directory setting for the sophos-wrapper script, I have been giving >> this some more thought, and have a proposed modification. >> >> Summary of the problem >> >> The sophos-wrapper script is designed to work hand in hand with the >> sophos-autoupdate script supplied with MailScanner. Which makes a >> lot of sense seeing as up until recently Sophos did not come with a >> default way of keeping it up to date automatically. This mechanism >> uses a non-Sophos directory for storing the virus identity files. >> This setup means that on systems that have Sophos installed into its >> standard locations the sophos-wrapper script does not work without >> either modifying the script, moving Sophos, or creating a link in the >> file system. In my case I had Sophos installed in its default >> location and had already created a script to update its identities. >> I had to do some furkling around under the bonnet to work out why the >> wrapper wasn't working and then put in place a workaround. Now that >> Sophos is able to auto-update itself (even the Unix versions) it is >> likely that more people may already have it installed in the default >> locations. >> >> Yesterday there was a suggestion of creating a new wrapper for >> standard Sophos installs. But this is only a case of setting one >> directory or another. I have attached a modified version of sophos- >> wrapper that sets the SAV_IDE environment variable depending on the >> existence or otherwise of the ide/sav directories. Hopefully this >> will work for both cases without anyone else having to check under >> the bonnet. >> >> The change is basically: >> >> SAV_IDE=$PackageDir/ide >> >> # Check to see if Sophos is using the Sophos install directory, >> # rather than the MailScanner Sophos >> # update directory >> if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then >> SAV_IDE=$PackageDir/sav >> fi >> >> So the wrapper defaults to the current situation, and if the ide >> directory does now exist and the sav directory does, it uses that one >> instead. >> >> Any comments? >> >> Can this be included in the MailScanner distribution? > > > Once a few people have tried it and all agree that it works, then I > will include it. > People, can you test this please? - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3OYhRH2WUcUFbZUEQIVEwCdGHlGWUo2ZpwHLhjgfhCJS3MnmO4AoKk3 5dIqMY7iztVJB9g1YIAd+kud =bE2g -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From miguelk at KONSULTEX.COM.BR Thu Nov 10 19:09:53 2005 From: miguelk at KONSULTEX.COM.BR (Miguel Koren O'Brien de Lacy) Date: Thu Jan 12 21:31:11 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "UTF-8" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt; Right. Thanks a lot. I ran freshclam and noticed the message. Mail Scanner survived the automatic restart of children dying of old age a short while ago. I feel better now Something strange happened today: Nov 10 03:05:03 rivendell MailScanner[21228]: MailScanner child dying of old age Nov 10 03:05:33 rivendell MailScanner[21273]: MailScanner child dying of old age Nov 10 03:12:34 rivendell MailScanner[21585]: MailScanner child dying of old age Nov 10 03:20:05 rivendell MailScanner[21783]: MailScanner child dying of old age Nov 10 03:26:05 rivendell MailScanner[21809]: MailScanner child dying of old age Nov 10 07:05:43 rivendell MailScanner[28811]: MailScanner child dying of old age Nov 10 07:07:44 rivendell MailScanner[28762]: MailScanner child dying of old age Nov 10 07:14:10 rivendell MailScanner[29009]: MailScanner child dying of old age Nov 10 07:20:11 rivendell MailScanner[29199]: MailScanner child dying of old age Nov 10 07:27:45 rivendell MailScanner[29309]: MailScanner child dying of old age -> missed a restart cycle Nov 10 15:44:14 rivendell MailScanner[3672]: MailScanner child dying of old age Nov 10 15:45:45 rivendell MailScanner[3444]: MailScanner child dying of old age Nov 10 15:46:15 rivendell MailScanner[3513]: MailScanner child dying of old age Nov 10 15:46:45 rivendell MailScanner[3817]: MailScanner child dying of old age Nov 10 16:01:49 rivendell MailScanner[3765]: MailScanner child dying of old age Miguel Matt Kettler wrote: Miguel Koren O'Brien de Lacy wrote: I've been using Mail Scanner for 4 years on 4 servers. I've gone through many version updates and not once did I have any problem at all. Except for this morning and I was not doing any updating. This happened on Red Hat 9, MailScanner 4.43.8 and Clamav 0.87. Oh, one more thing.. Clamav 0.87 has security holes . Update to 0.87.1 ASAP. Vulnerabilities in 0.87 include: FSG file buffer overflow: http://www.securityfocus.com/bid/15318 CAB file DoS: http://www.securityfocus.com/bid/15317 TNEF file DoS: http://www.securityfocus.com/bid/15316 OLE2 DoS: http://www.securityfocus.com/bid/15101 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! -- Esta mensagem foi verificada pelo sistema de antivírus e acredita-se estar livre de perigo. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 10 23:39:55 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:11 2006 Subject: {Spam?}{Filename?} warning Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ken Hilliard spake the following on 11/9/2005 6:07 PM: > I am using MailScanner-Clamav on the Linux machine. The LAN PCs are > using Macafee antivirus. It appears that messages is happening in > outbound generated messages but I have to do more checking to verify > this. > If you have a site license for McAfee, you could add that to your linux mailserver, along with the free BitDefender. 3 virus scanners seem to give me more assurance of catching things. The message headers will tell you where the mails came from. This is a header from a spam message I got, so I don't care if it is sanitized; Received: from wrksta.com (adsl-70-251-50-174.dsl.okcyok.swbell.net [70.251.50.174]) The resolved ip address is in the square brackets. -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ssilva at SGVWATER.COM Thu Nov 10 23:47:03 2005 From: ssilva at SGVWATER.COM (Scott Silva) Date: Thu Jan 12 21:31:11 2006 Subject: Embedded image in inline signature Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I hope this would be "extremely expensive". Or maybe you could also add something for the rest of us to automatically strip the logo. Makes everybody happy!!!! I would rather insert a footer in every mail in the world with my ex-wifes phone number and a "call me for a good time" ;) Julian Field spake the following on 11/10/2005 6:22 AM: > This is possible, but it involves me writing custom code for you, > which I don't do for free. > So if you want me to do it, expect to have to pay me :-) > > On 10 Nov 2005, at 12:50, Ramprasad wrote: > > >>>Hi, >>>I want to sign all outgoing mails with a company logo. >>>Can I have an embedded image in the the signature. I dont want to >>>put an >>>url because the logo must be visible offline too. >>> >>>Thanks >>>Ram >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>Support MailScanner development - buy the book off the website! >>> > > -- /-----------------------\ |~~\_____/~~\__ | | MailScanner; The best |___________ \N1____====== )-+ | protection on the net!| ~~~|/~~ | \-----------------------/ () ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From warren at SOFTOV.CO.IL Fri Nov 11 00:46:28 2005 From: warren at SOFTOV.CO.IL (Warren Burstein) Date: Thu Jan 12 21:31:11 2006 Subject: message from mailscanner: ignoring text in character set Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I'm making some progress with the error I mentioned earlier this week. I've noticed that a handler for all character sets gets installed at some point (this happens three different places in Message.pm), but isn't in place when the first batch of emails is processed, and I'm trying to figure out why. I'm also puzzled by the subroutine FixMaliciousSubjects in SweepContent.pm. What sort of harm can the Subject line do? And in particular, what harm can be caused by trailing whitespace, removed on line 252? $newsubject =~ s/\s*$//g; I think that this can cause a problem if an encoded subject line had a trailing space. I don't see any problem with removing the trailing space, except that the subject line won't get re-encoded, and so you may wind up with 8-bit characters in the Subject line (instead of turning them into quoted-printable or base64), and if the character set isn't your default one, the MUA could display it in the wrong charset. The way this happens is that FixMaliciousSubjects removes the trailing whitespace, and since $newsubject is no longer equal to $subject, it sets $message->{subjectwasunsafe}. That makes one of the Deliver... functions in Message.pm replace the Subject: to what FixMaliciousSubjects changed it. I noticed this by chance - I was shortening a word-encoded subject just to save space, and happened to cut it off at a space - hard to see when it's encoded - and when it got to my mailbox it was no longer encoded, and missing the character set. What was sent said Subject: =?windows-1255?B?5fjp5fog?= but what got delivered to the mailbox was Subject: \345\370\351\345\372 Warren Burstein wrote: > I'm running MailScanner-4.47.4-2 on CentOS release 3.4 (which I > understand is a derivative of Redhat Enterprise Edition). > > When I run MailScanner in Debug mode, if a message is in the queue > with a subject containing text in windows-1255, I see the following > message: > > ignoring text in character set `WINDOWS-1255' > at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 359 > > I searched the archives and found in > http://www.jiscmail.ac.uk/cgi-bin/wa.exe?A2=ind02&L=MAILSCANNER&P=R309317&I=-3 > that there was a similar message in 2002 regarding windows-1252, and > it was fixed. I also read that this was not something to worry about, > so I'm not worrying, but I like to get rid of error messages so that > if there is a real problem it will stand out. > > So, if anyone remembers what was done to make this work for > windows-1252, could you tell me, and I'll see if I can do likewise for > 1255? > > thanks ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Nov 11 01:34:43 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:11 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Victor DiMichina > Sent: Wednesday, November 09, 2005 6:10 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: more Panda Wrapper drama > > > Searching through the archives, I have found a lot of questions but no > answers on how to actually get the Panda Wrapper to work. Below is > the output of two tests on an EICAR virus. > > The first command was done with the wrapper. Here you see the command > and the output of "Virus: 0" even though there is clearly an eicar virus > in that directory.: > > [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex > -nso -aut -cmp . > Virus: 0 > > > and the very next command was run with pavcl in the same directoy, > finding the virus: > > [root@hoshi 715]# pavcl -nsb -eng -aex -nso -aut -cmp . > > Panda Antivirus Linux, > Copyright 1989-2003 (c) Panda Software > > Time employed for scan .............: 00:00:00 > Number of files scanned ............: 5 > Number of files infected ...........: 4 > Number of files disinfected ........: 0 > Number of files renamed ............: 0 > Number of files deleted ............: 0 > > Has anyone gotten the Panda Wrapper to actually work? > Yes, my question would be if the directory structure was as is described in the comments at the top of the wrapper? # Make sure your testing dir is one directory deep (don't for get the . BTW) # example # test+ # .+ testfiles # .+ moretestfiles # execute from directory test and it will scan the testfiles and moretestfiles # directories. There should be no sub-dirs below those two, this simulates # MailScanner's process-dir->message-dir structure For a variety of reasons this is the structure that *must* be implemented for the scan to work. For instance if the virus was in a file in the directory 'test' (see above) it would not be caught. It must simulate the same structure as MailScanner creates when it unpacks the mail. If you had the virus in the same directory as the test command was issued, create a subdirectory and move the virus there and re-run the test and it should pick it up, no problem. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rcooper at DWFORD.COM Fri Nov 11 01:51:31 2005 From: rcooper at DWFORD.COM (Rick Cooper) Date: Thu Jan 12 21:31:11 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On > Behalf Of Glenn Steen > Sent: Thursday, November 10, 2005 9:56 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: more Panda Wrapper drama > > > On 10/11/05, Victor DiMichina wrote: > > Searching through the archives, I have found a lot of questions but no > > answers on how to actually get the Panda Wrapper to work. Below is > > the output of two tests on an EICAR virus. > > > > The first command was done with the wrapper. Here you see the command > > and the output of "Virus: 0" even though there is clearly an eicar virus > > in that directory.: > > > > [root@hoshi 715]# /usr/lib/MailScanner/panda-wrapper /usr -nsb -eng -aex > > -nso -aut -cmp . > > Virus: 0 > > > > This is a matetr of how you are calling the wrapper, or rather how it > differs from the directory layout when you call it compared to when it > is called in MS. > > (As implied in my not > http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus: > panda:install#notes_on_panda_support_in_mailscanner) > It assumes that the files to scan is in subdirectories to the current > working directory (the "." is ignored), and runs pavcl once/directory. > so if you "cd .." and rerun the wrapper, it'll probably work OK.... > And If you pass the EICAR through "the normal way" > (http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:mt a:connexion) > it'd probably work too. > > Rick Cooper (who wrote the current wrapper) can perhaps elaborate a > bit on why it looks like it does (as well as if I'm right;). I think you are right, I think he ran the test from the directory that the file was located in. The current dir is excluded because no unpacked files are ever placed there for one thing, and the per directory scan was because (IIRC) depending on the length of the directory path there is no way to tell where the infection came from (dirname = message-id) because pavcl will truncate the paths, hence if you are scanning a batch and find a virus you may well end up flagging the wrong message as containing the infection, which would be bad. As an aside Panda called me last week and asked if I would be interested in using them for the corporate desktop A/V solution and I recapped my experiences with their Linux command line product and the related tech support. I assured them BitDefender would be our desktop solution. I did tell their people that the way they handled the pavcl output problems would certainly weigh in on how comfortable I would be in signing on with the windows product for 300+ desktops and the support people made it clear the could not care less... the sales person certainly did not seem to agree with them. It's too bad given every person I spoke with at panda that was related to the pavcl project, except the programmers, agreed that the pavcl out put was handled badly and the programming staff had been asked to change it for more than a year... Last I checked it had not been updated. They should take a lesson from the BD *nix project and they might find a more receptive I.T. community when it comes to the windows product. Rick -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Nov 11 02:18:50 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:11 2006 Subject: DOS attck vulnerabilty in SpamAssassin Message-ID: I just caught this notice: SpamAssassin Long Message Header Denial of Service. Secunia - UK Description: A vulnerability has been reported in SpamAssassin, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the use of an inefficient regular expression in "/SpamAssassin/Message.pm" to parse email headers. This can cause perl to crash when it runs out of stack space and can be exploited via a malicious email that contains a large number of recipients. The vulnerability has been reported in version 3.0.4. Prior