From jd at BARITEC.COM  Sat Oct  1 00:04:48 2005
From: jd at BARITEC.COM (JD Doelitzsch)
Date: Thu Jan 12 21:30:51 2006
Subject: MailScanner not catching eicar
Message-ID: <mailman.15683.1137101451.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Just a bit of additional info:

I looked in /var/spool/mqueue and found some messages with mailscanner
headers, but it seems like mqueue is collecting alot of files. any way I can
verify that sendmail is using mqueue for outgoing, is it possible that
sendmail is pulling from mqueue.in for outgoing? i don't see any references
for this in sendmail .cf or .mc if that is indeed what it is.

-JD

==============


Hey guys it's been a while since i wrote to the list but once again im
stumped.

Im running Fedora core 1 the latest from RHN, installed clam AV 8.7 and the
lastest MailScanner build. Sendmail is pushing the mail to my "exchange"
server but it doesn't seem like Mailscanner is getting to it. I originally
thought that it was the clamav-wrapper which pointed to /usr/bin instead of
usr/local/bin so once i corrected it worked fine when I ran it. I looked at
the webinfo that said Add the domain name to /etc/mail/relay-domains. I
didn't have that file so I created it with mydomain.com in it. I look at top
and when email comes in I see the sendmail process but no mailscanner or
clamscan. I restart Mailscanner to verify its up and its up.
MailScanner.conf looks okay to me, so im fresh out of ideas. anyone care to
take a shot?

-JD

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Sat Oct  1 00:17:18 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:51 2006
Subject: MailScanner not catching eicar
Message-ID: <mailman.15684.1137101451.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

JD Doelitzsch spake the following on 9/30/2005 4:04 PM:
> Just a bit of additional info:
> 
> I looked in /var/spool/mqueue and found some messages with mailscanner
> headers, but it seems like mqueue is collecting alot of files. any way I can
> verify that sendmail is using mqueue for outgoing, is it possible that
> sendmail is pulling from mqueue.in for outgoing? i don't see any references
> for this in sendmail .cf or .mc if that is indeed what it is.
> 

Did you do all the stuff in the docs;
service sendmail stop
chkconfig sendmail off
chkconfig MailScanner on
service MailScanner start
tail -f /var/log/maillog
and look for weird stuff.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Sat Oct  1 02:13:13 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:30:51 2006
Subject: Still getting spam of the drug nature
Message-ID: <mailman.15685.1137101451.24926.mailscanner@lists.mailscanner.info>

For some reason I'm still getting spam mail relating to drugs, etc.  
I want to be clear in that if I receive a spam mail that I want sa to learn, do I issue the command
sa-learn -p -v /etc/spam.assassin.prefs.conf --spam /home/jlmiller/spam
/home/jlmiller/spam is the location where I store each e-mail that I want sa-learn to read 

The issue is I do not know if sa-learn is indeed learning as I have not seen anything that suggest this.

The following is the header from one such e-mail, notice the score is a negative and not what I would have hoped for.
Any advice would be greatly appreciated.

Thanks

Jon

Received: from mail.mmtnetworks.com.au
 ([192.168.3.3])
 by mmtnetworks.com.au; Fri, 30 Sep 2005 20:43:43 +0800
Received: from stonline.sk (unknown [221.141.151.58])
 by mail.mmtnetworks.com.au (Postfix) with SMTP id 4D1CC15000C
 for <jlmiller@mmtnetworks.com.au>; Fri, 30 Sep 2005 20:40:42 +0800 (WST)
Received: from 226.144.62.226 by smtp.dnet.it;
 Fri, 30 Sep 2005 12:25:01 +0000
Message-ID: <13bd01c5c5b9$1aef666c$4f0a7ad9@stonline.sk>
From: "Silvia H. Barker" <silvia.h_barker_30@dnet.it>
To: jlmiller@mmtnetworks.com.au
Subject: Online Drugs - save up to 80%
Date: Fri, 30 Sep 2005 10:24:33 -0200
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
 charset="iso-8859-1"
X-mmtnet-MailScanner: Found to be clean
X-mmtnet-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.099,
 required 2, BAYES_00, MISSING_SUBJECT)
X-MailScanner-From: silvia.h_barker_30@dnet.it
Content-Transfer-Encoding: quoted-printable

Online pharmacy - Visit our online store and save.

Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/HTML  56 lines. ]
    [ Unable to print this part. ]


From mike at CAMAROSS.NET  Sat Oct  1 04:05:21 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:51 2006
Subject: Still getting spam of the drug nature
Message-ID: <mailman.15686.1137101451.24926.mailscanner@lists.mailscanner.info>

If you'd drop connections from IP's with no reverse DNS, you'd lose a lot of
your daily spam intake.  Are you running razor, pyzor and/or dcc?

Mike


> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Jon Miller
> Sent: Friday, September 30, 2005 8:13 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Still getting spam of the drug nature
> 
> For some reason I'm still getting spam mail relating to drugs, etc.  
> I want to be clear in that if I receive a spam mail that I 
> want sa to learn, do I issue the command sa-learn -p -v 
> /etc/spam.assassin.prefs.conf --spam /home/jlmiller/spam 
> /home/jlmiller/spam is the location where I store each e-mail 
> that I want sa-learn to read 
> 
> The issue is I do not know if sa-learn is indeed learning as 
> I have not seen anything that suggest this.
> 
> The following is the header from one such e-mail, notice the 
> score is a negative and not what I would have hoped for.
> Any advice would be greatly appreciated.
> 
> Thanks
> 
> Jon
> 
> Received: from mail.mmtnetworks.com.au
>  ([192.168.3.3])
>  by mmtnetworks.com.au; Fri, 30 Sep 2005 20:43:43 +0800
> Received: from stonline.sk (unknown [221.141.151.58])  by 
> mail.mmtnetworks.com.au (Postfix) with SMTP id 4D1CC15000C  
> for <jlmiller@mmtnetworks.com.au>; Fri, 30 Sep 2005 20:40:42 
> +0800 (WST)
> Received: from 226.144.62.226 by smtp.dnet.it;  Fri, 30 Sep 
> 2005 12:25:01 +0000
> Message-ID: <13bd01c5c5b9$1aef666c$4f0a7ad9@stonline.sk>
> From: "Silvia H. Barker" <silvia.h_barker_30@dnet.it>
> To: jlmiller@mmtnetworks.com.au
> Subject: Online Drugs - save up to 80%
> Date: Fri, 30 Sep 2005 10:24:33 -0200
> MIME-Version: 1.0
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2800.1158
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
> Content-Type: text/plain;
>  charset="iso-8859-1"
> X-mmtnet-MailScanner: Found to be clean
> X-mmtnet-MailScanner-SpamCheck: not spam, SpamAssassin 
> (score=-0.099,  required 2, BAYES_00, MISSING_SUBJECT)
> X-MailScanner-From: silvia.h_barker_30@dnet.it
> Content-Transfer-Encoding: quoted-printable
> 
> Online pharmacy - Visit our online store and save.
> 
> Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA Director/Sr Systems 
> Consultant MMT Networks Pty Ltd http://www.mmtnetworks.com.au 
> Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl
> 
> "I don't know the key to success, but the key to failure  is 
> trying to please everybody." -Bill Cosby
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From admin at thenamegame.com  Sat Oct  1 04:38:28 2005
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:30:51 2006
Subject: Abornal MailScanner startup
Message-ID: <mailman.15687.1137101451.24926.mailscanner@lists.mailscanner.info>


I have been running MS for years and have never had an issue with it till
last night. All of a sudden MS was eating 99% of my CPU. I though it was
because somebody was sending huge mailing list message but that was not
the problem.

 

I tried for hours to get it back under control, stopping and starting it
and it continued to eat my CPU power. I though maybe something got
correct as every time I started it I saw abnormal MS startup entries in
the maillog.

 

So I upgraded to the latest version. The problem still exists. When I
start MS I see it starting up like this;

 

Sep 30 23:23:38 srv07 MailScanner[12321]: MailScanner E-Mail Virus
Scanner version 4.45.4 starting...

Sep 30 23:23:38 srv07 MailScanner[12321]: Read 204 hostnames from the
phishing whitelist

Sep 30 23:23:49 srv07 MailScanner[12328]: MailScanner E-Mail Virus
Scanner version 4.45.4 starting...

Sep 30 23:23:49 srv07 MailScanner[12328]: Read 204 hostnames from the
phishing whitelist

Sep 30 23:24:00 srv07 MailScanner[12329]: MailScanner E-Mail Virus
Scanner version 4.45.4 starting...

Sep 30 23:24:00 srv07 MailScanner[12329]: Read 204 hostnames from the
phishing whitelist

Sep 30 23:24:11 srv07 MailScanner[12338]: MailScanner E-Mail Virus
Scanner version 4.45.4 starting...

Sep 30 23:24:11 srv07 MailScanner[12338]: Read 204 hostnames from the
phishing whitelist

 

Then top shows

 

12328 root      19   0  127M 126M  1844 R    21.9 12.6   0:14 MailScanner

12341 root      15   0 65960  62M  1832 R    20.0  6.2   0:03 MailScanner

12321 root      15   0  129M 127M  1844 R    19.1 12.7   0:23 MailScanner

12329 root      15   0  127M 126M  1844 R    19.1 12.6   0:08 MailScanner

12338 root      15   0  127M 126M  1844 R    18.1 12.6   0:05 MailScanner

12343 root      11   0  1088 1088   820 R     1.9  0.1   0:00 top

 

7 minutes later I see these entries;

 

Sep 30 23:29:43 srv07 MailScanner[12328]: Using locktype = posix

Sep 30 23:29:43 srv07 MailScanner[12328]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)

 

Why is it taking so much time to start and why it it kicking up the loads
so high? Is this a problem with MS + SA 3.1?

 

Thanks

 

 

 

 


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From naolson at gmail.com  Sat Oct  1 06:10:18 2005
From: naolson at gmail.com (Nathan Olson)
Date: Thu Jan 12 21:30:51 2006
Subject: Abornal MailScanner startup
Message-ID: <mailman.15688.1137101451.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Did anything get upgraded last night, before the trouble began?

P.S.
Your Reply-To should be the mailing list.

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From admin at thenamegame.com  Sat Oct  1 06:49:14 2005
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:30:51 2006
Subject: Abornal MailScanner startup
Message-ID: <mailman.15689.1137101451.24926.mailscanner@lists.mailscanner.info>

Nope nothing. What's a normal startup supposed to look like?

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Nathan Olson
Sent: Saturday, October 01, 2005 1:10 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Abornal MailScanner startup

Did anything get upgraded last night, before the trouble began?

P.S.
Your Reply-To should be the mailing list.

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct  1 14:31:28 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:51 2006
Subject: Mailscanner disturbs my domainkey?
Message-ID: <mailman.15690.1137101451.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Neuman wrote:

> Lars Kristiansen wrote:
>
>>> I've added domainkeys with dk-milter to sendmail.
>>>
>>> The verifier at http://senderid.espcoalition.org/ shows the 
>>> signature is
>>> there, but it does not verify.
>>>
>>> Is mailscanner messing up the headers so the signature is wrong?
>>>     
>>
>>
>> According to the rfc,
>> [ 
>> http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-02.txt 
>> ]
>> , it is a signature of the mail, including the headers below the
>> DomainKey-Signature.
>> As far as I can understand new headers need to be put before the 
>> signature
>> not to conflict.
>>
>>
>> -- 
>> Lars
>>
>>
>>  
>>
>>> 8uye@senderid.espcoalition.org
>>>
>>> The verifier says: DomainKey-Status: bad: Signature failed verification
>>>
>>> DomainKey-Signature: a=rsa-sha1; s=arnold; d=neland.dk; c=nofws; q=dns;
>>>     h=message-id:from:to:subject:date:mime-version:content-type:
>>>     content-transfer-encoding:x-priority:x-msmail-priority:x-mailer:x-mimeole; 
>>>
>>>     b=KqKCCl3LSAL7ztA0QktPMHZSMnAbwwRYUeMJWowfD0SZt5PbuD/mWy92a1gtu+eHa
>>>     JA8njDRZ4zh0iX239dsmw==
>>>
>>> ; <<>> DiG 9.3.1 <<>> -t txt arnold._domainkey.neland.dk 
>>> @ns4.gratisdns.dk
>>> ; (1 server found)
>>> ;; global options:  printcmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41315
>>> ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
>>>
>>> ;; QUESTION SECTION:
>>> ;arnold._domainkey.neland.dk.   IN      TXT
>>>
>>> ;; ANSWER SECTION:
>>> arnold._domainkey.neland.dk. 43200 IN   TXT     "g=\; k=rsa\; t=y\;
>>> p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAMDitcv/6R1RMjPiGHCiIcTnvVsA+A3XGg5fCf2yKUrrf7NmJw7GB9Cj35GZavzHwOVSUxkQiRUknt/+2jJMS8UCAwEAAQ==" 
>>>
>>>
>>> What's wrong? :-(
>>>     
>>
>>
>>  
>>
>>> -- 
>>> This message has been scanned for viruses and
>>> dangerous content by MailScanner, and is
>>> believed to be clean.
>>> MailScanner thanks transtec Computers for their support.
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>>>     
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>   
>
> In any case, any good info, pointers, tips on getting domainkeys to 
> work using sendmail+MailScanner would be appreciated. I've already set 
> up SPF, but having domainkeys as well would be a plus.

 From what I have seen over the past 20 years or so is that the usual 
practice is to put "Received" headers at the top, and all X- headers and 
other header modifications at the bottom. If they produce one exception 
saying that all new headers must be before the domainkeys header, then 
how many others are there likely to be in future? They have somewhat 
changed the rules.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz6PtBH2WUcUFbZUEQJAlgCfRns3q4vFG+BMZPcDS16Z7KdCLhUAn21a
fH+six/rhNm2rS+3/iR2/npo
=8Y3x
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct  1 14:34:34 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:51 2006
Subject: MailQueue continually growing
Message-ID: <mailman.15691.1137101451.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Terran Wright wrote:

>Gentlemen,
>
>Running CentOS4 with MS/SA+Razor+DCC/Clam/Bitdefender.
>
>I notice that the mailqueue continues to increase in size now > 8000 mails.
>
>Running in debug mode it comes to a halt with the following error:
>
>format error: can't find EOCD signature
> at /usr/sbin/MailScanner line 568
>
>  
>
That doesn't stop it, it is perfectly harmless output from the 
Archive::Zip module. It just means it couldn't find a zip archive. Which 
happens every time there *isn't* a zip archive.

It continues running, it doesn't stop. I would suspect your SpamAssassin 
setup or your DNS servers. Set "Debug SpamAssassin = yes" and "Debug = 
yes" and then run a single batch through with check_mailscanner. If it 
pauses somewhere, thump Ctrl-S and see what it was doing at the time. 
You may find something simple has happened like your razor or pyzor 
server lists have become out of date.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz6QaxH2WUcUFbZUEQKUfwCgyNpXa8dqbNkBcZrhgRCvxINnpsYAn1e0
eos4uwH2Yi/9fWcnp/E154r6
=SQ3s
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct  1 14:36:45 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:51 2006
Subject: FW: MailScanner not catching eicar
Message-ID: <mailman.15692.1137101451.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One extra point. Don't change the -wrapper scripts, that's wrong and 
will be overwritten the next time you upgrade. What you should be doing 
is editing /etc/MailScanner/virus.scanners.conf as that tells 
MailScanner where the virus scanners are installed.

You don't ever have to change my code, there are configuratioon files to 
do what you want.

JD Doelitzsch wrote:

>-----Original Message-----
>From: JD Doelitzsch [mailto:jd@baritec.com]
>Sent: Friday, September 30, 2005 2:46 PM
>To: MailScanner mailing list
>Subject: MailScanner not catching eicar
>
>
>Hey guys it's been a while since i wrote to the list but once again im
>stumped.
>
>Im running Fedora core 1 the latest from RHN, installed clam AV 8.7 and the
>lastest MailScanner build. Sendmail is pushing the mail to my "exchange"
>server but it doesn't seem like Mailscanner is getting to it. I originally
>thought that it was the clamav-wrapper which pointed to /usr/bin instead of
>usr/local/bin so once i corrected it worked fine when I ran it. I looked at
>the webinfo that said Add the domain name to /etc/mail/relay-domains. I
>didn't have that file so I created it with mydomain.com in it. I look at top
>and when email comes in I see the sendmail process but no mailscanner or
>clamscan. I restart Mailscanner to verify its up and its up.
>MailScanner.conf looks okay to me, so im fresh out of ideas. anyone care to
>take a shot?
>
>-JD
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz6Q7hH2WUcUFbZUEQJ5dQCghbcxwL3qll1Map7aUS2+eWz98EMAnRls
nDBV/OC566GtsJ8MoNeSmdN9
=6mqt
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct  1 14:54:08 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:51 2006
Subject: MailScanner ANNOUNCE: 4.46.2 release
Message-ID: <mailman.15693.1137101451.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just released the latest stable version of MailScanner, 4.46.2.

Download as usual from www.mailscanner.info

The Change Log is pretty small this month, things have been quiet. The 
important bit for Postfix users is a fix involving the internal TNEF 
expander. Also SpamAssassin 3.1.0 is supported and doesn't generate any 
warnings.

The full Change Log is this:
* New Features and Improvements *
- - Improved phishing net JavaScript detection to make reports more sensible.
- - Loads of additions to phishing net safe sites list (thanks Denis!).
- - Improved Install-Clam-SA package so that it sets up your /etc/ld.so.conf
  file for you, by adding /usr/local/lib if necessary.
- - Increased the default expansion factor of archives for the clamav scanner.
- - Removed -j3 from call to Kaspersky in kaspersky-wrapper, on advice from
  Kaspersky users.

* Fixes *
- - Fixed problem with a few TNEF files and the internal TNEF decoder,
  caused occasional crashes.
- - Fixed warnings with numeric tests in a couple of places.
- - Tested against SpamAssassin 3.1.0, one minor problem found and fixed.
- - Fixed minor bug in "actions" parser in ZMailer support code.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz6VARH2WUcUFbZUEQJvFwCfeT4qx75mRzyUrqcFIpDzY5TCoisAoL7V
qCBvxc6pq2cDUwslmlp1ezeE
=jJdh
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From orimbo at ARCC.OR.KE  Sat Oct  1 17:22:42 2005
From: orimbo at ARCC.OR.KE (Alfred Orimbo)
Date: Thu Jan 12 21:30:52 2006
Subject: MailScanner + Sendmail-8.12.8-4
Message-ID: <mailman.15694.1137101451.24926.mailscanner@lists.mailscanner.info>

Hallo all.
I have just insttalled MailScanner, and I run sendmail-8.12.8-4. 
After stoping Sendmail, mails come in ok, but are held up in /var/spool/mqueue.in. How do i modify the script that starts sendmail to enable the scanned mails go to /var/spool/mqueue? Does MailScanner work with sendmail-8.12.8-4?

My OS is Linux 9.0 (Shrike) and MailScanner-4.4.0.11-1.

The combination is MailScanner+Sendmail+SpamAssassin. I do not have problem with SpamaAssassin.

Regards,
Alfred.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jrudd at UCSC.EDU  Sat Oct  1 23:29:28 2005
From: jrudd at UCSC.EDU (John Rudd)
Date: Thu Jan 12 21:30:52 2006
Subject: Mailscanner disturbs my domainkey?
Message-ID: <mailman.15695.1137101452.24926.mailscanner@lists.mailscanner.info>

On Oct 1, 2005, at 6:31 AM, Julian Field wrote:
>> In any case, any good info, pointers, tips on getting domainkeys to
>> work using sendmail+MailScanner would be appreciated. I've already set
>> up SPF, but having domainkeys as well would be a plus.
>
>  From what I have seen over the past 20 years or so is that the usual
> practice is to put "Received" headers at the top, and all X- headers 
> and
> other header modifications at the bottom. If they produce one exception
> saying that all new headers must be before the domainkeys header, then
> how many others are there likely to be in future? They have somewhat
> changed the rules.
>

There's no "somewhat" about it.  If you embrace DomainKeys, then you 
have to accept that the rules have changed.

With DomainKeys, all new headers have to be added above the DomainKeys 
header (the easiest way is to add them to the beginning of all of the 
headers; this is what the new spamassassin does).  You also may not 
modify the subject, change the body content, because you may not modify 
anything after the DomainKeys header.