versions may also be affected. Solution: Update to version 3.1.0. http://spamassassin.apache.org/downloads.cgi?update=200509141634 From: http://secunia.com/advisories/17386/ It looks like if you've updated to SpamAssassin 3.1 you should be OK. If not :( Steve Stephen Swaney Fort Systems Ltd. Phone: 202 338-1670 Cell: 202 352-3262 stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 11 09:14:54 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: message from mailscanner: ignoring text in character set Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On 11 Nov 2005, at 00:46, Warren Burstein wrote: > I'm making some progress with the error I mentioned earlier this > week. I've noticed that a handler for all character sets gets > installed at some point (this happens three different places in > Message.pm), but isn't in place when the first batch of emails is > processed, and I'm trying to figure out why. > > I'm also puzzled by the subroutine FixMaliciousSubjects in > SweepContent.pm. What sort of harm can the Subject line do? And > in particular, what harm can be caused by trailing whitespace, > removed on line 252? > $newsubject =~ s/\s*$//g; You are going to love this one. You can put MIME headers with embedded ^M characters into the Subject: which means you can actually put an attachment into the Subject: line. Outlook Express will actually extract this as a valid attachment. The other reason is that if Outlook Express sees an attachment with no filename, it uses the contents of the Subject: as the filename. Therefore all the filename attacks (blah.jpg.exe and all the others) should be checked for in the Subject: line as well. > > I think that this can cause a problem if an encoded subject line > had a trailing space. I don't see any problem with removing the > trailing space, except that the subject line won't get re-encoded, > and so you may wind up with 8-bit characters in the Subject line > (instead of turning them into quoted-printable or base64), and if > the character set isn't your default one, the MUA could display it > in the wrong charset. The way this happens is that > FixMaliciousSubjects removes the trailing whitespace, and since > $newsubject is no longer equal to $subject, it sets $message-> > {subjectwasunsafe}. That makes one of the Deliver... functions in > Message.pm replace the Subject: to what FixMaliciousSubjects > changed it. > > I noticed this by chance - I was shortening a word-encoded subject > just to save space, and happened to cut it off at a space - hard to > see when it's encoded - and when it got to my mailbox it was no > longer encoded, and missing the character set. What was sent said > Subject: =?windows-1255?B?5fjp5fog?= > but what got delivered to the mailbox was > Subject: \345\370\351\345\372 > > Warren Burstein wrote: > > >> I'm running MailScanner-4.47.4-2 on CentOS release 3.4 (which I >> understand is a derivative of Redhat Enterprise Edition). >> >> When I run MailScanner in Debug mode, if a message is in the queue >> with a subject containing text in windows-1255, I see the >> following message: >> >> ignoring text in character set `WINDOWS-1255' >> at /usr/lib/MailScanner/MailScanner/Sendmail.pm line 359 >> >> I searched the archives and found in http://www.jiscmail.ac.uk/cgi- >> bin/wa.exe?A2=ind02&L=MAILSCANNER&P=R309317&I=-3 that there was a >> similar message in 2002 regarding windows-1252, and it was fixed. >> I also read that this was not something to worry about, so I'm not >> worrying, but I like to get rid of error messages so that if there >> is a real problem it will stand out. >> >> So, if anyone remembers what was done to make this work for >> windows-1252, could you tell me, and I'll see if I can do likewise >> for 1255? >> >> thanks >> > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3RhEPw32o+k+q+hAQEP6wgAg/seJhps6uq2xc8Nvq6dXlcDwDaoXqTy oKx50nszGBpRA3OpSCQG66ra6fREnSIn+w07M7w2ZLUBb64uzmN95T7irBRXHYio mHmnOWtXcI2hEzHYtv7/8AzsBFTDpmUYSiY/8mbFVo8xKRqETtIddqhHHzf578wa 9HHKcOzvMC3n9vvpTF5Wn/ZMeneKIkqSqzxxJucys6/hMNql+1UtGnxgM7gOB58h fWh0F2vgY+qPXb5hJPlJy6fmfKZQMmjanic7vcchUC+QHXHepicqCkMdJVkv0tMB KFDtKU+ByMOZQwuYQNOFjrbiGJfqPXL2zmwn36qLzJkbX56yFPf7kg== =6xGa -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Nov 11 10:02:01 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:11 2006 Subject: more Panda Wrapper drama Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/11/05, Rick Cooper wrote: (snip... discussion on how to use pandawrapper, and why it is as it is) > As an aside Panda called me last week and asked if I would be interested in > using them for the corporate desktop A/V solution and I recapped my > experiences with their Linux command line product and the related tech > support. I assured them BitDefender would be our desktop solution. I did > tell their people that the way they handled the pavcl output problems would > certainly weigh in on how comfortable I would be in signing on with the > windows product for 300+ desktops and the support people made it clear the > could not care less... the sales person certainly did not seem to agree with > them. It's too bad given every person I spoke with at panda that was related > to the pavcl project, except the programmers, agreed that the pavcl out put > was handled badly and the programming staff had been asked to change it for > more than a year... Last I checked it had not been updated. They should take > a lesson from the BD *nix project and they might find a more receptive I.T. > community when it comes to the windows product. > > Rick > WTG! So now, with "the writing on the wall" so to speak, perhaps they will not just "tell their programmers it's bad", but actually take action. Not that I, or you, really care:-). It's just that one wants any AV that MS claim support for to be as optimal as possible. The good effort you've done is truly commendable, but... As you say, how can we really ever trust them (as a provider of AV services)? Oh well, there it is. I just snuck a peak at their download site... Still the same package (7.0.1). -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at GMAIL.COM Fri Nov 11 10:16:29 2005 From: glenn.steen at GMAIL.COM (Glenn Steen) Date: Thu Jan 12 21:31:11 2006 Subject: ERROR: MD5 verification error Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 10/11/05, Miguel Koren O'Brien de Lacy wrote: > Matt; > > Right. Thanks a lot. I ran freshclam and noticed the message. Mail Scanner > survived the automatic restart of children dying of old age a short while > ago. I feel better now > > Something strange happened today: > > Nov 10 03:05:03 rivendell MailScanner[21228]: MailScanner child dying of > old age > Nov 10 03:05:33 rivendell MailScanner[21273]: MailScanner child dying of > old age > Nov 10 03:12:34 rivendell MailScanner[21585]: MailScanner child dying of > old age > Nov 10 03:20:05 rivendell MailScanner[21783]: MailScanner child dying of > old age > Nov 10 03:26:05 rivendell MailScanner[21809]: MailScanner child dying of > old age > Nov 10 07:05:43 rivendell MailScanner[28811]: MailScanner child dying of > old age > Nov 10 07:07:44 rivendell MailScanner[28762]: MailScanner child dying of > old age > Nov 10 07:14:10 rivendell MailScanner[29009]: MailScanner child dying of > old age > Nov 10 07:20:11 rivendell MailScanner[29199]: MailScanner child dying of > old age > Nov 10 07:27:45 rivendell MailScanner[29309]: MailScanner child dying of > old age > > -> missed a restart cycle > > Nov 10 15:44:14 rivendell MailScanner[3672]: MailScanner child dying of old > age > Nov 10 15:45:45 rivendell MailScanner[3444]: MailScanner child dying of old > age > Nov 10 15:46:15 rivendell MailScanner[3513]: MailScanner child dying of old > age > Nov 10 15:46:45 rivendell MailScanner[3817]: MailScanner child dying of old > age > Nov 10 16:01:49 rivendell MailScanner[3765]: MailScanner child dying of old > age > > Miguel > Hm, the corrupted cvd and the "bombing perl" and now this... Kind of implies that something sinister might be up with that particular box. RH9 "smells of old age", is the box perhaps getting on a bit too? If so you might be looking at diverse age-related maladies like failing HDDs, RAM going bad ... which in turn can lead to this type of behaviour. If the HDD(s) are "S.M.A.R.T enabled" you might want to look at using tools like the smartmontools to check the health of it/them... And it is never wrong to use a memory tester like Memtest86 (or similar) to assure RAM isn't "it". -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Fri Nov 11 10:26:21 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:11 2006 Subject: Sophos Wrapper a suggestion Message-ID: Hi, Thanks. Shell scripting is not my strong point :-) > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I have made a bit of a change to simplify it: > > SAV_IDE=$PackageDir/ide > > # Check to see if Sophos is using the Sophos install directory, > # rather than the MailScanner Sophos update directory. > if [ \! -x ${PackageDir}/ide -a -x ${PackageDir}/sav ]; then > SAV_IDE=$PackageDir/sav > fi > > You need to escape the ! to make sure you don't hit problems with > accessing the command history. And even /bin/sh on Solaris supports -a > so everything else should too. > > Julian Field wrote: > > > * PGP Signed by an unmatched address: 11/10/05 at 11:10:58 > > > > > > On 10 Nov 2005, at 09:55, Anthony Peacock wrote: > > > >> Hi, > >> > >> Following on from the discussion yesterday about the SAV_IDE > >> directory setting for the sophos-wrapper script, I have been giving > >> this some more thought, and have a proposed modification. > >> > >> Summary of the problem > >> > >> The sophos-wrapper script is designed to work hand in hand with the > >> sophos-autoupdate script supplied with MailScanner. Which makes a > >> lot of sense seeing as up until recently Sophos did not come with a > >> default way of keeping it up to date automatically. This mechanism > >> uses a non-Sophos directory for storing the virus identity files. > >> This setup means that on systems that have Sophos installed into > >> its standard locations the sophos-wrapper script does not work > >> without either modifying the script, moving Sophos, or creating a > >> link in the file system. In my case I had Sophos installed in its > >> default location and had already created a script to update its > >> identities. I had to do some furkling around under the bonnet to > >> work out why the wrapper wasn't working and then put in place a > >> workaround. Now that Sophos is able to auto-update itself (even > >> the Unix versions) it is likely that more people may already have > >> it installed in the default locations. > >> > >> Yesterday there was a suggestion of creating a new wrapper for > >> standard Sophos installs. But this is only a case of setting one > >> directory or another. I have attached a modified version of > >> sophos- wrapper that sets the SAV_IDE environment variable > >> depending on the existence or otherwise of the ide/sav directories. > >> Hopefully this will work for both cases without anyone else having > >> to check under the bonnet. > >> > >> The change is basically: > >> > >> SAV_IDE=$PackageDir/ide > >> > >> # Check to see if Sophos is using the Sophos install directory, > >> # rather than the MailScanner Sophos update directory > >> if [ ! -x ${PackageDir}/ide ] && [ -x ${PackageDir}/sav ]; then > >> SAV_IDE=$PackageDir/sav > >> fi > >> > >> So the wrapper defaults to the current situation, and if the ide > >> directory does now exist and the sav directory does, it uses that > >> one instead. > >> > >> Any comments? > >> > >> Can this be included in the MailScanner distribution? > > > > > > Once a few people have tried it and all agree that it works, then I > > will include it. People, can you test this please? > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3OYhRH2WUcUFbZUEQIVEwCdGHlGWUo2ZpwHLhjgfhCJS3MnmO4AoKk3 > 5dIqMY7iztVJB9g1YIAd+kud > =bE2g > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ I'm in shape. - ROUND is a shape. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Fri Nov 11 13:43:31 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:11 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > > -----Original Message----- > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Anders Andersson, IT > > Sent: Thursday, November 03, 2005 7:04 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: OT: installing libmilter > > > > Hi all pro's :) > > > > Could somone shed some light how to do the libmilter > installation on > > CentOS. > > I managed to figure out I need the source to build the libmilter > > included in the package > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > > before I can do the rest but Im not sure how to actually do the > > libmilter/sendmail rebuild thingy. > > > > If this is something someone like me should not do pls > informa and Ill > > drop it until I actually know what Im doing > > > > Never even tried to rebuild sendmail since I only use out > of the box > > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > > > /Anders > > You shouldn't need to build libmilter. Just install the > sendmail-devel rpm. > Then read /usr/share/doc/sendmail/README.libmilter for the > gory details. > > Most milters are fairly easy to install. Some general instructions: > > 1. Download and unpack the milter source code 2. Configure > build and install the milter 3. Install the init script so > the milter can start on reboot (some milters do this automatically). > 4. Start and test the milter (look at the mail logs for > error) 5. Configure the init script to run at boot 6. Modify > your sendmail.mc file to configure sendmail to user the milter. > Typically it's just adding a line similar to: > > INPUT_MAIL_FILTER(`milter-greylist', > `S=local:/var/milter-greylist/milter-greylist.sock') > 7. Use m4 to rebuild your sendmail.cf file from your modified > sendmail.mc file 8. Restart sendmail (don't forget to check > the mail log for errors) > > Hope this helps, > > Steve > Turn out to just as simple as you said, damn I hate when I cant figure things out my self :) All is running fine and guess I will have to give at week to see what the result will be regarding decreased mailflow. The only thing I didnt like is the response sent back to the sender, it contains a little to much info Ex. Remote MTA ns2.ltkalmar.se: SMTP diagnostic: 550 5.7.1 ... server [172.29.32.81] for rejected address saying "User unknown" I rather just having it saying "550 5.7.1 User unknown" but I can live with this for the moment :) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From Marc.Dufresne at PARKS.ON.CA Fri Nov 11 13:56:10 2005 From: Marc.Dufresne at PARKS.ON.CA (Marc Dufresne) Date: Thu Jan 12 21:31:11 2006 Subject: warn: config: warning: score set for non-existent rule FUZZY_PRESCRIPT Message-ID: When I run spamassassin -D -p /usr/local/etc/MailScanner/spam.assassin.prefs.conf --lint This is the output. How do I resolve these errors? [11912] warn: config: failed to parse line, skipping: use_auto_whitelist 0 [11912] warn: config: failed to parse line, skipping: pyzor_path /usr/bin/pyzor [11912] warn: config: failed to parse line, skipping: dcc_path /usr/local/bin/dccproc [11912] warn: config: failed to parse line, skipping: razor_timeout 10 [11912] warn: config: failed to parse line, skipping: pyzor_timeout 10 [11912] warn: config: warning: score set for non-existent rule FUZZY_GUARANTEE [11912] warn: config: warning: score set for non-existent rule FUZZY_BILLION [11912] warn: config: warning: score set for non-existent rule RCVD_IN_RSL [11912] warn: config: warning: score set for non-existent rule FUZZY_XPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_PRESCRIPT [11912] warn: config: warning: score set for non-existent rule FUZZY_SOFTWARE [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_TION [11912] warn: config: warning: score set for non-existent rule FUZZY_PHARMACY [11912] warn: config: warning: score set for non-existent rule FUZZY_TRAMADOL [11912] warn: config: warning: score set for non-existent rule FUZZY_OFFERS [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_VPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_MEDICATION [11912] warn: config: warning: score set for non-existent rule FUZZY_CREDIT [11912] warn: config: warning: score set for non-existent rule FUZZY_THOUSANDS [11912] warn: config: warning: score set for non-existent rule FUZZY_CPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_OBLIGATION [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_PENIS [11912] warn: config: warning: score set for non-existent rule FUZZY_MONEY [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_MEDS [11912] warn: config: warning: score set for non-existent rule FUZZY_CELEBREX [11912] warn: config: warning: score set for non-existent rule FUZZY_FOLLOW [11912] warn: config: warning: score set for non-existent rule FUZZY_PLEASE [11912] warn: config: warning: score set for non-existent rule FUZZY_VICODIN [11912] warn: config: warning: score set for non-existent rule FUZZY_ERECT [11912] warn: config: warning: score set for non-existent rule FUZZY_VLIUM [11912] warn: config: warning: score set for non-existent rule FUZZY_MILLION [11912] warn: config: warning: score set for non-existent rule FUZZY_AFFORDABLE [11912] warn: config: warning: score set for non-existent rule FUZZY_REMOVE [11912] warn: config: warning: score set for non-existent rule FUZZY_ROLEX [11912] warn: config: warning: score set for non-existent rule FUZZY_AMBIEN [11912] warn: config: warning: score set for non-existent rule FUZZY_MORTGAGE [11912] warn: config: warning: score set for non-existent rule FUZZY_PRICES [11912] warn: config: warning: score set for non-existent rule FUZZY_REFINANCE [11912] warn: config: warning: score set for non-existent rule FUZZY_VIOXX [11912] warn: config: warning: score set for non-existent rule SUBJECT_FUZZY_CHEAP [11912] warn: config: warning: score set for non-existent rule FUZZY_VPILL [11912] warn: config: warning: score set for non-existent rule FUZZY_PHENT [11912] warn: config: warning: score set for non-existent rule FUZZY_MILF [11912] dbg: config: using "/root/.spamassassin" for user state dir [11912] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [11912] dbg: config: score set 1 chosen. [11912] dbg: message: ---- MIME PARSER START ---- [11912] dbg: message: main message type: text/plain [11912] dbg: message: parsing normal part [11912] dbg: message: added part, type: text/plain [11912] dbg: message: ---- MIME PARSER END ---- [11912] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [11912] dbg: dns: dns_available set to yes in config file, skipping test [11912] dbg: metadata: X-Spam-Relays-Trusted: [11912] dbg: metadata: X-Spam-Relays-Untrusted: [11912] dbg: plugin: Mail::SpamAssassin::Plugin::RelayCountry=HASH(0x895bc40) implements 'extract_metadata' [11912] dbg: metadata: X-Relay-Countries: [11912] dbg: message: no encoding detected [11912] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c) implements 'parsed_metadata' [11912] dbg: uridnsbl: domains to query: [11912] dbg: check: running tests for priority: 0 [11912] dbg: rules: running header regexp tests; score so far=0 [11912] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<" [11912] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit: "1131716647" [11912] dbg: rules: ran header rule __SANE_MSGID ======> got hit: "<1131716647@lint_rules> [11912] dbg: rules: " [11912] dbg: rules: ran header rule NO_REAL_NAME ======> got hit: "ignore@compiling.spamassassin.taint.org [11912] dbg: rules: " [11912] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit: "@lint_rules>" [11912] dbg: plugin: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d971e8)) [11912] dbg: plugin: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: message was delivered entirely via trusted relays, not required [11912] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org [11912] dbg: plugin: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d971e8)) [11912] dbg: eval: all '*To' addrs: [11912] dbg: plugin: registering glue method for check_for_spf_neutral (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: message was delivered entirely via trusted relays, not required [11912] dbg: plugin: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: rules: ran eval rule NO_RELAYS ======> got hit [11912] dbg: plugin: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: plugin: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: plugin: registering glue method for check_for_def_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: cannot get Envelope-From, cannot use SPF [11912] dbg: spf: def_spf_whitelist_from: could not find useable envelope sender [11912] dbg: plugin: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit [11912] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit [11912] dbg: plugin: registering glue method for check_for_spf_whitelist_from (Mail::SpamAssassin::Plugin::SPF=HASH(0x8daa820)) [11912] dbg: spf: spf_whitelist_from: could not find useable envelope sender [11912] dbg: rules: running body-text per-line regexp tests; score so far=0.738 [11912] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I" [11912] dbg: uri: running uri tests; score so far=0.738 [11912] dbg: bayes: no dbs present, cannot tie DB R/O: /root/.spamassassin/bayes_toks [11912] dbg: bayes: not scoring message, returning undef [11912] dbg: bayes: opportunistic call attempt failed, DB not readable [11912] dbg: plugin: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c)) [11912] dbg: rules: running raw-body-text per-line regexp tests; score so far=0.738 [11912] dbg: rules: running full-text regexp tests; score so far=0.738 [11912] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c) implements 'check_tick' [11912] dbg: check: running tests for priority: 500 [11912] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8e12c7c) implements 'check_post_dnsbl' [11912] dbg: rules: running meta tests; score so far=0.738 [11912] dbg: rules: running header regexp tests; score so far=2.216 [11912] dbg: rules: running body-text per-line regexp tests; score so far=2.216 [11912] dbg: uri: running uri tests; score so far=2.216 [11912] dbg: rules: running raw-body-text per-line regexp tests; score so far=2.216 [11912] dbg: rules: running full-text regexp tests; score so far=2.216 [11912] dbg: check: is spam? score=2.216 required=5 [11912] dbg: check: tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE [11912] dbg: check: subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID [11912] warn: lint: 43 issues detected, please rerun with debug enabled for more information Marc Dufresne, Corporate IT Officer St. Lawrence Parks Commission 13740 County Road 2 Morrisburg, ON K0C 1X0 E-mail: Marc.Dufresne@parks.on.ca Voice: 613-543-3704 Ext#2455 Fax: 613-543-2847 Corporate website: www.parks.on.ca ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! [ Part 2, Text/PLAIN (Name: "Marc Dufresne.vcf") 20 lines. ] [ Unable to print this part. ] From rob at THEHOSTMASTERS.COM Fri Nov 11 14:24:20 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:11 2006 Subject: Its not ny day for mailscanner Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] FYI to everyone.... i think i found my problem... just incase this might help anyone else.... i noticed by fluke that my webserver was also hanging a few times a day... after further investigation, as i though it weird both MS & Apache were hanging several times a day... i check through my dmesg logs carefully only to find an entry like this a few times... APIC error on CPU0: 02(02) After googling it, i saw a few post about this happening and some apps hanging or crashing until "nopic" was added to the kernel boot, so i added the "nopic" option to my kernel at boot time in my /boot/grub/menu.lst, as i use Debian, rebooted and all has been fine since then... i will wait and see if anything happens over the next week, but both MS and Apache are doing fine... :) Rob Morin Dido Internet Inc. Montreal, Canada 514-990-4444 http://www.dido.ca ----- Original Message ----- From: "Rob" To: Sent: Wednesday, November 09, 2005 1:04 PM Subject: Re: Its not ny day for mailscanner > If it helps i also added an init.pre file from SA source as debian did not > have it in /etc/spamassassin the contents of the file are below.... > > # RelayCountry - add metadata for Bayes learning, marking the countries > # a message was relayed through > # > # loadplugin Mail::SpamAssassin::Plugin::RelayCountry > > # URIDNSBL - look up URLs found in the message against several DNS > # blocklists. > # > loadplugin Mail::SpamAssassin::Plugin::URIDNSBL > > # Hashcash - perform hashcash verification. > # > loadplugin Mail::SpamAssassin::Plugin::Hashcash > > # SPF - perform SPF verification. > # > loadplugin Mail::SpamAssassin::Plugin::SPF > > Could this be causing anything? > > > Rob Morin > Dido Internet Inc. > Montreal, Canada > 514-990-4444 > http://www.dido.ca > > ----- Original Message ----- > From: "Rob" > To: > Sent: Wednesday, November 09, 2005 1:00 PM > Subject: Re: Its not ny day for mailscanner > > >>I still am having problems and cannot figure out why.... >> >> Nov 9 12:20:45 stewy MailScanner[946]: New Batch: Scanning 1 messages, >> 8128 bytes >> Nov 9 12:20:45 stewy MailScanner[946]: Spam Checks: Starting >> Nov 9 12:20:49 stewy MailScanner[946]: Virus and Content Scanning: >> Starting >> Nov 9 12:20:50 stewy MailScanner[946]: tag found in message >> 50B34BEDB.A57E4 from terry@helliker.net >> Nov 9 12:20:50 stewy MailScanner[946]: Requeue: 50B34BEDB.A57E4 to >> AA2D0BF4C >> Nov 9 12:20:50 stewy MailScanner[946]: Uninfected: Delivered 1 messages >> Nov 9 12:21:42 stewy MailScanner[10390]: MailScanner E-Mail Virus >> Scanner version 4.41.3 starting... >> Nov 9 12:21:42 stewy MailScanner[10390]: Read 120 hostnames from the >> phishing whitelist >> Nov 9 12:21:43 stewy MailScanner[10390]: Enabling SpamAssassin >> auto-whitelist functionality... >> Nov 9 12:21:47 stewy MailScanner[10390]: Using locktype = flock >> >> Died at he time above but still had MailScanner processes running... >> I then restarted at the time below >> >> Nov 9 12:54:30 stewy MailScanner[14310]: MailScanner E-Mail Virus >> Scanner version 4.41.3 starting... >> Nov 9 12:54:30 stewy MailScanner[14310]: Read 120 hostnames from the >> phishing whitelist >> Nov 9 12:54:31 stewy MailScanner[14310]: Enabling SpamAssassin >> auto-whitelist functionality... >> Nov 9 12:54:36 stewy MailScanner[14310]: Using locktype = flock >> Nov 9 12:54:36 stewy MailScanner[14310]: New Batch: Found 63 messages >> waiting >> >> It very unreliable now, i have to restart every 15 mins to make sure mail >> gets delivered.... >> >> Any suggestions on what to look for?? >> The debug did not seem to help much... >> >> >> Rob Morin >> Dido Internet Inc. >> Montreal, Canada >> 514-990-4444 >> http://www.dido.ca >> >> ----- Original Message ----- >> From: "Rob" >> To: >> Sent: Tuesday, November 08, 2005 3:35 PM >> Subject: Re: Its not ny day for mailscanner >> >> >>> ok so after doing this it scanned one message and gave me what seemed to >>> be a normal output.... but i can not site at the consol all day running >>> it in debug mode and restarting each time?? >>> >>> any other things i should look at.... >>> BTW when i say die, it looks like its dead, as i see mailscanner >>> processes in a ps but in the log file i see no mailscanner stuff >>> running... could it be because recently i added RBLs and razor? >>> >>> Thanks... >>> >>> Nov 8 15:27:29 stewy MailScanner[670]: MailScanner E-Mail Virus Scanner >>> version 4.41.3 starting... >>> Nov 8 15:27:29 stewy MailScanner[670]: Read 120 hostnames from the >>> phishing whitelist >>> Nov 8 15:27:29 stewy MailScanner[670]: Enabling SpamAssassin >>> auto-whitelist functionality... >>> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees Config LockType = >>> flock >>> Nov 8 15:27:33 stewy MailScanner[670]: lock.pl sees have_module = 0 >>> Nov 8 15:27:33 stewy MailScanner[670]: Using locktype = flock >>> Nov 8 15:27:33 stewy MailScanner[670]: New Batch: Scanning 2 messages, >>> 22625 bytes >>> Nov 8 15:27:33 stewy MailScanner[670]: Created attachment dirs for 2 >>> messages >>> Nov 8 15:27:33 stewy MailScanner[670]: Spam Checks: Starting >>> Nov 8 15:27:33 stewy MailScanner[670]: RBL Checks: returned 0 >>> Nov 8 15:27:35 stewy MailScanner[670]: SpamAssassin returned 0 >>> Nov 8 15:27:35 stewy MailScanner[670]: RBL checks: 51791BF61.03596 >>> found in SBL+XBL >>> Nov 8 15:27:35 stewy MailScanner[670]: RBL Checks: returned 256 >>> Nov 8 15:27:36 stewy MailScanner[670]: SpamAssassin returned 0 >>> Nov 8 15:27:36 stewy MailScanner[670]: Message 51791BF61.03596 from >>> 81.190.142.152 (olivergoldmanaz@baixin-tech.com) to flextherm.com is >>> spam, SBL+XBL, SpamAssassin (score=13.284, required 4, BAYES_99 3.50, >>> DRUGS_ANXIETY 0.10, DRUGS_ANXIETY_EREC 0.04, DRUGS_ERECTILE 0.22, >>> DRUGS_MANYKINDS 0.00, DRUGS_MUSCLE 0.00, DRUGS_PAIN 0.13, DRUGS_SLEEP >>> 0.00, DRUGS_SLEEP_EREC 3.34, HELO_DYNAMIC_IPADDR 4.40, >>> RAZOR2_CF_RANGE_51_100 0.06, RAZOR2_CHECK 1.51) >>> Nov 8 15:27:36 stewy MailScanner[670]: Spam Checks: Found 1 spam >>> messages >>> Nov 8 15:27:36 stewy MailScanner[670]: Spam Actions: message >>> 51791BF61.03596 actions are delete >>> Nov 8 15:27:37 stewy MailScanner[670]: Virus and Content Scanning: >>> Starting >>> Nov 8 15:27:37 stewy MailScanner[670]: Commencing scanning by clamav... >>> Nov 8 15:27:37 stewy MailScanner[670]: Completed scanning by clamav >>> Nov 8 15:27:37 stewy MailScanner[670]: tag found in message >>> 59F3EBF62.8B4B8 from lapresseaffaires@courrier.cyberpresse.ca >>> Nov 8 15:27:37 stewy MailScanner[670]: Requeue: 59F3EBF62.8B4B8 to >>> A53A5BF4C >>> Nov 8 15:27:37 stewy MailScanner[670]: About to deliver 1 messages >>> Nov 8 15:27:37 stewy MailScanner[670]: Uninfected: Delivered 1 messages >>> Nov 8 15:27:37 stewy postfix/qmgr[15211]: A53A5BF4C: >>> from=, size=20795, nrcpt=1 >>> (queue active) >>> Nov 8 15:27:37 stewy MailScanner[670]: MailScanner child dying of old >>> age >>> >>> >>> Rob Morin >>> Dido Internet Inc. >>> Montreal, Canada >>> 514-990-4444 >>> http://www.dido.ca >>> >>> ----- Original Message ----- >>> From: "Stephen Swaney" >>> To: >>> Sent: Monday, November 07, 2005 5:51 PM >>> Subject: Re: Its not ny day for mailscanner >>> >>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>> Behalf Of Ugo Bellavance >>>>> Sent: Monday, November 07, 2005 5:00 PM >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: Its not ny day for mailscanner >>>>> >>>>> Stephen Swaney wrote: >>>>> >> -----Original Message----- >>>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>>> >> On >>>>> >> Behalf Of Rob >>>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> >> Subject: Its not ny day for mailscanner >>>>> >> >>>>> >> First off thanks to all for helping me out in the last few days on >>>>> >> this >>>>> >> list i really appreciate it... >>>>> >> >>>>> >> No i have another strange problem... >>>>> >> >>>>> >> MS seems to silently die, and mail keeps coming in but not being >>>>> >> delivered.... >>>>> >> >>>>> >> Nothing in the logs other than the below... >>>>> >> >>>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> >>>>> >> When i run the /usr/sbin/check_mailscaner it says >>>>> >> >>>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>>> >> MailScanner running with pid 8146 8147 >>>>> >> >>>>> >> >>>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>>> >> >>>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>>> >> >>>>> >> Any ideas? >>>>> >> >>>>> >> Rob... >>>>> >> http://www.stupidguytalk.org >>>>> > >>>>> > To make the error a little noisier, in MailScanner.conf please set: >>>>> > >>>>> > Debug = no >>>>> > Debug SpamAssassin = no >>>>> > >>>>> > Then stop and then start MailScanner from the command line. Watch >>>>> > the >>>>> screen >>>>> > output. The reason for MailScanner dying should appear. >>>>> > >>>>> > Steve >>>>> > >>>>> > Stephen Swaney >>>>> > Fort Systems Ltd. >>>>> > stephen.swaney@fsl.com >>>>> > www.fsl.com >>>>> > >>>>> >>>>> I'd say yes, Steve, not no :) >>>>> >>>>> Debug = yes >>>>> Debug SpamAssassin = yes >>>>> >>>>> -- >>>>> Ugo >>>> >>>> Of course, Silly me. Thanks Ugo! >>>> >>>> Steve >>>> >>>> Stephen Swaney >>>> Fort Systems Ltd. >>>> stephen.swaney@fsl.com >>>> www.fsl.com >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> Rob Morin >>> Dido Internet Inc. >>> Montreal, Canada >>> 514-990-4444 >>> http://www.dido.ca >>> >>> ----- Original Message ----- >>> From: "Stephen Swaney" >>> To: >>> Sent: Monday, November 07, 2005 5:51 PM >>> Subject: Re: Its not ny day for mailscanner >>> >>> >>>>> -----Original Message----- >>>>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>>>> Behalf Of Ugo Bellavance >>>>> Sent: Monday, November 07, 2005 5:00 PM >>>>> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> Subject: Re: Its not ny day for mailscanner >>>>> >>>>> Stephen Swaney wrote: >>>>> >> -----Original Message----- >>>>> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] >>>>> >> On >>>>> >> Behalf Of Rob >>>>> >> Sent: Monday, November 07, 2005 3:45 PM >>>>> >> To: MAILSCANNER@JISCMAIL.AC.UK >>>>> >> Subject: Its not ny day for mailscanner >>>>> >> >>>>> >> First off thanks to all for helping me out in the last few days on >>>>> >> this >>>>> >> list i really appreciate it... >>>>> >> >>>>> >> No i have another strange problem... >>>>> >> >>>>> >> MS seems to silently die, and mail keeps coming in but not being >>>>> >> delivered.... >>>>> >> >>>>> >> Nothing in the logs other than the below... >>>>> >> >>>>> >> Nov 7 07:19:38 stewy MailScanner[22057]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 08:20:29 stewy MailScanner[32272]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 09:22:31 stewy MailScanner[12405]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 10:01:06 stewy MailScanner[22796]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:18:19 stewy MailScanner[8095]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:27:49 stewy MailScanner[10785]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 11:28:28 stewy MailScanner[10982]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:31:27 stewy MailScanner[28341]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 12:55:14 stewy MailScanner[2339]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 13:20:20 stewy MailScanner[9208]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:20:12 stewy MailScanner[23010]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 14:26:12 stewy MailScanner[24665]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:23:26 stewy MailScanner[6529]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> Nov 7 15:35:33 stewy MailScanner[8147]: MailScanner E-Mail Virus >>>>> Scanner >>>>> >> version 4.41.3 starting... >>>>> >> >>>>> >> When i run the /usr/sbin/check_mailscaner it says >>>>> >> >>>>> >> stewy:/var/log# /usr/sbin/check_mailscanner >>>>> >> MailScanner running with pid 8146 8147 >>>>> >> >>>>> >> >>>>> >> But when i watch the logs via tail -f i do not see any Mailscanner >>>>> >> activity until i restart by /etc/init.d/mailscanner restart >>>>> >> >>>>> >> I am using MS 4.41.3-2 with postfix on debian 3.1 >>>>> >> >>>>> >> Any ideas? >>>>> >> >>>>> >> Rob... >>>>> >> http://www.stupidguytalk.org >>>>> > >>>>> > To make the error a little noisier, in MailScanner.conf please set: >>>>> > >>>>> > Debug = no >>>>> > Debug SpamAssassin = no >>>>> > >>>>> > Then stop and then start MailScanner from the command line. Watch >>>>> > the >>>>> screen >>>>> > output. The reason for MailScanner dying should appear. >>>>> > >>>>> > Steve >>>>> > >>>>> > Stephen Swaney >>>>> > Fort Systems Ltd. >>>>> > stephen.swaney@fsl.com >>>>> > www.fsl.com >>>>> > >>>>> >>>>> I'd say yes, Steve, not no :) >>>>> >>>>> Debug = yes >>>>> Debug SpamAssassin = yes >>>>> >>>>> -- >>>>> Ugo >>>> >>>> Of course, Silly me. Thanks Ugo! >>>> >>>> Steve >>>> >>>> Stephen Swaney >>>> Fort Systems Ltd. >>>> stephen.swaney@fsl.com >>>> www.fsl.com >>>> >>>> ------------------------ MailScanner list ------------------------ >>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>> 'leave mailscanner' in the body of the email. >>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>>> >>>> Support MailScanner development - buy the book off the website! >>> >>> ------------------------ MailScanner list ------------------------ >>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>> 'leave mailscanner' in the body of the email. >>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>> Support MailScanner development - buy the book off the website! >> >> ------------------------ MailScanner list ------------------------ >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >> 'leave mailscanner' in the body of the email. >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >> Support MailScanner development - buy the book off the website! > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From steve.swaney at fsl.com Fri Nov 11 14:42:07 2005 From: steve.swaney at fsl.com (Stephen Swaney) Date: Thu Jan 12 21:31:11 2006 Subject: installing libmilter Message-ID: > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Anders Andersson, IT > Sent: Friday, November 11, 2005 8:44 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: installing libmilter > > > -----Original Message----- > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > > > -----Original Message----- > > > From: MailScanner mailing list > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > Behalf Of Anders Andersson, IT > > > Sent: Thursday, November 03, 2005 7:04 AM > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > Subject: OT: installing libmilter > > > > > > Hi all pro's :) > > > > > > Could somone shed some light how to do the libmilter > > installation on > > > CentOS. > > > I managed to figure out I need the source to build the libmilter > > > included in the package > > > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.rpm > > > before I can do the rest but Im not sure how to actually do the > > > libmilter/sendmail rebuild thingy. > > > > > > If this is something someone like me should not do pls > > informa and Ill > > > drop it until I actually know what Im doing > > > > > > Never even tried to rebuild sendmail since I only use out > > of the box > > > with some changes in sendmail.mc so go easy on a hardcore newbie :) > > > > > > /Anders > > > > You shouldn't need to build libmilter. Just install the > > sendmail-devel rpm. > > Then read /usr/share/doc/sendmail/README.libmilter for the > > gory details. > > > > Most milters are fairly easy to install. Some general instructions: > > > > 1. Download and unpack the milter source code 2. Configure > > build and install the milter 3. Install the init script so > > the milter can start on reboot (some milters do this automatically). > > 4. Start and test the milter (look at the mail logs for > > error) 5. Configure the init script to run at boot 6. Modify > > your sendmail.mc file to configure sendmail to user the milter. > > Typically it's just adding a line similar to: > > > > INPUT_MAIL_FILTER(`milter-greylist', > > `S=local:/var/milter-greylist/milter-greylist.sock') > > 7. Use m4 to rebuild your sendmail.cf file from your modified > > sendmail.mc file 8. Restart sendmail (don't forget to check > > the mail log for errors) > > > > Hope this helps, > > > > Steve > > > Turn out to just as simple as you said, damn I hate when I cant figure > things out my self :) > All is running fine and guess I will have to give at week to see what > the result will be regarding decreased mailflow. The only thing I didnt > like is the response sent back to the sender, it contains a little to > much info > Ex. > Remote MTA ns2.ltkalmar.se: SMTP diagnostic: 550 5.7.1 > ... server [172.29.32.81] for > rejected address saying "User > unknown" > > I rather just having it saying "550 5.7.1 User unknown" but I can live > with this for the moment :) > That's an interesting point and I'll pass your comment along to Anthony Howe. A quiet or less verbose switch might be useful. In reviewing the milter-ahead documentation I found two useful switches that I had missed before :) I'll pass them along as you might find them useful: -R Reject a RCPT if it uses a routed address (the %-hack). -B For a backup-MX, reject mail when the primary MX is available. This does not conform with RFC 974 "MAIL ROUTING AND THE DOMAIN SYSTEM" section "Interpreting the List of MX RRs", paragraph 7, sentence 2 and 3, which only requires mail clients to attempt delivery to the primary first, before trying other MXes. Spammers often attempt to by-pass spam filters by sending email directly to secondary MX machines, which often have weaker requirements. This option essentially demands that a client only deliver to the primary MX when it is available. The full documentation and other useful milters can be found at: http://www.snertsoft.com/ Steve Stephen Swaney Fort Systems Ltd. stephen.swaney@fsl.com www.fsl.com ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Fri Nov 11 15:09:37 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: Hi, I finally got passed my previous issues... Now trying to execute MAilscanner, which yields the following result: [root sbin]# ./Mailscanner Not enough arguments for mkdir at /usr/lib/MailScanner/MailScanner/TNEF.pm line 126 near ""/ tmp/tnef.$$";" BEGIN failed - compilation aborted at ./MailScanner line 84. TNEF.pm: ----------- # Make the temporary tnef files be created under /tmp for easy removal. mkdir "/tmp/tnef.$$"; <<<---- line 126 chmod 0700, "/tmp/tnef.$$"; %parms = ( ignore_checksum => "true", output_dir => "/tmp/tnef.$$", output_to_core => "NONE" ); my $tnef = Convert::TNEF->read_in("$dir/$tnefname", \%parms); Any clues on how to resolve this? /Anders ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Fri Nov 11 15:25:29 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Sorry, stupid mistake by me. Change the line to read mkdir "/tmp/tnef.$$", 0777; This will be corrected in the next release. On 11 Nov 2005, at 15:09, Anders wrote: > Hi, > I finally got passed my previous issues... > Now trying to execute MAilscanner, which yields the following result: > > [root sbin]# ./Mailscanner > Not enough arguments for mkdir at /usr/lib/MailScanner/MailScanner/ > TNEF.pm line 126 near ""/ > tmp/tnef.$$";" > BEGIN failed - compilation aborted at ./MailScanner line 84. > > TNEF.pm: > ----------- > # Make the temporary tnef files be created under /tmp for easy > removal. > mkdir "/tmp/tnef.$$"; <<<---- > line 126 > chmod 0700, "/tmp/tnef.$$"; > %parms = ( ignore_checksum => "true", > output_dir => "/tmp/tnef.$$", > output_to_core => "NONE" ); > my $tnef = Convert::TNEF->read_in("$dir/$tnefname", \%parms); > > Any clues on how to resolve this? > > /Anders > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2425) iQEVAwUBQ3S36vw32o+k+q+hAQHoQgf/SITyJLqX8XxuXo68r5nssi1KmNao7W/D Og9HB3CjegWRWrT4QrtFfhCfUIMoSloK6NwqcwYR9YFuKPQPoCXZC5t1AafJYGw4 P5QSfZa3Oy7aolmHyUyemDLs3jSHRLI5K67X1kTFRM+BT/AuGUB8KkYjvqWnCsuy A8WW8h8R1g5tqz+lgBmfvToRXaOUfy9ap+m2abrMSdBnbUXn/boz4gnnUh/2WnLC PgZNCuKYXv+/rakqOGEgCIEUHiXSVXo9A9X+SVObx9CUBMuih+CH0swFVxe1c7gm JtTcDK+9DGLDkupn3c8S/1UB5BCMLcM7asgqCqCjsZmpEluQ+HrKNA== =RJyE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Fri Nov 11 15:27:56 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: How odd You're not running in a chroot jail are you?, or running as a non-root user for MailScanner? Has the user in question rights to create that file? What happens if you put MS in debug mode and run it? (edit MailScanner.conf, make both debug values yes then run check_MailScanner ) -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Anders > Sent: 11 November 2005 15:10 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] problems with TNEF.pm > > Hi, > I finally got passed my previous issues... > Now trying to execute MAilscanner, which yields the following result: > > [root sbin]# ./Mailscanner > Not enough arguments for mkdir at /usr/lib/MailScanner/MailScanner/TNEF.pm > line 126 near ""/ > tmp/tnef.$$";" > BEGIN failed - compilation aborted at ./MailScanner line 84. > > TNEF.pm: > ----------- > # Make the temporary tnef files be created under /tmp for easy removal. > mkdir "/tmp/tnef.$$"; <<<---- line 126 > chmod 0700, "/tmp/tnef.$$"; > %parms = ( ignore_checksum => "true", > output_dir => "/tmp/tnef.$$", > output_to_core => "NONE" ); > my $tnef = Convert::TNEF->read_in("$dir/$tnefname", \%parms); > > Any clues on how to resolve this? > > /Anders > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders.andersson at LTKALMAR.SE Fri Nov 11 15:51:03 2005 From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT) Date: Thu Jan 12 21:31:11 2006 Subject: installing libmilter Message-ID: > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > Sent: Friday, November 11, 2005 3:42 PM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: installing libmilter > > From: MailScanner mailing list > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > Behalf Of Anders Andersson, IT > > Sent: Friday, November 11, 2005 8:44 AM > > To: MAILSCANNER@JISCMAIL.AC.UK > > Subject: Re: installing libmilter > > > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Stephen Swaney > > > > -----Original Message----- > > > > From: MailScanner mailing list > > > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > > > > Behalf Of Anders Andersson, IT > > > > Sent: Thursday, November 03, 2005 7:04 AM > > > > To: MAILSCANNER@JISCMAIL.AC.UK > > > > Subject: OT: installing libmilter > > > > > > > > Hi all pro's :) > > > > > > > > Could somone shed some light how to do the libmilter > > > installation on > > > > CentOS. > > > > I managed to figure out I need the source to build the > libmilter > > > > included in the package > > > > > > > > http://mirror.nsc.liu.se/CentOS/4.2/os/SRPMS/sendmail-8.13.1-2.src.r > > > pm > > > > before I can do the rest but Im not sure how to actually do the > > > > libmilter/sendmail rebuild thingy. > > > > > > > > If this is something someone like me should not do pls > > > informa and Ill > > > > drop it until I actually know what Im doing > > > > > > > > Never even tried to rebuild sendmail since I only use out > > > of the box > > > > with some changes in sendmail.mc so go easy on a > hardcore newbie > > > > :) > > > > > > > > /Anders > > > > > > You shouldn't need to build libmilter. Just install the > > > sendmail-devel rpm. > > > Then read /usr/share/doc/sendmail/README.libmilter for the gory > > > details. > > > > > > Most milters are fairly easy to install. Some general > instructions: > > > > > > 1. Download and unpack the milter source code 2. > Configure build and > > > install the milter 3. Install the init script so the milter can > > > start on reboot (some milters do this automatically). > > > 4. Start and test the milter (look at the mail logs for > > > error) 5. Configure the init script to run at boot 6. Modify your > > > sendmail.mc file to configure sendmail to user the milter. > > > Typically it's just adding a line similar to: > > > > > > INPUT_MAIL_FILTER(`milter-greylist', > > > `S=local:/var/milter-greylist/milter-greylist.sock') > > > 7. Use m4 to rebuild your sendmail.cf file from your modified > > > sendmail.mc file 8. Restart sendmail (don't forget to > check the mail > > > log for errors) > > > > > > Hope this helps, > > > > > > Steve > > > > > Turn out to just as simple as you said, damn I hate when I > cant figure > > things out my self :) All is running fine and guess I will have to > > give at week to see what the result will be regarding decreased > > mailflow. The only thing I didnt like is the response sent > back to the > > sender, it contains a little to much info Ex. > > Remote MTA ns2.ltkalmar.se: SMTP diagnostic: 550 5.7.1 > > ... server [172.29.32.81] for > > rejected address saying "User > > unknown" > > > > I rather just having it saying "550 5.7.1 User unknown" but > I can live > > with this for the moment :) > > > > That's an interesting point and I'll pass your comment along > to Anthony Howe. A quiet or less verbose switch might be useful. > > In reviewing the milter-ahead documentation I found two > useful switches that I had missed before :) I'll pass them > along as you might find them useful: > > -R > Reject a RCPT if it uses a routed address (the %-hack). I saw that but couldnt google it to figure out what it was for so I, styying on the safe side :) > > -B > For a backup-MX, reject mail when the primary MX is > available. This does not conform with RFC 974 "MAIL ROUTING > AND THE DOMAIN SYSTEM" section "Interpreting the List of MX > RRs", paragraph 7, sentence 2 and 3, which only requires mail > clients to attempt delivery to the primary first, before > trying other MXes. Spammers often attempt to by-pass spam > filters by sending email directly to secondary MX machines, > which often have weaker requirements. This option essentially > demands that a client only deliver to the primary MX when it > is available. > > The full documentation and other useful milters can be found at: > > http://www.snertsoft.com/ > > Steve ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From anders_wannfors at PRIVAT.UTFORS.SE Fri Nov 11 15:46:08 2005 From: anders_wannfors at PRIVAT.UTFORS.SE (Anders) Date: Thu Jan 12 21:31:11 2006 Subject: problems with TNEF.pm Message-ID: That did it! Thanks a lot for the ultra-quick response!!!! /AW [root sbin]# ./MailScanner -v Running on Linux www.domain.secret 2.2.16C37_III #1 Sat Apr 12 14:54:32 PDT 2003 i586 unknown This is Perl version 5.005030 (%vd) This is MailScanner version 4.47.4 Module versions are: 1.14 Archive::Zip 1.119 Convert::BinHex 1.03 Fcntl 2.6 File::Basename 2.02 File::Copy 2.00 FileHandle 1.0401 File::Path 0.16 File::Temp 1.13 HTML::Entities 2.23 HTML::Parser 2.05 HTML::TokeParser 1.06021 IO::File 1.0902 IO::Pipe 1.67 Mail::Header 3.05 MIME::Base64 5.417 MIME::Decoder 5.417 MIME::Decoder::UU 5.417 MIME::Head 5.417 MIME::Parser 3.03 MIME::QuotedPrint 5.417 MIME::Tools 0.10 Net::CIDR 1.02 POSIX 1.7 Socket 1.01 Time::localtime Optional module versions are: 0.17 Convert::TNEF 1.65 DB_File 0.02 Digest 1.00 Digest::HMAC 2.07 Digest::MD5 1.01 Digest::SHA1 missing Inline missing Mail::ClamAV missing Mail::SpamAssassin missing Mail::SPF::Query missing Net::CIDR::Lite missing Net::DNS missing Net::LDAP missing Parse::RecDescent missing SAVI missing Sys::Hostname::Long 2.28 Test::Harness 0.62 Test::Simple missing Text::Balanced 1.02 URI ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From kodak at FRONTIERHOMEMORTGAGE.COM Fri Nov 11 18:53:24 2005 From: kodak at FRONTIERHOMEMORTGAGE.COM (Jason Balicki) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: Hey guys, Well, it's finally happened: I contract IT services for a client who I've heard through the grapevine is seriously considering spam as an option. This company is a sub 20 person small business. First: let me say for the record that if I'm asked to implement this I will refuse and if they pursue this through other means I will sever the contract. That being said, I'd like to talk them out of it, as they're otherwise a good client and I'd like to keep them. I'd like to think that if they were presented with all the information they'd back off. The problem is that everything I can find is more of the technical "how do I fight spam" kind of document, and not so much "why you shouldn't send spam, you idiot" and I'm looking for documents of the latter type to send to this client. They haven't approached me about this yet, I heard this from a mid-level employee who thought I should know that it may be coming. I'd like to be armed with a bit more than "it's unethical" (although, really, that should be enough). I can explain about botnets and viruses, worms and trojans till I'm blue in the face, but all that stuff is sort of esoteric to a non-techie who's just looking for a revenue stream. So, if anyone has any links, advice, or anything else please let me know. If I get a lot of good info, I'll try to aggregate it on the Wiki, too. Thanks a lot, guys, --J(K) ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mauriciopcavalcanti at HOTMAIL.COM Fri Nov 11 20:01:11 2005 From: mauriciopcavalcanti at HOTMAIL.COM (Mauricio Portilho Cavalcanti) Date: Thu Jan 12 21:31:11 2006 Subject: Uncommon rule do whitelist Message-ID: [ The following text is in the "iso-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, I have to deliver all e-mail (whitelist) coming from one specific ip address to some e-mail address. I think a rule like this in whitelist rules: From: a.b.c.d and To: badboy@domain.com yes And more... all e-mail coming from ip a.b.c.d AND with from e-mail *@domain.com AND to badboy@domain.com has to be whitelisted... how can I make this rule?? Thanks in advance, Mauricio ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From jeff at DYNAMICTELECARD.COM Fri Nov 11 20:24:28 2005 From: jeff at DYNAMICTELECARD.COM (Jeff Davis) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Yes, aside from the unethical part I would try to convince them how this will impact their bottom line in at least two ways. Some places have legistation that can cause them to fight legal battles and which will likely make their spam tactics become public knowledge possibly damaging their public image. http://www.spamlaws.com/ Also getting added to a blacklist would cause ALL mail from that server to get blocked not just the spam. How detrimental this would be depends on the business. -Jeff Jason Balicki wrote: > Hey guys, > > Well, it's finally happened: I contract IT services for a client > who I've heard through the grapevine is seriously considering > spam as an option. This company is a sub 20 person small > business. > > First: let me say for the record that if I'm asked to implement > this I will refuse and if they pursue this through other > means I will sever the contract. > > That being said, I'd like to talk them out of it, as they're > otherwise a good client and I'd like to keep them. I'd like > to think that if they were presented with all the information > they'd back off. > > The problem is that everything I can find is more of the > technical "how do I fight spam" kind of document, and not > so much "why you shouldn't send spam, you idiot" and I'm > looking for documents of the latter type to send to this > client. > > They haven't approached me about this yet, I heard this > from a mid-level employee who thought I should know that > it may be coming. I'd like to be armed with a bit more > than "it's unethical" (although, really, that should > be enough). I can explain about botnets and viruses, > worms and trojans till I'm blue in the face, but all > that stuff is sort of esoteric to a non-techie who's > just looking for a revenue stream. > > So, if anyone has any links, advice, or anything else > please let me know. > > If I get a lot of good info, I'll try to aggregate it > on the Wiki, too. > > Thanks a lot, guys, > > --J(K) > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From michele at BLACKNIGHT.IE Fri Nov 11 20:27:44 2005 From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] I've a few posts on my blog that might help .. or hinder :) have a poke around and see if you can find anything useful. If you can't I'll write something -- Mr Michele Neylon Blacknight Solutions Quality Business Hosting & Colocation http://www.blacknight.ie/ Tel. 1850 927 280 Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Fax. +353 (0) 59 9164239 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From john at KATY.COM Fri Nov 11 22:56:35 2005 From: john at KATY.COM (John Schmerold) Date: Thu Jan 12 21:31:11 2006 Subject: Resending archived messages Message-ID: Our Mailscanner was blocked by cbl. As a temporary solution, I've moved it to another IP address, however I have the problem of resending the messages saved to archive the df & qf files. How is this done, I can't find the thread that discussed this. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From craigwhite at AZAPPLE.COM Sat Nov 12 02:35:45 2005 From: craigwhite at AZAPPLE.COM (Craig White) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: On Fri, 2005-11-11 at 12:53 -0600, Jason Balicki wrote: > Hey guys, > > Well, it's finally happened: I contract IT services for a client > who I've heard through the grapevine is seriously considering > spam as an option. This company is a sub 20 person small > business. > > First: let me say for the record that if I'm asked to implement > this I will refuse and if they pursue this through other > means I will sever the contract. > > That being said, I'd like to talk them out of it, as they're > otherwise a good client and I'd like to keep them. I'd like > to think that if they were presented with all the information > they'd back off. > > The problem is that everything I can find is more of the > technical "how do I fight spam" kind of document, and not > so much "why you shouldn't send spam, you idiot" and I'm > looking for documents of the latter type to send to this > client. > > They haven't approached me about this yet, I heard this > from a mid-level employee who thought I should know that > it may be coming. I'd like to be armed with a bit more > than "it's unethical" (although, really, that should > be enough). I can explain about botnets and viruses, > worms and trojans till I'm blue in the face, but all > that stuff is sort of esoteric to a non-techie who's > just looking for a revenue stream. > > So, if anyone has any links, advice, or anything else > please let me know. > > If I get a lot of good info, I'll try to aggregate it > on the Wiki, too. ---- first of all, doing spam is not a job for amateurs so it's highly unlikely they would do it in house. second of all, if they were to attempt to do it in house, as someone else already pointed out, their mail server would be blacklisted and legitimate email won't get delivered. thirdly, the leads they generate will be costly and ineffective. I have a friend who has a mortgage business and when he told me what he was doing I laughed and was glad he didn't try to get me involved. You don't have to lecture them, all you need to say is that is an area of the computer industry that you don't participate in, in fact, you work the other side...set up clients to stop that from occurring. If you lecture, you might lose a customer. If you simply point out these issues and perhaps any applicable laws, you look smart. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From glenn.steen at gmail.com Sat Nov 12 11:39:14 2005 From: glenn.steen at gmail.com (Glenn Steen) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] On 11/11/05, Jason Balicki wrote: > Hey guys, > > Well, it's finally happened: I contract IT services for a client > who I've heard through the grapevine is seriously considering > spam as an option. This company is a sub 20 person small > business. > > First: let me say for the record that if I'm asked to implement > this I will refuse and if they pursue this through other > means I will sever the contract. Thank you for that. > > That being said, I'd like to talk them out of it, as they're > otherwise a good client and I'd like to keep them. I'd like > to think that if they were presented with all the information > they'd back off. > Good plan. > The problem is that everything I can find is more of the > technical "how do I fight spam" kind of document, and not > so much "why you shouldn't send spam, you idiot" and I'm > looking for documents of the latter type to send to this > client. > > They haven't approached me about this yet, I heard this > from a mid-level employee who thought I should know that > it may be coming. I'd like to be armed with a bit more > than "it's unethical" (although, really, that should > be enough). I can explain about botnets and viruses, > worms and trojans till I'm blue in the face, but all > that stuff is sort of esoteric to a non-techie who's > just looking for a revenue stream. > > So, if anyone has any links, advice, or anything else > please let me know. > > If I get a lot of good info, I'll try to aggregate it > on the Wiki, too. > > Thanks a lot, guys, > > --J(K) > It's a question of common business sense. As with any commercial endeavour, they should be interested in their bottom line. You should probably not focus so much on the unethical/unlawful aspects of it as on the effects of the badwill they will generate. If they are serious in that they want to survive as a company for any number of years, they will be interested in protecting their good name. Using spam as a promotional channel is directly contrary to this and, if they stop and think about it, this should be pretty obvious. Do mention that the methods involved, if not the actual sending of spam, are a) not legal in very many countries and b) often operated by criminals of the sort any healthy company, big or small, would shy away from being associated with. As an example: The Swedish coffee brand Gevalia has been known to appear (of their own volition or not) in spams. I and all persons receiving such spam had three immediate reactions: - Chuckle a bit over their apparent stupidity - Strike them off the list of viable coffee brands - Tell everyone we know not to buy their products This would perhaps not be that bad in the short run, but let me elaborate: I work for a government pension fund here in Sweden. The fund has adopted a rather strong policy regarding ethics and morals, so these things could affect our positions in the actual company employing spam techniques (yes, we do trade small caps, so even really minor endeavours might be affected). While this is centered on more "heavy duty" breaches (human rights, labor rights etc), unethical/unlawful activities _will_ gender action from the fund and its rather extensive "ethics networking community". As such, the fund tries to work with the companies to eliminate and prevent these activities, but... Through "the network", substantial economical harm can be done to the culprit, so most companies tend to take a mere warning seriously. Since this type of focus on ethics/morality is becoming more common in the financial world, the business risk of "shady behaviour" is fast becoming a factor. Small companies might not be aware of this trend and, if they're privately held, might just shrug it off... But they still take a rather big risk with their brand, using it in spam. I suspect that put that way, they'll see the light. -- -- Glenn email: glenn < dot > steen < at > gmail < dot > com work: glenn < dot > steen < at > ap1 < dot > se ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sat Nov 12 16:12:22 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: I am trying to enable the Sign Clean Messages feature. I had created a rule set and it wasn’t doing anything, so I simply set Sign Clean Messages = yes. But, still nothing is happening. I am using an older version MailScanner-4.37.7-1. Is there a way that I can troubleshoot this? Thanks in Advance, Diane ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 12 16:16:51 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: [ The following text is in the "windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 You are doing a "service MailScanner reload" between each change of configuration? Also, try it with a plain text message, so that you have a simple test. And make sure that the "Run As User" user can read the signature file(s). What does your maillog say? Anything useful? Diane Rolland wrote: > I am trying to enable the Sign Clean Messages feature. I had created a > rule set and it wasn^Òt doing anything, so I simply set Sign Clean > Messages = yes. But, still nothing is happening. > > I am using an older version MailScanner-4.37.7-1. > > Is there a way that I can troubleshoot this? > > Thanks in Advance, > > Diane > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > *Support MailScanner development - buy the book off the website!* - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy cNpiYbS3MTSPXxNyAYFiomro =eEBx -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sat Nov 12 16:37:54 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: Yes, I had reloaded and even restarted. The maillog just indicates that a new batch went through successfully. I did try with just plain text and that seems to work. Not sure why the HTML wouldn't be working. I'm using the two default files that came with MailScanner. Thanks for getting me this far!!! > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Saturday, November 12, 2005 10:17 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: problem with Sign Clean Messages > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > You are doing a "service MailScanner reload" between each change of > configuration? > Also, try it with a plain text message, so that you have a simple test. > And make sure that the "Run As User" user can read the signature file(s). > What does your maillog say? Anything useful? > > Diane Rolland wrote: > > > I am trying to enable the Sign Clean Messages feature. I had created a > > rule set and it wasn't doing anything, so I simply set Sign Clean > > Messages = yes. But, still nothing is happening. > > > > I am using an older version MailScanner-4.37.7-1. > > > > Is there a way that I can troubleshoot this? > > > > Thanks in Advance, > > > > Diane > > > > > > ------------------------ MailScanner list ------------------------ > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > > 'leave mailscanner' in the body of the email. > > Before posting, read the Wiki (http://wiki.mailscanner.info/) > > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > > *Support MailScanner development - buy the book off the website!* > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy > cNpiYbS3MTSPXxNyAYFiomro > =eEBx > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From MailScanner at ecs.soton.ac.uk Sat Nov 12 16:58:21 2005 From: MailScanner at ecs.soton.ac.uk (Julian Field) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The HTML ones add the sig at the end of the message, using the best way I can. Have you tried looking at the message with another email app? Or what do you get when you look at the message source? Is it tucked away at the bottom of the source okay: Diane Rolland wrote: >Yes, I had reloaded and even restarted. The maillog just indicates that a >new batch went through successfully. > >I did try with just plain text and that seems to work. Not sure why the >HTML wouldn't be working. I'm using the two default files that came with >MailScanner. > >Thanks for getting me this far!!! > > > >>-----Original Message----- >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On >>Behalf Of Julian Field >>Sent: Saturday, November 12, 2005 10:17 AM >>To: MAILSCANNER@JISCMAIL.AC.UK >>Subject: Re: problem with Sign Clean Messages >> >>-----BEGIN PGP SIGNED MESSAGE----- >>Hash: SHA1 >> >>You are doing a "service MailScanner reload" between each change of >>configuration? >>Also, try it with a plain text message, so that you have a simple test. >>And make sure that the "Run As User" user can read the signature file(s). >>What does your maillog say? Anything useful? >> >>Diane Rolland wrote: >> >> >> >>>I am trying to enable the Sign Clean Messages feature. I had created a >>>rule set and it wasn't doing anything, so I simply set Sign Clean >>>Messages = yes. But, still nothing is happening. >>> >>>I am using an older version MailScanner-4.37.7-1. >>> >>>Is there a way that I can troubleshoot this? >>> >>>Thanks in Advance, >>> >>>Diane >>> >>> >>>------------------------ MailScanner list ------------------------ >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>>'leave mailscanner' in the body of the email. >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >>> >>>*Support MailScanner development - buy the book off the website!* >>> >>> >>- -- >>Julian Field >>www.MailScanner.info >>Buy the MailScanner book at www.MailScanner.info/store >>Professional Support Services at www.MailScanner.biz >>MailScanner thanks transtec Computers for their support >> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 >> >> >>-----BEGIN PGP SIGNATURE----- >>Version: PGP Desktop 9.0.2 (Build 2424) >> >>iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy >>cNpiYbS3MTSPXxNyAYFiomro >>=eEBx >>-----END PGP SIGNATURE----- >> >>-- >>This message has been scanned for viruses and >>dangerous content by MailScanner, and is >>believed to be clean. >> >>------------------------ MailScanner list ------------------------ >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >>'leave mailscanner' in the body of the email. >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). >> >>Support MailScanner development - buy the book off the website! >> >> > >------------------------ MailScanner list ------------------------ >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: >'leave mailscanner' in the body of the email. >Before posting, read the Wiki (http://wiki.mailscanner.info/) and >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >Support MailScanner development - buy the book off the website! > > - -- Julian Field www.MailScanner.info Buy the MailScanner book at www.MailScanner.info/store Professional Support Services at www.MailScanner.biz MailScanner thanks transtec Computers for their support PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.0.2 (Build 2424) iQA/AwUBQ3YfLhH2WUcUFbZUEQLgXwCeO5oiVz3B5wnXl1nTnku9sy8MJbUAoIzb 1WF27nDbV+0UeY1IQLfi6jZn =FG5e -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 12 17:23:49 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:11 2006 Subject: OT: Need advice: client wants to spam (ARGH!) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Craig White wrote: > On Fri, 2005-11-11 at 12:53 -0600, Jason Balicki wrote: >> Hey guys, >> >> Well, it's finally happened: I contract IT services for a client >> who I've heard through the grapevine is seriously considering >> spam as an option. This company is a sub 20 person small >> business. >> >> First: let me say for the record that if I'm asked to implement >> this I will refuse and if they pursue this through other >> means I will sever the contract. >> >> That being said, I'd like to talk them out of it, as they're >> otherwise a good client and I'd like to keep them. I'd like >> to think that if they were presented with all the information >> they'd back off. >> >> The problem is that everything I can find is more of the >> technical "how do I fight spam" kind of document, and not >> so much "why you shouldn't send spam, you idiot" and I'm >> looking for documents of the latter type to send to this >> client. >> >> They haven't approached me about this yet, I heard this >> from a mid-level employee who thought I should know that >> it may be coming. I'd like to be armed with a bit more >> than "it's unethical" (although, really, that should >> be enough). I can explain about botnets and viruses, >> worms and trojans till I'm blue in the face, but all >> that stuff is sort of esoteric to a non-techie who's >> just looking for a revenue stream. >> >> So, if anyone has any links, advice, or anything else >> please let me know. >> >> If I get a lot of good info, I'll try to aggregate it >> on the Wiki, too. > ---- > first of all, doing spam is not a job for amateurs so it's highly > unlikely they would do it in house. > > second of all, if they were to attempt to do it in house, as someone > else already pointed out, their mail server would be blacklisted and > legitimate email won't get delivered. > > thirdly, the leads they generate will be costly and ineffective. > > I have a friend who has a mortgage business and when he told me what he > was doing I laughed and was glad he didn't try to get me involved. You > don't have to lecture them, all you need to say is that is an area of > the computer industry that you don't participate in, in fact, you work > the other side...set up clients to stop that from occurring. If you > lecture, you might lose a customer. If you simply point out these issues > and perhaps any applicable laws, you look smart. I agree. If you ever detect that they are sending spam, I'd do the innocent and tell them that you discovered and that they should investigate if they have zombies or something similar. You can ask them if they are doing that on purpose. If so, you can explain them all the consequences. They'll probably understand. If they want to test mass-mailing, they could use something like http://www.d-courrier.com/ and evaluate the results. Now the question is whether to act proactively or reactively... > > Craig > > ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 12 17:26:43 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hi, Anyone here has scripts for testing queue lengths (incoming/outgoing) with sendmail? Regards, ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Sat Nov 12 17:59:08 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Hi, > > Anyone here has scripts for testing queue lengths > (incoming/outgoing) with sendmail? mailscanner-mrtg does it. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From ugob at CAMO-ROUTE.COM Sat Nov 12 19:17:30 2005 From: ugob at CAMO-ROUTE.COM (Ugo Bellavance) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Matt Kettler wrote: > Ugo Bellavance wrote: >> Hi, >> >> Anyone here has scripts for testing queue lengths >> (incoming/outgoing) with sendmail? > > mailscanner-mrtg does it. > Yes, but is it possible to use mailscanner-mrtg for alarms (when incoming queue > 100 for example)? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From mkettler at EVI-INC.COM Sat Nov 12 19:37:42 2005 From: mkettler at EVI-INC.COM (Matt Kettler) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo Bellavance wrote: > Matt Kettler wrote: > >> Ugo Bellavance wrote: >> >>> Hi, >>> >>> Anyone here has scripts for testing queue lengths >>> (incoming/outgoing) with sendmail? >> >> >> mailscanner-mrtg does it. >> > > Yes, but is it possible to use mailscanner-mrtg for alarms (when > incoming queue > 100 for example)? You could re-use the script itself for just about anything.. You don't need to hook it up to MRTG for graphing.. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From lars+lister.mailscanner at ADVENTURAS.NO Sat Nov 12 20:38:18 2005 From: lars+lister.mailscanner at ADVENTURAS.NO (Lars Kristiansen) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: --On Saturday, November 12, 2005 12:26:43 PM -0500 Ugo Bellavance wrote: > Hi, > > Anyone here has scripts for testing queue lengths (incoming/outgoing) > with sendmail? ...something qsize=$(mailq -OMaxQueueRunSize=1 -OQueueDirectory=$mq | grep 'Total requests:' | awk '{ print $3 }') and something... Not sure if this is what you want, but I use a shell-script every 15 minutes to report if mailqueues are big, or any relays are having lots of mail in the queue. It fills my needs, but it might be a bit of stupid programming, and really in need of rewriting before sharing. I think the idea still holds though. Tell me if you want to try it, I would just love if someone could make some comments on it or preferably rewrite it. regards -- Lars > > Regards, > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! -- Med vennlig hilsen Lars Kristiansen A D V E N T U R A S Tlf: 22 20 59 90 Fax: 22 20 59 91 lars@adventuras.no http://www.adventuras.no ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From drolland at KDINET.COM Sun Nov 13 16:45:52 2005 From: drolland at KDINET.COM (Diane Rolland) Date: Thu Jan 12 21:31:11 2006 Subject: problem with Sign Clean Messages Message-ID: I looked at the delivered message with a webmail app, and I see the Clean Message. Outlook must be doing something strange with it? Another test I did was to send it to two different accounts that I have in Outlook. One came through but the other one did not. And it's the same Outlook client? I'll look more at the messages and see if I can tell any difference. Thanks for your help, Diane > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Julian Field > Sent: Saturday, November 12, 2005 10:58 AM > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: Re: problem with Sign Clean Messages > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The HTML ones add the sig at the end of the message, using the best way > I can. Have you tried looking at the message with another email app? Or > what do you get when you look at the message source? Is it tucked away > at the bottom of the source okay: > > Diane Rolland wrote: > > >Yes, I had reloaded and even restarted. The maillog just indicates that > a > >new batch went through successfully. > > > >I did try with just plain text and that seems to work. Not sure why the > >HTML wouldn't be working. I'm using the two default files that came with > >MailScanner. > > > >Thanks for getting me this far!!! > > > > > > > >>-----Original Message----- > >>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > >>Behalf Of Julian Field > >>Sent: Saturday, November 12, 2005 10:17 AM > >>To: MAILSCANNER@JISCMAIL.AC.UK > >>Subject: Re: problem with Sign Clean Messages > >> > >>-----BEGIN PGP SIGNED MESSAGE----- > >>Hash: SHA1 > >> > >>You are doing a "service MailScanner reload" between each change of > >>configuration? > >>Also, try it with a plain text message, so that you have a simple test. > >>And make sure that the "Run As User" user can read the signature > file(s). > >>What does your maillog say? Anything useful? > >> > >>Diane Rolland wrote: > >> > >> > >> > >>>I am trying to enable the Sign Clean Messages feature. I had created a > >>>rule set and it wasn't doing anything, so I simply set Sign Clean > >>>Messages = yes. But, still nothing is happening. > >>> > >>>I am using an older version MailScanner-4.37.7-1. > >>> > >>>Is there a way that I can troubleshoot this? > >>> > >>>Thanks in Advance, > >>> > >>>Diane > >>> > >>> > >>>------------------------ MailScanner list ------------------------ > >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>>'leave mailscanner' in the body of the email. > >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) > >>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >>> > >>>*Support MailScanner development - buy the book off the website!* > >>> > >>> > >>- -- > >>Julian Field > >>www.MailScanner.info > >>Buy the MailScanner book at www.MailScanner.info/store > >>Professional Support Services at www.MailScanner.biz > >>MailScanner thanks transtec Computers for their support > >> > >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > >> > >> > >>-----BEGIN PGP SIGNATURE----- > >>Version: PGP Desktop 9.0.2 (Build 2424) > >> > >>iQA/AwUBQ3YVfBH2WUcUFbZUEQJ0dACgrcZLk9W0wu94P1PbR1wDUJWhkQIAoLHy > >>cNpiYbS3MTSPXxNyAYFiomro > >>=eEBx > >>-----END PGP SIGNATURE----- > >> > >>-- > >>This message has been scanned for viruses and > >>dangerous content by MailScanner, and is > >>believed to be clean. > >> > >>------------------------ MailScanner list ------------------------ > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >>'leave mailscanner' in the body of the email. > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > >> > >>Support MailScanner development - buy the book off the website! > >> > >> > > > >------------------------ MailScanner list ------------------------ > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > >'leave mailscanner' in the body of the email. > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > > >Support MailScanner development - buy the book off the website! > > > > > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3YfLhH2WUcUFbZUEQLgXwCeO5oiVz3B5wnXl1nTnku9sy8MJbUAoIzb > 1WF27nDbV+0UeY1IQLfi6jZn > =FG5e > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) and > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Mon Nov 14 04:36:03 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:11 2006 Subject: TNEF decoder Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Why was the TNEF decoder switched from 'internal' to 'external' by default? I've searched the list archives and can't find a definitive reason. Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From listacct at TULSACONNECT.COM Mon Nov 14 04:54:02 2005 From: listacct at TULSACONNECT.COM (Mike Bacher) Date: Thu Jan 12 21:31:11 2006 Subject: Being let through: [Fwd: Mitchell Works Excellent] Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Julian Field wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > These messages are still not getting stopped properly. > A score of 2.9 is nowhere near good enough. I use Rules_Du_Jour, what am > I missing? I see that it matched a URI SURBL: > X-ECS-SpamCheck: not spam, SpamAssassin (score=2.913, required 6, > HTML_MESSAGE 0.00, INFO_TLD 1.27, UPPERCASE_25_50 0.00, URIBL_SBL 1.64) We typically override the default score for SURBL checks and give it a 5.0 or something with great results.. -- ----------------------------------------- Mike Bacher / listacct@tulsaconnect.com TCIS - TulsaConnect Internet Services http://www.tulsaconnect.com ----------------------------------------- ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From a.peacock at CHIME.UCL.AC.UK Mon Nov 14 09:15:08 2005 From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock) Date: Thu Jan 12 21:31:11 2006 Subject: Being let through: [Fwd: Mitchell Works Excellent] Message-ID: Hi, BAYES_99 is hitting all of these for me. > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > These messages are still not getting stopped properly. > A score of 2.9 is nowhere near good enough. I use Rules_Du_Jour, what > am I missing? > > > - -------- Original Message -------- > Return-Path: > Received: from imap.ecs.soton.ac.uk ([unix socket]) by > imap.ecs.soton.ac.uk (Cyrus v2.2.12-Invoca-RPM-2.2.12-3.RHEL4.1) with > LMTPA; Sun, 13 Nov 2005 16:08:40 +0000 X-Sieve: CMU Sieve 2.2 > Received: from coot.ecs.soton.ac.uk > ([IPv6:2001:630:d0:f113:204:23ff:feb3:e42c]) by imap.ecs.soton.ac.uk > (8.13.1/8.13.1) with ESMTP id jADG8aLU029686 (version=TLSv1/SSLv3 > cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL) for > ; Sun, 13 Nov 2005 16:08:36 GMT Received: from > ftr.com ([60.27.7.10]) by coot.ecs.soton.ac.uk (8.13.1/8.13.1) with > SMTP id jADGBuG4017504 for ; Sun, 13 Nov > 2005 16:12:08 GMT Message-ID: > <003901c5e86c$e2da5a80$e44aa8c0@neckerchief> From: Inocencio Endo > To: Rufus Averitt > Subject: Mitchell Works Excellent Date: Sun, 13 Nov 2005 11:11:21 > -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; > boundary="----=_NextPart_000_0036_01C5E842.FA045280" X-Priority: 3 > X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express > 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE > V6.00.2800.1106 X-MailScanner-Information: Please contact > helpdesk@ecs.soton.ac.uk for more information X-ECS-MailScanner: > Found to be clean, Found to be clean X-ECS-SpamCheck: not spam, > SpamAssassin (score=2.913, required 6, HTML_MESSAGE 0.00, INFO_TLD > 1.27, UPPERCASE_25_50 0.00, URIBL_SBL 1.64) X-ECS-SpamScore: ss > X-MailScanner-From: inocraendo@ftr.com X-ECS-MailScanner-Information: > Please contact the Help Desk for more information > X-ECS-MailScanner-From: inocraendo@ftr.com > > > > > C A L V V X P I m e I A a r A b v A L n o L i i G I a z I e t R U > x a S n ra A M c 3,75 > > 3,32 1,22 > > > > http://www.noteranger.info > > - -- > Julian Field > www.MailScanner.info > Buy the MailScanner book at www.MailScanner.info/store > Professional Support Services at www.MailScanner.biz > MailScanner thanks transtec Computers for their support > > PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654 > > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.0.2 (Build 2424) > > iQA/AwUBQ3drrRH2WUcUFbZUEQLrOACg1lUdYQfpxc0xF5zGZk4k5zpdMNUAoMGL > h5zqK5n2HF8WMQX6sT0lubfq > =uQKS > -----END PGP SIGNATURE----- > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > ------------------------ MailScanner list ------------------------ To > unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave > mailscanner' in the body of the email. Before posting, read the Wiki > (http://wiki.mailscanner.info/) and the archives > (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! > -- Anthony Peacock CHIME, Royal Free & University College Medical School WWW: http://www.chime.ucl.ac.uk/~rmhiajp/ "The poor have sometimes objected to being governed badly; the rich have always objected to being governed at all." - G. K. Chesterton. ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schweizer.martin at GMAIL.COM Mon Nov 14 08:42:38 2005 From: schweizer.martin at GMAIL.COM (Martin Schweizer) Date: Thu Jan 12 21:31:11 2006 Subject: MailScanner / SMTP Auth Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Hello List Until now I run sendmail and mailscanner without any problems. Now I want to update sendmail with SMTP Auth. Is there anybody how has the same setup? Are there any pitfalls? My system: FreeBSD 5.4, sendmail 8.13.3 -- Martin Schweizer schweizer.martin@gmail.com Fax: +41 55 243 33 22 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From schweizer.martin at GMAIL.COM Mon Nov 14 09:11:04 2005 From: schweizer.martin at GMAIL.COM (Martin Schweizer) Date: Thu Jan 12 21:31:11 2006 Subject: MailScanner / SMTP Auth (again) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Sorry, but probably I have to clarify my last post: Until now I run sendmail, mailscanner and cyrus-imapd without any problems. Now want to update sendmail with SMTP Auth. I updated my sendmail.mc like described in http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html. But after this all new mails only delivered local to root (no more to cyrus). Below attached is my sendmail.mc. Is there anybody how has the same setup? Are there any pitfalls? My system: FreeBSD 5.4, sendmail 8.13.3, cyrus IMAP4 2.2.12 Any hints are welcome. divert(-1) # # Copyright (c) 1983 Eric P. Allman # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by the University of # California, Berkeley and its contributors. # 4. Neither the name of the University nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a generic configuration file for FreeBSD 5.X and later systems. # If you want to customize it, copy it to a name appropriate for your # environment and do the modifications there. # # The best documentation for this .mc file is: # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README # divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.29 2003/12/24 21:15:09 gshapiro Exp $') OSTYPE(freebsd5) DOMAIN(generic) FEATURE(access_db, `hash -o -T /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl -------------------------------- dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}') FEATURE(dnsbl, `relays.ordb.org', `"550 Mail rejected - see http://www.ordb.org/faq"') FEATURE(dnsbl, `sbl.spamhaus.org', `"550 Mail rejected - see http://www.spamhaus.org/SBL"') dnl Dialup users should uncomment and define this appropriately define(`SMART_HOST', `[195.186.18.142]') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') dnl set SASL options TRUST_AUTH_MECH(`GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confAUTH_MECHANISMS', `GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN')dnl define(`confDEF_AUTH_INFO', `/etc/mail/auth-info')dnl define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') dnl Änderung für Cyrus define(`confLOCAL_MAILER', `cyrusv2') MAILER(local) MAILER(smtp) dnl Änderung für Cyrus MAILER(`cyrusv2') Regards, -- Martin Schweizer schweizer.martin@gmail.com Fax: +41 55 243 33 22 ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From naolson at GMAIL.COM Mon Nov 14 10:40:19 2005 From: naolson at GMAIL.COM (Nathan Olson) Date: Thu Jan 12 21:31:11 2006 Subject: MailScanner / SMTP Auth (again) Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Read this: http://www.sendmail.org/~ca/email/auth.html You may have not created the sasldb password file, among other things. Why you'd have LOGIN and not PLAIN is also very strange. LOGIN is antiquated (but still used by horrid email clients). Nate ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From rob at THEHOSTMASTERS.COM Mon Nov 14 14:14:02 2005 From: rob at THEHOSTMASTERS.COM (Rob) Date: Thu Jan 12 21:31:11 2006 Subject: Just noticed thei when doing a spamassassin -D --lint Message-ID: [ The following text is in the "Windows-1252" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] My dns check seem to fail, but doing any look ups form the command line on the box are fine...?? also doing a make test when install Net::DNS all test come back ok.... any ideas? i am sure if i am not doing any dns checking this will let through some spam? Thanks stewy:/home/rob# spamassassin -D --lint debug: SpamAssassin version 3.0.4 debug: Score set 0 chosen. debug: running in taint mode? yes debug: Running in taint mode, removing unsafe env vars, and resetting PATH debug: PATH included '/usr/local/sbin', keeping. debug: PATH included '/usr/local/bin', keeping. debug: PATH included '/usr/sbin', keeping. debug: PATH included '/usr/bin', keeping. debug: PATH included '/sbin', keeping. debug: PATH included '/bin', keeping. debug: PATH included '/usr/bin/X11', which doesn't exist, dropping. debug: Final PATH set to: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin debug: diag: module installed: DBI, version 1.48 debug: diag: module installed: DB_File, version 1.811 debug: diag: module installed: Digest::SHA1, version 2.10 debug: diag: module installed: IO::Socket::UNIX, version 1.21 debug: diag: module installed: MIME::Base64, version 3.05 debug: diag: module installed: Net::DNS, version 0.51 debug: diag: module not installed: Net::LDAP ('require' failed) debug: diag: module not installed: Razor2::Client::Agent ('require' failed) debug: diag: module installed: Storable, version 2.13 debug: diag: module installed: URI, version 1.35 debug: ignore: using a test message to lint rules debug: using "/etc/spamassassin/init.pre" for site rules init.pre debug: config: read file /etc/spamassassin/init.pre debug: using "/usr/share/spamassassin" for default rules dir debug: config: read file /usr/share/spamassassin/10_misc.cf debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf debug: config: read file /usr/share/spamassassin/20_body_tests.cf debug: config: read file /usr/share/spamassassin/20_compensate.cf debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf debug: config: read file /usr/share/spamassassin/20_drugs.cf debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf debug: config: read file /usr/share/spamassassin/20_head_tests.cf debug: config: read file /usr/share/spamassassin/20_html_tests.cf debug: config: read file /usr/share/spamassassin/20_meta_tests.cf debug: config: read file /usr/share/spamassassin/20_phrases.cf debug: config: read file /usr/share/spamassassin/20_porn.cf debug: config: read file /usr/share/spamassassin/20_ratware.cf debug: config: read file /usr/share/spamassassin/20_uri_tests.cf debug: config: read file /usr/share/spamassassin/23_bayes.cf debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf debug: config: read file /usr/share/spamassassin/25_hashcash.cf debug: config: read file /usr/share/spamassassin/25_spf.cf debug: config: read file /usr/share/spamassassin/25_uribl.cf debug: config: read file /usr/share/spamassassin/30_text_de.cf debug: config: read file /usr/share/spamassassin/30_text_fr.cf debug: config: read file /usr/share/spamassassin/30_text_nl.cf debug: config: read file /usr/share/spamassassin/30_text_pl.cf debug: config: read file /usr/share/spamassassin/50_scores.cf debug: config: read file /usr/share/spamassassin/60_whitelist.cf debug: config: read file /usr/share/spamassassin/65_debian.cf debug: using "/etc/spamassassin" for site rules dir debug: config: read file /etc/spamassassin/70_sare_adult.cf debug: config: read file /etc/spamassassin/70_sare_bayes_poison_nxm.cf debug: config: read file /etc/spamassassin/70_sare_evilnum0.cf debug: config: read file /etc/spamassassin/70_sare_genlsubj.cf debug: config: read file /etc/spamassassin/70_sare_header.cf debug: config: read file /etc/spamassassin/70_sare_header0.cf debug: config: read file /etc/spamassassin/70_sare_header2.cf debug: config: read file /etc/spamassassin/70_sare_html.cf debug: config: read file /etc/spamassassin/70_sare_obfu.cf debug: config: read file /etc/spamassassin/70_sare_obfu2.cf debug: config: read file /etc/spamassassin/70_sare_obfu3.cf debug: config: read file /etc/spamassassin/70_sare_oem.cf debug: config: read file /etc/spamassassin/70_sare_random.cf debug: config: read file /etc/spamassassin/70_sare_ratware.cf debug: config: read file /etc/spamassassin/70_sare_specific.cf debug: config: read file /etc/spamassassin/70_sare_spoof.cf debug: config: read file /etc/spamassassin/70_sare_unsub.cf debug: config: read file /etc/spamassassin/70_sare_uri0.cf debug: config: read file /etc/spamassassin/70_sare_uri1.cf debug: config: read file /etc/spamassassin/70_sare_uri3.cf debug: config: read file /etc/spamassassin/70_sare_uri_eng.cf debug: config: read file /etc/spamassassin/72_sare_bml_post25x.cf debug: config: read file /etc/spamassassin/72_sare_redirect_post3.0.0.cf debug: config: read file /etc/spamassassin/99_sare_fraud_post25x.cf debug: config: read file /etc/spamassassin/bogus-virus-warnings.cf debug: config: read file /etc/spamassassin/local.cf debug: config: read file /etc/spamassassin/random.cf debug: config: read file /etc/spamassassin/tripwire.cf debug: using "/root/.spamassassin" for user state dir debug: using "/root/.spamassassin/user_prefs" for user prefs file debug: config: read file /root/.spamassassin/user_prefs debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548) debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'parse_config' debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) implements 'parse_config' debug: using "/root/.spamassassin" for user state dir debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: using "/root/.spamassassin" for user state dir debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 debug: bayes: 25175 untie-ing debug: bayes: 25175 untie-ing db_toks debug: bayes: 25175 untie-ing db_seen debug: Score set 1 chosen. debug: ---- MIME PARSER START ---- debug: main message type: text/plain debug: parsing normal part debug: added part, type: text/plain debug: ---- MIME PARSER END ---- debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen debug: bayes: found bayes db version 3 debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 debug: bayes: 25175 untie-ing debug: bayes: 25175 untie-ing db_toks debug: bayes: 25175 untie-ing db_seen debug: metadata: X-Spam-Relays-Trusted: debug: metadata: X-Spam-Relays-Untrusted: debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'parsed_metadata' debug: is Net::DNS::Resolver available? yes debug: Net::DNS version: 0.51 debug: trying (3) sun.com... debug: looking up NS for 'sun.com' debug: NS lookup of sun.com failed horribly => Perhaps your resolv.conf isn't pointing at a valid server? debug: All NS queries failed => DNS unavailable (set dns_available to override) debug: is DNS available? 0 debug: decoding: no encoding detected debug: Running tests for priority: 0 debug: running header regexp tests; score so far=0 debug: registering glue method for check_hashcash_double_spend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) debug: registering glue method for check_for_spf_helo_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org debug: registering glue method for check_hashcash_value (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) debug: all '*To' addrs: debug: registering glue method for check_for_spf_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_pass (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_helo_softfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: registering glue method for check_for_spf_helo_fail (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) debug: running body-text per-line regexp tests; score so far=-2.623 debug: running uri tests; score so far=-2.623 debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec)) debug: Razor2 is not available debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'check_tick' debug: running raw-body-text per-line regexp tests; score so far=-2.623 debug: running full-text regexp tests; score so far=-2.623 debug: Razor2 is not available debug: Current PATH is: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin debug: Pyzor is not available: pyzor not found debug: DCCifd is not available: no r/w dccifd socket found. debug: DCC is not available: no executable dccproc found. debug: Running tests for priority: 500 debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) implements 'check_post_dnsbl' debug: running meta tests; score so far=-2.623 debug: running header regexp tests; score so far=-1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: Running tests for priority: 1000 debug: running meta tests; score so far=-1.053 debug: running header regexp tests; score so far=-1.053 debug: using "/root/.spamassassin" for user state dir debug: lock: 25175 created /root/.spamassassin/auto-whitelist.lock.stewy.25175 debug: lock: 25175 trying to get lock on /root/.spamassassin/auto-whitelist with 0 retries debug: lock: 25175 link to /root/.spamassassin/auto-whitelist.lock: link ok debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist debug: auto-whitelist (db-based): ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: undef, IP: undef debug: DB addr list: untie-ing and unlocking. debug: DB addr list: file locked, breaking lock. debug: unlock: 25175 unlink /root/.spamassassin/auto-whitelist.lock debug: Post AWL score: -1.053 debug: running body-text per-line regexp tests; score so far=-1.053 debug: running uri tests; score so far=-1.053 debug: running raw-body-text per-line regexp tests; score so far=-1.053 debug: running full-text regexp tests; score so far=-1.053 debug: is spam? score=-1.053 required=5 debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME debug:subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_M GID,__UNUSABLE_MSGID Rob... http://www.stupidguytalk.org ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From William.Burns at AEROFLEX.COM Mon Nov 14 14:20:54 2005 From: William.Burns at AEROFLEX.COM (William Burns) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: [ The following text is in the "ISO-8859-1" character set. ] [ Your display is set for the "US-ASCII" character set. ] [ Some characters may be displayed incorrectly. ] Ugo: Here's what I use. This script takes two parameters. The first (result1) is the name of a file into which queue information gets dumped. The second (result2) is the name of a file which gets a list of all but 40 of the queue entries that are older than 2 minutes. My alarm threshold is "If there is a 41st queue entry that's older than 2 minutes". So, if the result2 file ends up being non-empty, then I mail myself a copy of the result1 file. -Bill I schedule the monitorqueue script to run every 15 minutes. > #!