So, when MailScanner wants to modify the body of a message, you would 
almost want-to/have-to get rid of the DomainKey header.  In that case, 
I would recommend a new MailScanner header that behaves as follows:

X-%ORG-MAILSCANNER-DomainKey:

    a) if passed domain key, and subject/body not modified:
       above header value is: "Passed"
       and keep domain key header

    b) if failed domain key, and subject/body not modified:
       above header value is: "Failed"
       and keep the domain key header

    c) if passed domain key, but header removed due to modifying the 
subject and/or message body, then:
       above header value is: "Passed, Removed"
       and remove the domain key header

    d) if failed, and body/subject modified:
       above header value is: "Failed, Removed"
       and remove the domain key header


And, of course, any headers that MS adds, from now on, they should be 
added to the beginning of the header list (easier to just 'always do 
that', instead of trying to have special cases like "if header exists, 
add to top, else add to bottom' or "find header, add new headers just 
above it", etc.  Easier to just do what the new spamassassin does: add 
to the top, always ... and this also makes it easier for mail admins to 
forensically see when a header got added, as they will be between 
received headers ... though it does make reading the received headers 
more painful).

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Sun Oct  2 08:16:30 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:52 2006
Subject: Problem with Custom Functions
Message-ID: <mailman.15696.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm have a problem with some custom functions. I'm extending MailWatch
and after adding a new perl module which works perfectly by itself. Seems
to cause the SQLBlackWhite.pm functions to fail with the error message:

Oct  2 00:10:07 smtp MailScanner[9596]: MailScanner E-Mail Virus Scanner
version 4.44.6 starting...
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init
function SQLSpamScores
Oct  2 00:10:08 smtp MailScanner[9596]: Read 4 Spam entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init
function SQLNoScan
Oct  2 00:10:08 smtp MailScanner[9596]: Read 6 No Spam Scan entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init
function SQLBlacklist
Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Blacklist
Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function
code MailScanner::CustomConfig::InitSQLBlacklist, it could not be
"eval"ed. Make sure the module is correct with perl -wc
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init
function MailWatchLogging
Oct  2 00:10:08 smtp MailScanner[9596]: Started SQL Logging child
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init
function SQLHighSpamScores
Oct  2 00:10:08 smtp MailScanner[9596]: Read 3 high Spam entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init
function SQLWhitelist
Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Whitelist
Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function
code MailScanner::CustomConfig::InitSQLWhitelist, it could not be
"eval"ed. Make sure the module is correct with perl -wc

When I run: perl -wc SQLBlackWhiteList.pm  I get: SQLBlackWhiteList.pm
syntax OK

I was running the SQLBlackWhiteList just fine prior to adding my module
(which again runs just fine itself). My module must be interfereing with
the SQLBlackWhiteList module somehow. I just don't know how.....

Thanks for any help
Dennis


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Sun Oct  2 12:58:57 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: Problem with Custom Functions
Message-ID: <mailman.15697.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you end the file with a line saying this?
    1;
If not, it will fail. All my example(s) should end in this.

Dennis Willson wrote:

> I'm have a problem with some custom functions. I'm extending MailWatch 
> and after adding a new perl module which works perfectly by itself. 
> Seems to cause the SQLBlackWhite.pm functions to fail with the error 
> message:
>
> Oct  2 00:10:07 smtp MailScanner[9596]: MailScanner E-Mail Virus 
> Scanner version 4.44.6 starting...
> Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
> function SQLSpamScores
> Oct  2 00:10:08 smtp MailScanner[9596]: Read 4 Spam entries
> Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
> function SQLNoScan
> Oct  2 00:10:08 smtp MailScanner[9596]: Read 6 No Spam Scan entries
> Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
> function SQLBlacklist
> Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Blacklist
> Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function 
> code MailScanner::CustomConfig::InitSQLBlacklist, it could not be 
> "eval"ed. Make sure the module is correct with perl -wc
> Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
> function MailWatchLogging
> Oct  2 00:10:08 smtp MailScanner[9596]: Started SQL Logging child
> Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
> function SQLHighSpamScores
> Oct  2 00:10:08 smtp MailScanner[9596]: Read 3 high Spam entries
> Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
> function SQLWhitelist
> Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Whitelist
> Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function 
> code MailScanner::CustomConfig::InitSQLWhitelist, it could not be 
> "eval"ed. Make sure the module is correct with perl -wc
>
> When I run: *perl -wc SQLBlackWhiteList.pm*  I get: 
> *SQLBlackWhiteList.pm syntax OK
>
> *I was running the SQLBlackWhiteList just fine prior to adding my 
> module (which again runs just fine itself). My module must be 
> interfereing with the SQLBlackWhiteList module somehow. I just don't 
> know how.....
>
> Thanks for any help
> Dennis
> *
> *
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz/LihH2WUcUFbZUEQKMuwCgwzOVhaaXY/1DFi4AF76U/lf9pgcAnAsk
k8U3/E3tdgxSpZuBEdb5DWP+
=qRpd
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Sun Oct  2 14:31:43 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:52 2006
Subject: Small update
Message-ID: <mailman.15698.1137101452.24926.mailscanner@lists.mailscanner.info>

I am running the most recent version of the perl Packages
and I am seeing some great results.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Sun Oct  2 14:58:35 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:52 2006
Subject: Problem with Custom Functions
Message-ID: <mailman.15699.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, I have 1; at the end.

Each of the modules work fine by themselves. I had been running the
SQLBlackWhite.pm module for over a month. I had run
my new module for a couple of days on the test system (without the
SQLBlackWhite.pm installed) and it was running perfectly.
It wasn't until I put the two together that I hit this problem.

In fact I used the SQLBlackWhite.pm as my template for creating my
module. Is there a possiblilty of "interference" with variable naming or
subroutine nameing or anything like that?

Julian Field wrote:

 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you end the file with a line saying this?
    1;
If not, it will fail. All my example(s) should end in this.

Dennis Willson wrote:

  

 I'm have a problem with some custom functions. I'm extending MailWatch 
and after adding a new perl module which works perfectly by itself. 
Seems to cause the SQLBlackWhite.pm functions to fail with the error 
message:

Oct  2 00:10:07 smtp MailScanner[9596]: MailScanner E-Mail Virus 
Scanner version 4.44.6 starting...
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLSpamScores
Oct  2 00:10:08 smtp MailScanner[9596]: Read 4 Spam entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLNoScan
Oct  2 00:10:08 smtp MailScanner[9596]: Read 6 No Spam Scan entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLBlacklist
Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Blacklist
Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function 
code MailScanner::CustomConfig::InitSQLBlacklist, it could not be 
"eval"ed. Make sure the module is correct with perl -wc
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function MailWatchLogging
Oct  2 00:10:08 smtp MailScanner[9596]: Started SQL Logging child
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLHighSpamScores
Oct  2 00:10:08 smtp MailScanner[9596]: Read 3 high Spam entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLWhitelist
Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Whitelist
Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function 
code MailScanner::CustomConfig::InitSQLWhitelist, it could not be 
"eval"ed. Make sure the module is correct with perl -wc

When I run: *perl -wc SQLBlackWhiteList.pm*  I get: 
*SQLBlackWhiteList.pm syntax OK

*I was running the SQLBlackWhiteList just fine prior to adding my 
module (which again runs just fine itself). My module must be 
interfereing with the SQLBlackWhiteList module somehow. I just don't 
know how.....

Thanks for any help
Dennis
*
*
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

*Support MailScanner development - buy the book off the website!*
    

 - -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz/LihH2WUcUFbZUEQKMuwCgwzOVhaaXY/1DFi4AF76U/lf9pgcAnAsk
k8U3/E3tdgxSpZuBEdb5DWP+
=qRpd
-----END PGP SIGNATURE-----

  


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From taz at TAZ-MANIA.COM  Sun Oct  2 16:53:14 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:52 2006
Subject: Problem with Custom Functions
Message-ID: <mailman.15700.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I found it, I had a subroutine with the same name as the SQLBlackWhite
module. I changed its name and the problem has gone away.

Thanks

Julian Field wrote:

 -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you end the file with a line saying this?
    1;
If not, it will fail. All my example(s) should end in this.

Dennis Willson wrote:

  

 I'm have a problem with some custom functions. I'm extending MailWatch 
and after adding a new perl module which works perfectly by itself. 
Seems to cause the SQLBlackWhite.pm functions to fail with the error 
message:

Oct  2 00:10:07 smtp MailScanner[9596]: MailScanner E-Mail Virus 
Scanner version 4.44.6 starting...
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLSpamScores
Oct  2 00:10:08 smtp MailScanner[9596]: Read 4 Spam entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLNoScan
Oct  2 00:10:08 smtp MailScanner[9596]: Read 6 No Spam Scan entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLBlacklist
Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Blacklist
Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function 
code MailScanner::CustomConfig::InitSQLBlacklist, it could not be 
"eval"ed. Make sure the module is correct with perl -wc
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function MailWatchLogging
Oct  2 00:10:08 smtp MailScanner[9596]: Started SQL Logging child
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLHighSpamScores
Oct  2 00:10:08 smtp MailScanner[9596]: Read 3 high Spam entries
Oct  2 00:10:08 smtp MailScanner[9596]: Config: calling custom init 
function SQLWhitelist
Oct  2 00:10:08 smtp MailScanner[9596]: Starting up SQL Whitelist
Oct  2 00:10:08 smtp MailScanner[9596]: Could not use Custom Function 
code MailScanner::CustomConfig::InitSQLWhitelist, it could not be 
"eval"ed. Make sure the module is correct with perl -wc

When I run: *perl -wc SQLBlackWhiteList.pm*  I get: 
*SQLBlackWhiteList.pm syntax OK

*I was running the SQLBlackWhiteList just fine prior to adding my 
module (which again runs just fine itself). My module must be 
interfereing with the SQLBlackWhiteList module somehow. I just don't 
know how.....

Thanks for any help
Dennis
*
*
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

*Support MailScanner development - buy the book off the website!*
    

 - -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz/LihH2WUcUFbZUEQKMuwCgwzOVhaaXY/1DFi4AF76U/lf9pgcAnAsk
k8U3/E3tdgxSpZuBEdb5DWP+
=qRpd
-----END PGP SIGNATURE-----

  



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From admin at thenamegame.com  Sun Oct  2 17:58:33 2005
From: admin at thenamegame.com (Michael Freeman)
Date: Thu Jan 12 21:30:52 2006
Subject: MS + SA 3.1 high loads on startup, SA 3.1 is CRAPITO!
Message-ID: <mailman.15701.1137101452.24926.mailscanner@lists.mailscanner.info>


I&#8217;ve never had these high loads when starting up MS. Ever since our
boxes was upgraded by Cpanel to SA 3.1 our MS takes forever to start. The
loads skyrocket on the server when you restart /etc/init.d/MailScanner
start | restart. At times you cannot restart MS because you get  SIGUPS
all though the maillog. Instead, you have to shut down MS, killall -9
MailScanner, then start it. Once MS starts it spawns processes that eat
up CPU like crazy. This lasts for 10 &#8211; 20min finally after you see
these entries in your maillog;

 

Oct  2 12:41:12 srv05 MailScanner[16884]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)

Oct  2 12:41:28 srv05 MailScanner[17234]: Using locktype = posix

 

MS finally eases up on the load and the boxes returns to a respectable
load.

 

All I can is that that since our boxes were upgraded to SA 3.1 we have
had nothing but load issues with MS. Not sure what SA 3.1 has done but it
seems like they are screwing up everything.

 

Anyone else notice this?


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From michele at BLACKNIGHT.IE  Sun Oct  2 18:01:27 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie)
Date: Thu Jan 12 21:30:52 2006
Subject: MS + SA 3.1 high loads on startup, SA 3.1 is CRAPITO!
Message-ID: <mailman.15702.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michael Freeman wrote:
> I^Òve never had these high loads when starting up MS. Ever since our 
> boxes was upgraded by Cpanel to SA 3.1 our MS takes forever to start. 
> The loads skyrocket on the server when you restart 
> /etc/init.d/MailScanner start | restart. At times you cannot restart MS 
> because you get  SIGUPS all though the maillog. Instead, you have to 
> shut down MS, killall -9 MailScanner, then start it. Once MS starts it 
> spawns processes that eat up CPU like crazy. This lasts for 10 ^Ö 20min 
> finally after you see these entries in your maillog;
> 
>  

Did you ever consider that cpanel might be causing the issue?


-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Mon Oct  3 00:52:25 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:30:52 2006
Subject: rule failing lint test
Message-ID: <mailman.15703.1137101452.24926.mailscanner@lists.mailscanner.info>

I've put in a rule that seems to be failing the --lint test.  What I'm looking for is in the subject line since there is a # there is this not treated as a remark or is this read as normal information?


mail:/etc/spamassassin# spamassassin --lint > lint_test_results.txt
Bareword found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 10, near "etc"
  (Might be a runaway multi-line // string starting on line 1)
        (Missing operator before etc?)
Misplaced _ in number at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 30.
Bareword found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 30, near "70_sare_header"
  (Might be a runaway multi-line "" string starting on line 20)
        (Missing operator before sare_header?)
Misplaced _ in number at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 40.
Bareword found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 40, near "70_sare_random"
  (Might be a runaway multi-line "" string starting on line 30)
        (Missing operator before sare_random?)
Misplaced _ in number at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 50.
Bareword found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 50, near "70_sare_header"
  (Might be a runaway multi-line "" string starting on line 40)
        (Missing operator before sare_header?)
Backslash found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 91, near "$|\"
  (Might be a runaway multi-line ?? string starting on line 51)
        (Missing operator before \?)
Backslash found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 111, near "\"
  (Might be a runaway multi-line ?? string starting on line 91)
        (Missing operator before \?)
Bareword found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 111, near "@\S"
        (Missing operator before S?)
Backslash found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 251, near "d\"
  (Might be a runaway multi-line ?? string starting on line 111)
Bareword found where operator expected at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 251, near "@\S"
        (Missing operator before S?)
Failed to run header SpamAssassin tests, skipping some: syntax error at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 10, near "etc"
syntax error at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 251, near "\."
syntax error at /etc/spamassassin/local.cf, rule PROLO_GSPAM28, line 251, near "@\S"

lint: 1 issues detected.  please rerun with debug enabled for more information.
mail:/etc/spamassassin# vi lint_test_results.txt
mail:/etc/spamassassin#



Rule 28

# 28 Subject: $B;(;o$G$*Fk\@w$_!#CO0hJL$K??7u$J=P(B
header PROLO_GSPAM28 Subject =~ /\$B;\(;o\$G\$\*Fk\@w\$_!#CO0hJL\$K\?\?7u\$J=P\(B/i
score PROLO_GSPAM28 8
describe PROLO_GSPAM28 Spam - Custom rule set


Regards,


Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  83 lines. ]
    [ Unable to print this part. ]


From Dave  Mon Oct  3 01:04:48 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:52 2006
Subject: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15704.1137101452.24926.mailscanner@lists.mailscanner.info>

----- Forwarded message from Concerned Customer -----


<html>
<body>
<br>
Dave,<br><br>
our mailings are still getting tagged as fraud...<br><br>
<br>
<br>
does this come with spam/fraud statement??? <br>
<div align="center"><br>
---------------------------------------------------------------------------<br>
<font face="arial" size=2>To be unsubscribed from the testlist mailing
list, simply click on the link below:<br>
</font><font color="#FF0000"><b>
<a href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&amp;e=bjm=:bennaco.com">
MailScanner has detected a possible fraud attempt from
&quot;safetyresults.ca&quot; claiming to be</a></b></font>
<a href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&amp;e=bjm=:bennaco.com"><font color="red"><b>MailScanner has detected a possible fraud attempt from "safetyresults.ca" claiming to be</b></font> 
<font face="arial" size=2><b>Unsubscribe bjm@bennaco.com</a><br><br>
<br>
</div>

Content-Description: "AVG certification"


No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29/09/2005



----- End forwarded message -----


How do I fix the above scenario?  Again this custoemr is using smpro newletter
to send out to customer and this is not a Fraud!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Mon Oct  3 01:18:19 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:30:52 2006
Subject: curious about body rules
Message-ID: <mailman.15705.1137101452.24926.mailscanner@lists.mailscanner.info>

If I create a rule that checks the body content for certain words, can I just keep adding words to this one rule?
It's to my understanding that SA will search the body of the e-mail for the words that are listed.

example:
body BodyTest_RULE /porn market penis calis/ i
score BodyTest_RULE 4.0 
describe BodyTest_RULE This body test rule 

Regards


Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  35 lines. ]
    [ Unable to print this part. ]


From jlmiller at MMTNETWORKS.COM.AU  Mon Oct  3 01:37:55 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:30:52 2006
Subject: Mailscanner Book
Message-ID: <mailman.15706.1137101452.24926.mailscanner@lists.mailscanner.info>

Think it's time to buy the book.

Just curious how long would it take to get the book to WA, Australia?

Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  26 lines. ]
    [ Unable to print this part. ]


From mike at CAMAROSS.NET  Mon Oct  3 01:58:45 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:52 2006
Subject: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15707.1137101452.24926.mailscanner@lists.mailscanner.info>

A couple of options:

1.  Add the sending domain or IP to your phishing whitelist
2.  Exempt them from phishing/spam checks by ruleset

Mike
 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Shariff 
> Yadallee - System Administrator a.k.a. The Root of the Problem
> Sent: Sunday, October 02, 2005 7:05 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
> 
> ----- Forwarded message from Concerned Customer -----
> 
> 
> <html>
> <body>
> <br>
> Dave,<br><br>
> our mailings are still getting tagged as fraud...<br><br> 
> <br> <br> does this come with spam/fraud statement??? <br> 
> <div align="center"><br> 
> --------------------------------------------------------------
> -------------<br>
> <font face="arial" size=2>To be unsubscribed from the 
> testlist mailing list, simply click on the link below:<br> 
> </font><font color="#FF0000"><b> <a 
> href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&a
> mp;e=bjm=:bennaco.com">
> MailScanner has detected a possible fraud attempt from 
> &quot;safetyresults.ca&quot; claiming to be</a></b></font> <a 
> href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&a
> mp;e=bjm=:bennaco.com"><font color="red"><b>MailScanner has 
> detected a possible fraud attempt from "safetyresults.ca" 
> claiming to be</b></font> <font face="arial" 
> size=2><b>Unsubscribe bjm@bennaco.com</a><br><br> <br> </div>
> 
> Content-Description: "AVG certification"
> 
> 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.11.9/115 - Release 
> Date: 29/09/2005
> 
> 
> 
> ----- End forwarded message -----
> 
> 
> How do I fix the above scenario?  Again this custoemr is 
> using smpro newletter to send out to customer and this is not a Fraud!
> 
> --
> This message has been scanned for viruses and dangerous 
> content by MailScanner, and is believed to be clean.
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Mon Oct  3 02:01:36 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:52 2006
Subject: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15708.1137101452.24926.mailscanner@lists.mailscanner.info>

On Sun, Oct 02, 2005 at 07:58:45PM -0500, Mike Kercher wrote:
> A couple of options:
> 
> 1.  Add the sending domain or IP to your phishing whitelist
> 2.  Exempt them from phishing/spam checks by ruleset
> 
> Mike
>

Time to get more information from the customer.
  
> 
> > -----Original Message-----
> > From: MailScanner mailing list 
> > [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave Shariff 
> > Yadallee - System Administrator a.k.a. The Root of the Problem
> > Sent: Sunday, October 02, 2005 7:05 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
> > 
> > ----- Forwarded message from Concerned Customer -----
> > 
> > 
> > <html>
> > <body>
> > <br>
> > Dave,<br><br>
> > our mailings are still getting tagged as fraud...<br><br> 
> > <br> <br> does this come with spam/fraud statement??? <br> 
> > <div align="center"><br> 
> > --------------------------------------------------------------
> > -------------<br>
> > <font face="arial" size=2>To be unsubscribed from the 
> > testlist mailing list, simply click on the link below:<br> 
> > </font><font color="#FF0000"><b> <a 
> > href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&a
> > mp;e=bjm=:bennaco.com">
> > MailScanner has detected a possible fraud attempt from 
> > &quot;safetyresults.ca&quot; claiming to be</a></b></font> <a 
> > href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&a
> > mp;e=bjm=:bennaco.com"><font color="red"><b>MailScanner has 
> > detected a possible fraud attempt from "safetyresults.ca" 
> > claiming to be</b></font> <font face="arial" 
> > size=2><b>Unsubscribe bjm@bennaco.com</a><br><br> <br> </div>
> > 
> > Content-Description: "AVG certification"
> > 
> > 
> > No virus found in this outgoing message.
> > Checked by AVG Anti-Virus.
> > Version: 7.0.344 / Virus Database: 267.11.9/115 - Release 
> > Date: 29/09/2005
> > 
> > 
> > 
> > ----- End forwarded message -----
> > 
> > 
> > How do I fix the above scenario?  Again this custoemr is 
> > using smpro newletter to send out to customer and this is not a Fraud!
> > 
> > --
> > This message has been scanned for viruses and dangerous 
> > content by MailScanner, and is believed to be clean.
> > 
> > ------------------------ MailScanner list 
> > ------------------------ To unsubscribe, email 
> > jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> > and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gdoris at ROGERS.COM  Mon Oct  3 02:36:59 2005
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:30:52 2006
Subject: What version of MailScanner book?
Message-ID: <mailman.15709.1137101452.24926.mailscanner@lists.mailscanner.info>

How can I tell if I'm ordering the most current version of the
MailScanner book?  The one on Amazon Canada claims it's Sept 1, 2004.  I
checked Amazon UK and it has the same info.