/bin/sh > > result1=$1 > result2=$2 > > ls -l --sort=time --full-time /var/spool/mqueue/|\ > tail +2 |\ > (cut --bytes=43-;echo `date '+%a %b %d %X %Y' --date '2 minutes ago'` > "--------- > -" )|\ > sort -r > $result2 > (echo junk;cat $result2)|sed '1,/----------/d'|\ > tail +41 > $result1 > > (echo junk;cat $result2)|sed '1,/----------/d'|\ > (echo "number of files older than 2 minutes:" `wc -l`) >> $result2 > (cd /var/spool/mqueue > cat /dev/null|\ > grep --with-filename "^HTo" `fuser qf* 2>/dev/null|sed 's/:.*//'` > ls -ld `fuser qf* 2>/dev/null|sed 's/:.*//;s/qf/\?f/'`) >> $result2 2>&1 Ugo Bellavance wrote: > Hi, > > Anyone here has scripts for testing queue lengths > (incoming/outgoing) with sendmail? ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From martinh at SOLID-STATE-LOGIC.COM Mon Nov 14 14:20:59 2005 From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth) Date: Thu Jan 12 21:31:11 2006 Subject: Just noticed thei when doing a spamassassin -D --lint Message-ID: I seem to remember people having problems with 0.51 of Net::DNS. Have a look in the SA-user email list archive for possible ways around.. -- Martin Hepworth Snr Systems Administrator Solid State Logic Tel: +44 (0)1865 842300 > -----Original Message----- > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On > Behalf Of Rob > Sent: 14 November 2005 14:14 > To: MAILSCANNER@JISCMAIL.AC.UK > Subject: [MAILSCANNER] Just noticed thei when doing a spamassassin -D -- > lint > > My dns check seem to fail, but doing any look ups form the command line on > the box are fine...?? also doing a make test when install Net::DNS all > test come back ok.... any ideas? i am sure if i am not doing any dns > checking this will let through some spam? > > Thanks > > stewy:/home/rob# spamassassin -D --lint > debug: SpamAssassin version 3.0.4 > debug: Score set 0 chosen. > debug: running in taint mode? yes > debug: Running in taint mode, removing unsafe env vars, and resetting PATH > debug: PATH included '/usr/local/sbin', keeping. > debug: PATH included '/usr/local/bin', keeping. > debug: PATH included '/usr/sbin', keeping. > debug: PATH included '/usr/bin', keeping. > debug: PATH included '/sbin', keeping. > debug: PATH included '/bin', keeping. > debug: PATH included '/usr/bin/X11', which doesn't exist, dropping. > debug: Final PATH set to: > /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin > debug: diag: module installed: DBI, version 1.48 > debug: diag: module installed: DB_File, version 1.811 > debug: diag: module installed: Digest::SHA1, version 2.10 > debug: diag: module installed: IO::Socket::UNIX, version 1.21 > debug: diag: module installed: MIME::Base64, version 3.05 > debug: diag: module installed: Net::DNS, version 0.51 > debug: diag: module not installed: Net::LDAP ('require' failed) > debug: diag: module not installed: Razor2::Client::Agent ('require' > failed) > debug: diag: module installed: Storable, version 2.13 > debug: diag: module installed: URI, version 1.35 > debug: ignore: using a test message to lint rules > debug: using "/etc/spamassassin/init.pre" for site rules init.pre > debug: config: read file /etc/spamassassin/init.pre > debug: using "/usr/share/spamassassin" for default rules dir > debug: config: read file /usr/share/spamassassin/10_misc.cf > debug: config: read file /usr/share/spamassassin/20_anti_ratware.cf > debug: config: read file /usr/share/spamassassin/20_body_tests.cf > debug: config: read file /usr/share/spamassassin/20_compensate.cf > debug: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf > debug: config: read file /usr/share/spamassassin/20_drugs.cf > debug: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf > debug: config: read file /usr/share/spamassassin/20_head_tests.cf > debug: config: read file /usr/share/spamassassin/20_html_tests.cf > debug: config: read file /usr/share/spamassassin/20_meta_tests.cf > debug: config: read file /usr/share/spamassassin/20_phrases.cf > debug: config: read file /usr/share/spamassassin/20_porn.cf > debug: config: read file /usr/share/spamassassin/20_ratware.cf > debug: config: read file /usr/share/spamassassin/20_uri_tests.cf > debug: config: read file /usr/share/spamassassin/23_bayes.cf > debug: config: read file /usr/share/spamassassin/25_body_tests_es.cf > debug: config: read file /usr/share/spamassassin/25_hashcash.cf > debug: config: read file /usr/share/spamassassin/25_spf.cf > debug: config: read file /usr/share/spamassassin/25_uribl.cf > debug: config: read file /usr/share/spamassassin/30_text_de.cf > debug: config: read file /usr/share/spamassassin/30_text_fr.cf > debug: config: read file /usr/share/spamassassin/30_text_nl.cf > debug: config: read file /usr/share/spamassassin/30_text_pl.cf > debug: config: read file /usr/share/spamassassin/50_scores.cf > debug: config: read file /usr/share/spamassassin/60_whitelist.cf > debug: config: read file /usr/share/spamassassin/65_debian.cf > debug: using "/etc/spamassassin" for site rules dir > debug: config: read file /etc/spamassassin/70_sare_adult.cf > debug: config: read file /etc/spamassassin/70_sare_bayes_poison_nxm.cf > debug: config: read file /etc/spamassassin/70_sare_evilnum0.cf > debug: config: read file /etc/spamassassin/70_sare_genlsubj.cf > debug: config: read file /etc/spamassassin/70_sare_header.cf > debug: config: read file /etc/spamassassin/70_sare_header0.cf > debug: config: read file /etc/spamassassin/70_sare_header2.cf > debug: config: read file /etc/spamassassin/70_sare_html.cf > debug: config: read file /etc/spamassassin/70_sare_obfu.cf > debug: config: read file /etc/spamassassin/70_sare_obfu2.cf > debug: config: read file /etc/spamassassin/70_sare_obfu3.cf > debug: config: read file /etc/spamassassin/70_sare_oem.cf > debug: config: read file /etc/spamassassin/70_sare_random.cf > debug: config: read file /etc/spamassassin/70_sare_ratware.cf > debug: config: read file /etc/spamassassin/70_sare_specific.cf > debug: config: read file /etc/spamassassin/70_sare_spoof.cf > debug: config: read file /etc/spamassassin/70_sare_unsub.cf > debug: config: read file /etc/spamassassin/70_sare_uri0.cf > debug: config: read file /etc/spamassassin/70_sare_uri1.cf > debug: config: read file /etc/spamassassin/70_sare_uri3.cf > debug: config: read file /etc/spamassassin/70_sare_uri_eng.cf > debug: config: read file /etc/spamassassin/72_sare_bml_post25x.cf > debug: config: read file /etc/spamassassin/72_sare_redirect_post3.0.0.cf > debug: config: read file /etc/spamassassin/99_sare_fraud_post25x.cf > debug: config: read file /etc/spamassassin/bogus-virus-warnings.cf > debug: config: read file /etc/spamassassin/local.cf > debug: config: read file /etc/spamassassin/random.cf > debug: config: read file /etc/spamassassin/tripwire.cf > debug: using "/root/.spamassassin" for user state dir > debug: using "/root/.spamassassin/user_prefs" for user prefs file > debug: config: read file /root/.spamassassin/user_prefs > debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC > debug: plugin: registered > Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) > debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC > debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548) > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'parse_config' > debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74) > implements 'parse_config' > debug: using "/root/.spamassassin" for user state dir > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: using "/root/.spamassassin" for user state dir > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 > debug: bayes: 25175 untie-ing > debug: bayes: 25175 untie-ing db_toks > debug: bayes: 25175 untie-ing db_seen > debug: Score set 1 chosen. > debug: ---- MIME PARSER START ---- > debug: main message type: text/plain > debug: parsing normal part > debug: added part, type: text/plain > debug: ---- MIME PARSER END ---- > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_toks > debug: bayes: 25175 tie-ing to DB file R/O /root/.spamassassin/bayes_seen > debug: bayes: found bayes db version 3 > debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200 > debug: bayes: 25175 untie-ing > debug: bayes: 25175 untie-ing db_toks > debug: bayes: 25175 untie-ing db_seen > debug: metadata: X-Spam-Relays-Trusted: > debug: metadata: X-Spam-Relays-Untrusted: > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'parsed_metadata' > debug: is Net::DNS::Resolver available? yes > debug: Net::DNS version: 0.51 > debug: trying (3) sun.com... > debug: looking up NS for 'sun.com' > debug: NS lookup of sun.com failed horribly => Perhaps your resolv.conf > isn't pointing at a valid server? > debug: All NS queries failed => DNS unavailable (set dns_available to > override) > debug: is DNS available? 0 > debug: decoding: no encoding detected > debug: Running tests for priority: 0 > debug: running header regexp tests; score so far=0 > debug: registering glue method for check_hashcash_double_spend > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) > debug: registering glue method for check_for_spf_helo_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: all '*From' addrs: ignore@compiling.spamassassin.taint.org > debug: registering glue method for check_hashcash_value > (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x8d79e74)) > debug: all '*To' addrs: > debug: registering glue method for check_for_spf_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_pass > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_helo_softfail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: registering glue method for check_for_spf_helo_fail > (Mail::SpamAssassin::Plugin::SPF=HASH(0x8d7b548)) > debug: running body-text per-line regexp tests; score so far=-2.623 > debug: running uri tests; score so far=-2.623 > debug: registering glue method for check_uridnsbl > (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec)) > debug: Razor2 is not available > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'check_tick' > debug: running raw-body-text per-line regexp tests; score so far=-2.623 > debug: running full-text regexp tests; score so far=-2.623 > debug: Razor2 is not available > debug: Current PATH is: > /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin > debug: Pyzor is not available: pyzor not found > debug: DCCifd is not available: no r/w dccifd socket found. > debug: DCC is not available: no executable dccproc found. > debug: Running tests for priority: 500 > debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x8da2cec) > implements 'check_post_dnsbl' > debug: running meta tests; score so far=-2.623 > debug: running header regexp tests; score so far=-1.053 > debug: running body-text per-line regexp tests; score so far=-1.053 > debug: running uri tests; score so far=-1.053 > debug: running raw-body-text per-line regexp tests; score so far=-1.053 > debug: running full-text regexp tests; score so far=-1.053 > debug: Running tests for priority: 1000 > debug: running meta tests; score so far=-1.053 > debug: running header regexp tests; score so far=-1.053 > debug: using "/root/.spamassassin" for user state dir > debug: lock: 25175 created /root/.spamassassin/auto- > whitelist.lock.stewy.25175 > debug: lock: 25175 trying to get lock on /root/.spamassassin/auto- > whitelist with 0 retries > debug: lock: 25175 link to /root/.spamassassin/auto-whitelist.lock: link > ok > debug: Tie-ing to DB file R/W in /root/.spamassassin/auto-whitelist > debug: auto-whitelist (db-based): > ignore@compiling.spamassassin.taint.org|ip=none scores 0/0 > debug: AWL active, pre-score: -1.053, autolearn score: -1.053, mean: > undef, IP: undef > debug: DB addr list: untie-ing and unlocking. > debug: DB addr list: file locked, breaking lock. > debug: unlock: 25175 unlink /root/.spamassassin/auto-whitelist.lock > debug: Post AWL score: -1.053 > debug: running body-text per-line regexp tests; score so far=-1.053 > debug: running uri tests; score so far=-1.053 > debug: running raw-body-text per-line regexp tests; score so far=-1.053 > debug: running full-text regexp tests; score so far=-1.053 > debug: is spam? score=-1.053 required=5 > debug: tests=ALL_TRUSTED,MISSING_DATE,MISSING_SUBJECT,NO_REAL_NAME > debug: > subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__S > ANE_MSGID,__UNUSABLE_MSGID > > > Rob... > http://www.stupidguytalk.org > > > ------------------------ MailScanner list ------------------------ > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: > 'leave mailscanner' in the body of the email. > Before posting, read the Wiki (http://wiki.mailscanner.info/) > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). > > Support MailScanner development - buy the book off the website! ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. ********************************************************************** ------------------------ MailScanner list ------------------------ To unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave mailscanner' in the body of the email. Before posting, read the Wiki (http://wiki.mailscanner.info/) and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html). Support MailScanner development - buy the book off the website! From dwinkler at ALGORITHMICS.COM Mon Nov 14 14:24:47 2005 From: dwinkler at ALGORITHMICS.COM (Derek Winkler) Date: Thu Jan 12 21:31:11 2006 Subject: Sendmail Queue lenghts Message-ID: Hi, Anyone here has scripts for testing queue lengths (incoming/outgoing) with sendmail? MRTG has the ability to send alerts itself, look for Thresh config parameters, don't know if this would work with mailscanner-mrtg. Here's my Big Brother script, nothing fancy but it works... #!/bin/sh BBPROG=mailq.sh; export BBPROG TEST="mailq" BBHOME=/opt/bb ; export BBHOME if test "$BBHOME" = "" then echo "BBHOME is not set... exiting" exit 1 fi if test ! "$BBTMP" # GET DEFINITIONS IF NEEDED then # echo "*** LOADING BBDEF ***" . $BBHOME/etc/bbdef.sh # INCLUDE STANDARD DEFINITIONS fi # SELECT SOME LEVELS... GREEN IS THE DEFAULT... WARN="100" # GO YELLOW AT THIS LEVEL PANIC="250" # GO RED AND PAGE AT THIS LEVEL # GETTING NUMBER OF QUEUE FILES LEVEL_IN=`find /var/spool/mqueue.in -name "qf*" -type f | wc -l 2> /dev/null` LEVEL_OUT=`find /var/spool/mqueue -name "qf*" | wc -l 2> /dev/null` LEVEL_OUT2=`find /var/spool/mqueue.spam -name "qf*" | wc -l 2> /dev/null` LEVEL_OUT3=`find /var/spool/mqueue.highspam -name "qf*" | wc -l 2> /dev/null` # # DE