I'd hate to get a copy a year out of date??

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Mon Oct  3 02:42:09 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:52 2006
Subject: What version of MailScanner book?
Message-ID: <mailman.15710.1137101452.24926.mailscanner@lists.mailscanner.info>

http://www.cafepress.com/mailscanner2,mailscanner.13170076
 

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gerry Doris
> Sent: Sunday, October 02, 2005 8:37 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: What version of MailScanner book?
> 
> How can I tell if I'm ordering the most current version of 
> the MailScanner book?  The one on Amazon Canada claims it's 
> Sept 1, 2004.  I checked Amazon UK and it has the same info.
> 
> I'd hate to get a copy a year out of date??
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From nats at SSCRMNL.EDU.PH  Mon Oct  3 03:31:08 2005
From: nats at SSCRMNL.EDU.PH (Jose Nathaniel Nengasca)
Date: Thu Jan 12 21:30:52 2006
Subject: FW: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15711.1137101452.24926.mailscanner@lists.mailscanner.info>

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
Problem
Sent: Monday, October 03, 2005 8:05 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]

----- Forwarded message from Concerned Customer -----


<html>
<body>
<br>
Dave,<br><br>
our mailings are still getting tagged as fraud...<br><br>
<br>
<br>
does this come with spam/fraud statement??? <br>
<div align="center"><br>
---------------------------------------------------------------------------<
br>
<font face="arial" size=2>To be unsubscribed from the testlist mailing
list, simply click on the link below:<br>
</font><font color="#FF0000"><b>
<a
href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&amp;e=bjm=:benn
aco.com">
MailScanner has detected a possible fraud attempt from
&quot;safetyresults.ca&quot; claiming to be</a></b></font>
<a
href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&amp;e=bjm=:benn
aco.com"><font color="red"><b>MailScanner has detected a possible fraud
attempt from "safetyresults.ca" claiming to be</b></font> 
<font face="arial" size=2><b>Unsubscribe bjm@bennaco.com</a><br><br>
<br>
</div>

Content-Description: "AVG certification"


No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29/09/2005



----- End forwarded message -----


How do I fix the above scenario?  Again this custoemr is using smpro
newletter
to send out to customer and this is not a Fraud!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct  3 08:50:30 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: curious about body rules
Message-ID: <mailman.15712.1137101452.24926.mailscanner@lists.mailscanner.info>

Your "body" line is wrong. It needs to say
body    BodyTest_RULE /porn|market|penis|calis/i
to make it search for any of the words listed.

On 3 Oct 2005, at 01:18, Jon Miller wrote:

> If I create a rule that checks the body content for certain words,  
> can I just keep adding words to this one rule?
> It's to my understanding that SA will search the body of the e-mail  
> for the words that are listed.
>
> example:
> body BodyTest_RULE /porn market penis calis/ i
> score BodyTest_RULE 4.0
> describe BodyTest_RULE This body test rule
>
> Regards
>
>
> Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
> Director/Sr Systems Consultant
> MMT Networks Pty Ltd
> http://www.mmtnetworks.com.au
> Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl
>
> "I don't know the key to success, but the key to failure
>  is trying to please everybody." -Bill Cosby
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> <TEXT.htm>
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct  3 08:51:32 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: Mailscanner Book
Message-ID: <mailman.15713.1137101452.24926.mailscanner@lists.mailscanner.info>

Buy it straight from the icon in the top right corner of  
www.mailscanner.info and it will take 2 to 3 weeks.
Any other method will take a *lot* longer.

On 3 Oct 2005, at 01:37, Jon Miller wrote:

> Think it's time to buy the book.
>
> Just curious how long would it take to get the book to WA, Australia?

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct  3 08:53:52 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: What version of MailScanner book?
Message-ID: <mailman.15714.1137101452.24926.mailscanner@lists.mailscanner.info>

That is by far the fastest and cheapest way of getting the book. And  
there is no possibility of you getting an old version.

On 3 Oct 2005, at 02:42, Mike Kercher wrote:

> http://www.cafepress.com/mailscanner2,mailscanner.13170076
>
>
>
>> -----Original Message-----
>> From: MailScanner mailing list
>> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Gerry Doris
>> Sent: Sunday, October 02, 2005 8:37 PM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: What version of MailScanner book?
>>
>> How can I tell if I'm ordering the most current version of
>> the MailScanner book?  The one on Amazon Canada claims it's
>> Sept 1, 2004.  I checked Amazon UK and it has the same info.
>>
>> I'd hate to get a copy a year out of date??
>>
>> ------------------------ MailScanner list
>> ------------------------ To unsubscribe, email
>> jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Mon Oct  3 09:02:39 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:52 2006
Subject: MailScanner ANNOUNCE: 4.46.2 release
Message-ID: <mailman.15715.1137101452.24926.mailscanner@lists.mailscanner.info>

Julian

Small point, the TNEF expander fix iss not just for PostFix users, Exim can
be a problem as well.....in fact its probably a problem for any MTA that
doesn't run as root.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: 01 October 2005 14:54
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [MAILSCANNER] MailScanner ANNOUNCE: 4.46.2 release

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just released the latest stable version of MailScanner, 4.46.2.

Download as usual from www.mailscanner.info

The Change Log is pretty small this month, things have been quiet. The 
important bit for Postfix users is a fix involving the internal TNEF 
expander. Also SpamAssassin 3.1.0 is supported and doesn't generate any 
warnings.

The full Change Log is this:
* New Features and Improvements *
- - Improved phishing net JavaScript detection to make reports more
sensible.
- - Loads of additions to phishing net safe sites list (thanks Denis!).
- - Improved Install-Clam-SA package so that it sets up your /etc/ld.so.conf
  file for you, by adding /usr/local/lib if necessary.
- - Increased the default expansion factor of archives for the clamav
scanner.
- - Removed -j3 from call to Kaspersky in kaspersky-wrapper, on advice from
  Kaspersky users.

* Fixes *
- - Fixed problem with a few TNEF files and the internal TNEF decoder,
  caused occasional crashes.
- - Fixed warnings with numeric tests in a couple of places.
- - Tested against SpamAssassin 3.1.0, one minor problem found and fixed.
- - Fixed minor bug in "actions" parser in ZMailer support code.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz6VARH2WUcUFbZUEQJvFwCfeT4qx75mRzyUrqcFIpDzY5TCoisAoL7V
qCBvxc6pq2cDUwslmlp1ezeE
=jJdh
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Oct  3 09:05:39 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:30:52 2006
Subject: FW: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15716.1137101452.24926.mailscanner@lists.mailscanner.info>

Hi!

> Content-Description: "AVG certification"
>
>
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29/09/2005
>
>
>
> ----- End forwarded message -----
>
>
> How do I fix the above scenario?  Again this custoemr is using smpro
> newletter
> to send out to customer and this is not a Fraud!

Serveral options... :)

1] disable fraud detection
2] buy support and urge Julian to fix it
3] sit and wait till julian has time
4] fix it yourself

Pick one :)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gdoris at ROGERS.COM  Mon Oct  3 11:05:40 2005
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:30:52 2006
Subject: Mailscanner Book
Message-ID: <mailman.15717.1137101452.24926.mailscanner@lists.mailscanner.info>

On Mon, 2005-10-03 at 08:51 +0100, Julian Field wrote:
> Buy it straight from the icon in the top right corner of  
> www.mailscanner.info and it will take 2 to 3 weeks.
> Any other method will take a *lot* longer.
> 
> On 3 Oct 2005, at 01:37, Jon Miller wrote:
> 
> > Think it's time to buy the book.
> >
> > Just curious how long would it take to get the book to WA, Australia?
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
Actually, Amazon Canada claims to have your book in stock.  They say
that delivery will be in 1-2 business days.

I  don't know if these are the older or newer versions?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct  3 11:41:38 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: Mailscanner Book
Message-ID: <mailman.15718.1137101452.24926.mailscanner@lists.mailscanner.info>

On 3 Oct 2005, at 11:05, Gerry Doris wrote:

> On Mon, 2005-10-03 at 08:51 +0100, Julian Field wrote:
>
>> Buy it straight from the icon in the top right corner of
>> www.mailscanner.info and it will take 2 to 3 weeks.
>> Any other method will take a *lot* longer.
>>
>> On 3 Oct 2005, at 01:37, Jon Miller wrote:
>>
>>
>>> Think it's time to buy the book.
>>>
>>> Just curious how long would it take to get the book to WA,  
>>> Australia?
>>>
>>
>>
> Actually, Amazon Canada claims to have your book in stock.  They say
> that delivery will be in 1-2 business days.

Interesting. They might be lying.

> I  don't know if these are the older or newer versions?

As the books are printed on demand, there shouldn't be any way of  
getting old copies.
But if they ordered some directly themselves (which I don't think  
they can) or ordered more than they needed (which they haven't done  
through me), then there is a small chance of getting an old copy.

My advice would be to order directly from CafePress. That is where  
the link on the www.mailscanner.info home page takes you. You will  
get your book considerably faster and cheaper than any other route.  
Just order it direct.

Don't worry about your credit card details, CafePress have a very  
good reputation to protect, and I have never heard any reports of bad  
things happening. I am not involved in the purchase in any way if you  
order directly from them.
-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Mon Oct  3 14:44:20 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:52 2006
Subject: FW: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15719.1137101452.24926.mailscanner@lists.mailscanner.info>

On Mon, Oct 03, 2005 at 10:31:08AM +0800, Jose Nathaniel Nengasca wrote:
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
> Problem
> Sent: Monday, October 03, 2005 8:05 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
> 
> ----- Forwarded message from Concerned Customer -----
> 
> 
> <html>
> <body>
> <br>
> Dave,<br><br>
> our mailings are still getting tagged as fraud...<br><br>
> <br>
> <br>
> does this come with spam/fraud statement??? <br>
> <div align="center"><br>
> ---------------------------------------------------------------------------<
> br>
> <font face="arial" size=2>To be unsubscribed from the testlist mailing
> list, simply click on the link below:<br>
> </font><font color="#FF0000"><b>
> <a
> href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&amp;e=bjm=:benn
> aco.com">
> MailScanner has detected a possible fraud attempt from
> &quot;safetyresults.ca&quot; claiming to be</a></b></font>
> <a
> href="http://safetyresults.ca/cgi-bin/smpro/s.pl?r=1&amp;l=2&amp;e=bjm=:benn
> aco.com"><font color="red"><b>MailScanner has detected a possible fraud
> attempt from "safetyresults.ca" claiming to be</b></font> 
> <font face="arial" size=2><b>Unsubscribe bjm@bennaco.com</a><br><br>
> <br>
> </div>
> 
> Content-Description: "AVG certification"
> 
> 
> No virus found in this outgoing message.
> Checked by AVG Anti-Virus.
> Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29/09/2005
> 
> 
> 
> ----- End forwarded message -----
> 
> 
> How do I fix the above scenario?  Again this custoemr is using smpro
> newletter
> to send out to customer and this is not a Fraud!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>

Jose, were you trying to say something? 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Mon Oct  3 14:56:06 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:52 2006
Subject: FW: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15720.1137101452.24926.mailscanner@lists.mailscanner.info>

On Mon, Oct 03, 2005 at 10:05:39AM +0200, Raymond Dijkxhoorn wrote:
> Hi!
> 
> >Content-Description: "AVG certification"
> >
> >
> >No virus found in this outgoing message.
> >Checked by AVG Anti-Virus.
> >Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29/09/2005
> >
> >
> >
> >----- End forwarded message -----
> >
> >
> >How do I fix the above scenario?  Again this custoemr is using smpro
> >newletter
> >to send out to customer and this is not a Fraud!
> 
> Serveral options... :)
> 
> 1] disable fraud detection
> 2] buy support and urge Julian to fix it
> 3] sit and wait till julian has time
> 4] fix it yourself
>

Julian did make mention of adding the  domain/IP to the  phishing file.
 
> Pick one :)
> 
> Bye,
> Raymond.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Mon Oct  3 16:42:45 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:52 2006
Subject: FW: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15721.1137101452.24926.mailscanner@lists.mailscanner.info>

On Mon, Oct 03, 2005 at 07:56:06AM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of              the Problem wrote:
> On Mon, Oct 03, 2005 at 10:05:39AM +0200, Raymond Dijkxhoorn wrote:
> > Hi!
> > 
> > >Content-Description: "AVG certification"
> > >
> > >
> > >No virus found in this outgoing message.
> > >Checked by AVG Anti-Virus.
> > >Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29/09/2005
> > >
> > >
> > >
> > >----- End forwarded message -----
> > >
> > >
> > >How do I fix the above scenario?  Again this custoemr is using smpro
> > >newletter
> > >to send out to customer and this is not a Fraud!
> > 
> > Serveral options... :)
> > 
> > 1] disable fraud detection
> > 2] buy support and urge Julian to fix it
> > 3] sit and wait till julian has time
> > 4] fix it yourself
> >
> 
> Julian did make mention of adding the  domain/IP to the  phishing file.
>

This does concern us all as we are trying to fight Fraud and spam.

some good news, is that if unsubscribe is not present, the e-newsletter
is listed as spam.

Question, even though my localhost is send the e-newsletter to others,
MAilScanner is taging this as fraud;  Should I be listing
the host IP or the sender IP?
  
> > Pick one :)
> > 
> > Bye,
> > Raymond.
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> > 
> > -- 
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Mon Oct  3 17:00:22 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:52 2006
Subject: MailScanner + Sendmail-8.12.8-4
Message-ID: <mailman.15722.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alfred Orimbo wrote:

>Hallo all.
>I have just insttalled MailScanner, and I run sendmail-8.12.8-4. 
>After stoping Sendmail, mails come in ok, but are held up in /var/spool/mqueue.in. How do i modify the script that starts sendmail to enable the scanned mails go to /var/spool/mqueue? Does MailScanner work with sendmail-8.12.8-4?
>
>My OS is Linux 9.0 (Shrike) and MailScanner-4.4.0.11-1.
>
>The combination is MailScanner+Sendmail+SpamAssassin. I do not have problem with SpamaAssassin.
>
>  
>

Alfred,

It will be MailScanner that will move emails from mqueue.in to mqueue 
once it has done its job on them.  And yes MS is working perfectly with 
your version of sendmail and RedHat.  Make sure you started MailScanner 
through its "service mailscanner start" (it may be "service MailScanner 
stop" depending on your version) and don't forget to "chkconfig 
mailscanner on" (or "chkconfig MailScanner on").

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct  3 16:54:40 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:52 2006
Subject: MailScanner + Sendmail-8.12.8-4
Message-ID: <mailman.15723.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alfred Orimbo spake the following on 10/1/2005 9:22 AM:
> Hallo all.
> I have just insttalled MailScanner, and I run sendmail-8.12.8-4. 
> After stoping Sendmail, mails come in ok, but are held up in /var/spool/mqueue.in. How do i modify the script that starts sendmail to enable the scanned mails go to /var/spool/mqueue? Does MailScanner work with sendmail-8.12.8-4?
> 
> My OS is Linux 9.0 (Shrike) and MailScanner-4.4.0.11-1.
> 
> The combination is MailScanner+Sendmail+SpamAssassin. I do not have problem with SpamaAssassin.
> 
> Regards,
> Alfred.
> 
You do not run sendmail with MailScanner. You just run MailScanner and
it will take care of running the sendmail processes needed.
Did you do the following?
service sendmail stop
chkconfig sendmail off
chkconfig MailScanner on
service MailScanner start


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Mon Oct  3 17:21:47 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:52 2006
Subject: FW: [Customer concern: {Fraud?} Fwd: {Fraud?} test mailing]
Message-ID: <mailman.15724.1137101452.24926.mailscanner@lists.mailscanner.info>

On Mon, Oct 03, 2005 at 09:42:45AM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of              the Problem wrote:
> On Mon, Oct 03, 2005 at 07:56:06AM -0600, Dave Shariff Yadallee - System Administrator a.k.a. The Root of              the Problem wrote:
> > On Mon, Oct 03, 2005 at 10:05:39AM +0200, Raymond Dijkxhoorn wrote:
> > > Hi!
> > > 
> > > >Content-Description: "AVG certification"
> > > >
> > > >
> > > >No virus found in this outgoing message.
> > > >Checked by AVG Anti-Virus.
> > > >Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29/09/2005
> > > >
> > > >
> > > >
> > > >----- End forwarded message -----
> > > >
> > > >
> > > >How do I fix the above scenario?  Again this custoemr is using smpro
> > > >newletter
> > > >to send out to customer and this is not a Fraud!
> > > 
> > > Serveral options... :)
> > > 
> > > 1] disable fraud detection
> > > 2] buy support and urge Julian to fix it
> > > 3] sit and wait till julian has time
> > > 4] fix it yourself
> > >
> > 
> > Julian did make mention of adding the  domain/IP to the  phishing file.
> >
> 
> This does concern us all as we are trying to fight Fraud and spam.
> 
> some good news, is that if unsubscribe is not present, the e-newsletter
> is listed as spam.
> 
> Question, even though my localhost is send the e-newsletter to others,
> MAilScanner is taging this as fraud;  Should I be listing
> the host IP or the sender IP?
>

The customer did further test and here are the results:

Here are the test results with the problem feature ON:


Test #5 - No unsubscribe link, disabled the "Powered by SubscribeMePro" notice:

    Results: tagged as "spam?" on mail to Bennaco - mail to Hotmail account went missing...? not delivered.

Test #6 - Unsubscribe link included, disabled the "Powered by SubscribeMePro" notice:

    Results: tagged as "fraud?"- same for both addresses

Test #7 - Unsubscribe link included, includes "Powered by SubscribeMePro" notice:

    Results: tagged as "fraud?" - same for both addresses 

Test #8 - No unsubscribe link, includes "Powered by SubscribeMePro" notice:

    Results: not tagged,  - same for both addresses

---

Any logical explanation?
   
> > > Pick one :)
> > > 
> > > Bye,
> > > Raymond.
> > > 
> > > ------------------------ MailScanner list ------------------------
> > > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > > 'leave mailscanner' in the body of the email.
> > > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > > 
> > > Support MailScanner development - buy the book off the website!
> > > 
> > > -- 
> > > This message has been scanned for viruses and
> > > dangerous content by MailScanner, and is
> > > believed to be clean.
> > > 
> > 
> > -- 
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > 
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > 
> > Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jd at BARITEC.COM  Mon Oct  3 19:58:35 2005
From: jd at BARITEC.COM (JD Doelitzsch)
Date: Thu Jan 12 21:30:52 2006
Subject: FW: MailScanner not catching eicar
Message-ID: <mailman.15725.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks for the help guys, I appreciate it. Julian, I changed the
virus.scanners.conf instead. I don't know what I was thinking, everything
else is a .conf. On a side note, I remember hearing someone on this list
mention a milter that creates a dummy address for spam bait that will
blacklist the sending ip for x amount of days. Anyone remember what it was
called?

-JD

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Julian Field
Sent: Saturday, October 01, 2005 6:37 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: FW: MailScanner not catching eicar


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

One extra point. Don't change the -wrapper scripts, that's wrong and
will be overwritten the next time you upgrade. What you should be doing
is editing /etc/MailScanner/virus.scanners.conf as that tells
MailScanner where the virus scanners are installed.

You don't ever have to change my code, there are configuratioon files to
do what you want.

JD Doelitzsch wrote:

>-----Original Message-----
>From: JD Doelitzsch [mailto:jd@baritec.com]
>Sent: Friday, September 30, 2005 2:46 PM
>To: MailScanner mailing list
>Subject: MailScanner not catching eicar
>
>
>Hey guys it's been a while since i wrote to the list but once again im
>stumped.
>
>Im running Fedora core 1 the latest from RHN, installed clam AV 8.7 and the
>lastest MailScanner build. Sendmail is pushing the mail to my "exchange"
>server but it doesn't seem like Mailscanner is getting to it. I originally
>thought that it was the clamav-wrapper which pointed to /usr/bin instead of
>usr/local/bin so once i corrected it worked fine when I ran it. I looked at
>the webinfo that said Add the domain name to /etc/mail/relay-domains. I
>didn't have that file so I created it with mydomain.com in it. I look at
top
>and when email comes in I see the sendmail process but no mailscanner or
>clamscan. I restart Mailscanner to verify its up and its up.
>MailScanner.conf looks okay to me, so im fresh out of ideas. anyone care to
>take a shot?
>
>-JD
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>

- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQz6Q7hH2WUcUFbZUEQJ5dQCghbcxwL3qll1Map7aUS2+eWz98EMAnRls
nDBV/OC566GtsJ8MoNeSmdN9
=6mqt
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jd at BARITEC.COM  Mon Oct  3 22:52:37 2005
From: jd at BARITEC.COM (JD Doelitzsch)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15726.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hey guys,

Im not sure if this has to do with MailScanner or not, because its just
totally beyond me, maybe you can shed some light or point me in the right
direction. The setup is MailScanner pushes to exchange via
Mailertable/sendmail. Access only has mydomain.com in it. When I telnet to
the MS box relay-denied(good) when trying to send other than mydomain.net as
far as i can tell, But when monitoring packets I see spam originating or
relaying from my MS server to the net. It's getting me blacklisted. What
kind of command lets people relay? thats the one thing i can't verify when
looking through the packets. I would like the MSbox only to relay to my
exchange server and nowhere else. The only thing i can think or is to put a
firewall on the MS box to only allow outgoing to my exchange box. What would
be the forseeable results of that? is there a better way?

-JD

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter at UCGBOOK.COM  Mon Oct  3 23:30:16 2005
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15727.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

JD Doelitzsch wrote:
> Im not sure if this has to do with MailScanner or not, because its just
> totally beyond me, maybe you can shed some light or point me in the right
> direction. The setup is MailScanner pushes to exchange via
> Mailertable/sendmail. Access only has mydomain.com in it. When I telnet to
> the MS box relay-denied(good) when trying to send other than mydomain.net as
> far as i can tell, But when monitoring packets I see spam originating or
> relaying from my MS server to the net. It's getting me blacklisted. What
> kind of command lets people relay? thats the one thing i can't verify when
> looking through the packets. I would like the MSbox only to relay to my
> exchange server and nowhere else. The only thing i can think or is to put a
> firewall on the MS box to only allow outgoing to my exchange box. What would
> be the forseeable results of that? is there a better way?

You can test for open relays here: http://www.abuse.net/relay.html

-- 
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From james at grayonline.id.au  Mon Oct  3 22:34:07 2005
From: james at grayonline.id.au (James Gray)
Date: Thu Jan 12 21:30:52 2006
Subject: rule failing lint test
Message-ID: <mailman.15728.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Monday 03 October 2005 09:52, Jon Miller wrote:
> I've put in a rule that seems to be failing the --lint test.  What I'm
> looking for is in the subject line since there is a # there is this not
> treated as a remark or is this read as normal information?
> Rule 28

SNIP

> # 28 Subject: $B;(;o$G$*Fk\@w$_!#CO0hJL$K??7u$J=P(B
> header PROLO_GSPAM28 Subject =~
> /\$B;\(;o\$G\$\*Fk\@w\$_!#CO0hJL\$K\?\?7u\$J=P\(B/i score PROLO_GSPAM28 8
> describe PROLO_GSPAM28 Spam - Custom rule setJames

You need to escape "\", "!", "#", AND the "@" (not sure about the semi-colon 
but when in doubt, escape it anyway).  So (assuming no escaping of the ";"):
/\$B....Fk\\\@w\$_\!\#CO0h.../i

HTH,

James
-- 
*** PUBLIC flooding detected from erikyyy
<lewnie> THAT's an erik, pholx.... ;)
 -- Seen on #LinuxGER

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From james at grayonline.id.au  Mon Oct  3 22:25:50 2005
From: james at grayonline.id.au (James Gray)
Date: Thu Jan 12 21:30:52 2006
Subject: curious about body rules
Message-ID: <mailman.15729.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Monday 03 October 2005 10:18, Jon Miller wrote:
> If I create a rule that checks the body content for certain words, can I
> just keep adding words to this one rule? It's to my understanding that SA
> will search the body of the e-mail for the words that are listed.
>
> example:
> body BodyTest_RULE /porn market penis calis/ i
> score BodyTest_RULE 4.0
> describe BodyTest_RULE This body test rule

Close, but no cigar ;)  The bit between the /.../ is a Perl regex and is 
matched, basically, as literal string.  To achieve what you are trying, the 
correct syntax is:

body BodyTest_RULE /(?:porn|market|penis|calis)/i

You may want to add the word-boundary delimiter "\b" before and after the 
parenthesis.  This will cause a match of each of the words but only if they 
occur BETWEEN word boundaries.

There's a great Perl regex primer at:
http://www.anaesthetist.com/mnm/perl/regex.htm

FWIW, the words you're trying to catch are usually heavily obfuscated so 
simple key-word matches are usually ineffective.  A number of people 
(including myself) have written custom rulesets for SpamAssassin that you can 
just load up and save yourself a heap of time and effort.  Google for the 
"SpamAssassin Rules Emporium" and here's the shameless self-promotion:
http://files.grayonline.id.au/

Hope that helps.

Cheers,

James
-- 
Keep your eyes wide open before marriage, half shut afterwards.
  -- Benjamin Franklin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Mon Oct  3 23:30:32 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15730.1137101452.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Monday, October 03, 2005 4:53 PM:

> Hey guys,
> 
> Im not sure if this has to do with MailScanner or not,
> because its just totally beyond me, maybe you can shed some
> light or point me in the right direction. The setup is
> MailScanner pushes to exchange via Mailertable/sendmail.
> Access only has mydomain.com in it. When I telnet to the MS
> box relay-denied(good) when trying to send other than
> mydomain.net as far as i can tell, But when monitoring
> packets I see spam originating or relaying from my MS server
> to the net. It's getting me blacklisted. What kind of command
> lets people relay? thats the one thing i can't verify when
> looking through the packets. I would like the MSbox only to
> relay to my exchange server and nowhere else. The only thing
> i can think or is to put a firewall on the MS box to only
> allow outgoing to my exchange box. What would be the
> forseeable results of that? is there a better way?
> 
> -JD

/etc/mail/access should not have mydomain.com in it.

mydomain.com should be in /etc/mail/relay-domains

I suspect that someone is using your sendmail box to send out spam from
user@mydomain.com  Since you have mydomain.com in your access file, you are
allowing them to relay.  What does your maillog show?

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Tue Oct  4 00:31:08 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15731.1137101452.24926.mailscanner@lists.mailscanner.info>

>/etc/mail/access should not have mydomain.com in it.
>
>mydomain.com should be in /etc/mail/relay-domains
>
>I suspect that someone is using your sendmail box to send out spam from
>user@mydomain.com  Since you have mydomain.com in your access file, you are
>allowing them to relay.  What does your maillog show?
>
>Mike

True.your /etc/mail/access should contain only localhost and all the 
allowed relay domains should be listed in /etc/mail/relay-domains

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From david at GRECCOCONSULTING.COM  Tue Oct  4 00:33:30 2005
From: david at GRECCOCONSULTING.COM (David Grecco)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15732.1137101452.24926.mailscanner@lists.mailscanner.info>

JD,

I have the exact same setup.  Make sure you specify in the access table
of Sendmail (Spam Control if you are using Webmin) to only allow relay
from the IP of your Exchange Server (i.e. Connect:10.10.10.10	RELAY in
/etc/mail/access).  The IP will most likely be the Public IP of your
exchange server unless you are running a vpn tunnel or private
connection between the two (not a bad idea).  Also, make sure that on
your exchange server you only allow connections from the MailScanner
server.  

Hope this helps.  Feel free to contact me directly if you want me to
elaborate.

David Grecco

-----Original Message-----
From: owner-mailscanner@jiscmail.ac.uk
[mailto:owner-mailscanner@jiscmail.ac.uk] On Behalf Of JD Doelitzsch
Sent: Monday, October 03, 2005 4:53 PM
To: MailScanner mailing list
Subject: securing relay...

Hey guys,

Im not sure if this has to do with MailScanner or not, because its just
totally beyond me, maybe you can shed some light or point me in the
right
direction. The setup is MailScanner pushes to exchange via
Mailertable/sendmail. Access only has mydomain.com in it. When I telnet
to
the MS box relay-denied(good) when trying to send other than
mydomain.net as
far as i can tell, But when monitoring packets I see spam originating or
relaying from my MS server to the net. It's getting me blacklisted. What
kind of command lets people relay? thats the one thing i can't verify
when
looking through the packets. I would like the MSbox only to relay to my
exchange server and nowhere else. The only thing i can think or is to
put a
firewall on the MS box to only allow outgoing to my exchange box. What
would
be the forseeable results of that? is there a better way?

-JD

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by the GCS Mail Gateway,
and is believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by the GCS Mail Gateway,
and is believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct  4 09:16:44 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15733.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> Hey guys,
> 
> Im not sure if this has to do with MailScanner or not, because its just
> totally beyond me, maybe you can shed some light or point me in the
> right
> direction. The setup is MailScanner pushes to exchange via
> Mailertable/sendmail. Access only has mydomain.com in it. When I telnet
> to
> the MS box relay-denied(good) when trying to send other than
> mydomain.net as
> far as i can tell, But when monitoring packets I see spam originating or
> relaying from my MS server to the net. It's getting me blacklisted. What
> kind of command lets people relay? thats the one thing i can't verify
> when
> looking through the packets. I would like the MSbox only to relay to my
> exchange server and nowhere else. The only thing i can think or is to
> put a
> firewall on the MS box to only allow outgoing to my exchange box. What
> would
> be the forseeable results of that? is there a better way?
> 
> -JD

Check the results of 'telnet relay-test.mail-abuse.org' from a shell on 
your mail server..

Fix the problem for whatever is allowed to relay. Also read this once 
again if you haven't already, theres always something that you could 
have missed out on :)

http://wiki.mailscanner.info/doku.php?id=best_practices

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct  4 09:34:10 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15734.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mr. Derek Winkler <dwinkler@algorithmics.com> appears to be out of 
office for the next 2 weeks, can Mr. Root do the needful?

Someone in Toronto could also call the Help desk at 416-217-1500 Ext 
3000 and leave some high priority messages.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct  4 09:58:53 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15735.1137101452.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Mr Root strikes! And he wins :-)
(Don't mind me...)

On 4 Oct 2005, at 09:34, Dhawal Doshy wrote:

> Mr. Derek Winkler <dwinkler@algorithmics.com> appears to be out of  
> office for the next 2 weeks, can Mr. Root do the needful?
>
> Someone in Toronto could also call the Help desk at 416-217-1500  
> Ext 3000 and leave some high priority messages.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0JEUPw32o+k+q+hAQFnRQgAlk3A5bbExz5q7A76hqgAAyNOd4YjLlQX
sesvMIk/4Bb5yhvysd89MF7tELWVLkw6WVIntSS6JFLKK7cH1d0JD9brUABeVL6F
SBhD0UonzI2XVCRBUE/RjrtAVsHX6o4mrL0jFEM3Cui7Zx9QfJmkxMPLdOxV9BPh
yA98PymPBLZomvdZuAmtQlGHYNPLg6JjM8Jv1xjI3si0cVfbFKMfX+mrDnKD8KOy
CUftWNa29dynlZLsa+PiyHlxqyaNlCnG/AeC3/S+m5Ccnr7bdzBiwBJSFzGG6LDV
Lkea0xJenApfKmsdPz3XBAiBk5XMGHoXO+AZhbgR5kEeBasdGkI0Vw==
=tQPV
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct  4 10:19:27 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15736.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Tue, October 4, 2005 09:58, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Mr Root strikes! And he wins :-)
> (Don't mind me...)

Oooo the power and control of the man. Can I hear swooning from ladies all
around Southampton? I'm sure I could hear screaming along the coast here
in Brighton. Did Mr Root make a public appearance?? :-)

>
> On 4 Oct 2005, at 09:34, Dhawal Doshy wrote:
>
>> Mr. Derek Winkler <dwinkler@algorithmics.com> appears to be out of
>> office for the next 2 weeks, can Mr. Root do the needful?
>>
>> Someone in Toronto could also call the Help desk at 416-217-1500
>> Ext 3000 and leave some high priority messages.

:-D


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct  4 11:07:28 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15737.1137101452.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 4 Oct 2005, at 10:19, Drew Marshall wrote:

> On Tue, October 4, 2005 09:58, Julian Field wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> Mr Root strikes! And he wins :-)
>> (Don't mind me...)
>>
>
> Oooo the power and control of the man. Can I hear swooning from  
> ladies all
> around Southampton? I'm sure I could hear screaming along the coast  
> here
> in Brighton. Did Mr Root make a public appearance?? :-)

Nah, he just farted :-)

>
>
>>
>> On 4 Oct 2005, at 09:34, Dhawal Doshy wrote:
>>
>>
>>> Mr. Derek Winkler <dwinkler@algorithmics.com> appears to be out of
>>> office for the next 2 weeks, can Mr. Root do the needful?
>>>
>>> Someone in Toronto could also call the Help desk at 416-217-1500
>>> Ext 3000 and leave some high priority messages.
>>>
>
> :-D
>
>
> -- 
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0JUY/w32o+k+q+hAQGuSwf/cMdXzoRm5zGfieCfwRJDf9EQOLm+NILu
Uhd2+a7sqcBfaJ6wSygrj2S32+BdWUKzCsEJQkOpQySR9tN6CYqNB2uq9tX9JP2k
qGbfQRDzNjs/nr9hihhHUHlJcTcmEG00no079QUDeLcTqA+hSeWc6+kIShYRNDZE
BXQmjPrWxf8kVvNgWk4tKrMG6BkjgYv5KZS3QOiFHoRIpRDVhrS1nW2zpXlG59Ni
1DzIrcNPYaj9enD+U7TGEjxtOlUFyNQls2uuHpHqH1XfsS9nHk5Mum8FRriNIYsa
AtAvTGdKdfVwU7aQYEXnsj8SSdLjCWmUXWu5q2r/agEPZK3czGMnhw==
=QX3T
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Tue Oct  4 12:54:29 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15738.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dhawal Doshy wrote:
> 
> Check the results of 'telnet relay-test.mail-abuse.org' from a shell
> on your mail server..
> 
It should be 'telnet relay-test.mail-abuse.org 25'

Leif
  

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct  4 13:04:10 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:52 2006
Subject: securing relay...
Message-ID: <mailman.15739.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Leif Neland wrote:
> Dhawal Doshy wrote:
> 
>>
>> Check the results of 'telnet relay-test.mail-abuse.org' from a shell
>> on your mail server..
>>
> It should be 'telnet relay-test.mail-abuse.org 25'
> 
> Leif
>  
> 

No.. it is 'telnet relay-test.mail-abuse.org' without the 25, using 25 
will open a SMTP session with the MTA on their server.

[root@skynet im]# telnet relay-test.mail-abuse.org 25
Trying 168.61.4.13...
Connected to relay-test.mail-abuse.org.
Escape character is '^]'.
220 cygnus.mail-abuse.org ESMTP Postfix
quit
221 Bye
Connection closed by foreign host.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Nicolas.Schmitz at EC-NANTES.FR  Tue Oct  4 13:12:00 2005
From: Nicolas.Schmitz at EC-NANTES.FR (Nicolas Schmitz)
Date: Thu Jan 12 21:30:52 2006
Subject: ProcessClamAVOutput unrecognised line (with up-to-date clamav)
Message-ID: <mailman.15740.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,
I've got a little trouble here, from time to time I see the following 
lines in mail.log :

MailScanner[17637]: poster.pdf
MailScanner[17637]: ProcessClamAVOutput: unrecognised line "poster.pdf". 
Please contact the authors!

MailScanner (4.41.3-2) is running on Debian sarge , with latest clamav 
package from volatile : 0.87-0volatile1.

it's really annoying because I use logcheck, and I can't exclude that 
kind of lines...

Am I the only one who have this problem ?

Thanks.

-- 
Nicolas Schmitz

Centre de Ressources Informatiques 		| tel  : 02 40 37 68 06
Ecole Centrale de Nantes                 	| fax  : 02 40 37 25 78
1 rue de la Noe - BP 92101	    
44321 NANTES CEDEX 03
http://www.ec-nantes.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mikea at MIKEA.ATH.CX  Tue Oct  4 15:53:49 2005
From: mikea at MIKEA.ATH.CX (mikea)
Date: Thu Jan 12 21:30:52 2006
Subject: ProcessClamAVOutput unrecognised line (with up-to-date clamav)
Message-ID: <mailman.15741.1137101452.24926.mailscanner@lists.mailscanner.info>

On Tue, Oct 04, 2005 at 02:12:00PM +0200, Nicolas Schmitz wrote:
> Hi,
> I've got a little trouble here, from time to time I see the following 
> lines in mail.log :
> 
> MailScanner[17637]: poster.pdf
> MailScanner[17637]: ProcessClamAVOutput: unrecognised line "poster.pdf". 
> Please contact the authors!
> 
> MailScanner (4.41.3-2) is running on Debian sarge , with latest clamav 
> package from volatile : 0.87-0volatile1.
> 
> it's really annoying because I use logcheck, and I can't exclude that 
> kind of lines...
> 
> Am I the only one who have this problem ?

No. I find it merely an annoyance, though, not a problem.

Oct  4 00:35:50 isdmona MailScanner[14105]: Virus and Content Scanning: Starting 
Oct  4 00:35:51 isdmona MailScanner[14105]: /var/spool/MailScanner/incoming/14105/./j945ZnFh031367/msg-14105-159.txt: Empty file 
Oct  4 00:35:51 isdmona MailScanner[14105]: ProcessClamAVOutput: unrecognised line "/var/spool/MailScanner/incoming/14105/./j945ZnFh031367/msg-14105-159.txt: Empty file". Please contact the authors!

It appears to happen only when the spammer sends an empty attachment,
though I haven't looked into it very deeply. 

-- 
Mike Andrews, W5EGO
mikea@mikea.ath.cx
Tired old sysadmin 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kwang at UCALGARY.CA  Tue Oct  4 18:25:47 2005
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:30:52 2006
Subject: A big message overwhelmed MailScanner
Message-ID: <mailman.15742.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

We are running MailScanner 4.43.8. Our message size limit is 50M. I 
noticed a valid message was stuck in MailScanner for over an hour. The 
server's load was very high and email processing was very slow. 
Eventually I had to move it to the delivery queue manually. Does anybody 
know what's the best practice for this situation?

-rw-------    1 root     root     48384095 Oct  4 09:57 dfj94FuH024035
-rw-------    1 root     root          867 Oct  4 09:57 qfj94FuH024035

Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
DATA[24035]: j94FuH024035: from=<XXXXXX@ucalgary.ca>, size=48384415, 
class=0, nrcpts=1, msgid=<a2a2d24bbef12aafca57ff41575a2abe@ucalgary.ca>, 
proto=ESMTP, daemon=MTA, mech=PLAIN, relay=pc214-161.psych.ucalgary.ca 
[136.159.214.161]
Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
DATA[24035]: j94FuH024035: to=<XXXXXX@ucalgary.ca>, delay=00:01:03, 
mailer=relay, pri=48414415, stat=queued
Oct  4 09:57:21 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
DATA[24035]: NOQUEUE: --> 250 2.0.0 j94FuH024035 Message accepted for 
delivery
Oct  4 09:57:21 smtp1 MailScanner[7673]: Saved archive copies of 
j94FuH024035
Oct  4 10:07:39 smtp1 MailScanner[8930]: Saved archive copies of 
j94G7W029517 j94FuH024035
Oct  4 10:18:02 smtp1 MailScanner[1963]: Saved archive copies of 
j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
Oct  4 10:28:27 smtp1 MailScanner[7135]: Saved archive copies of 
j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
Oct  4 10:38:44 smtp1 MailScanner[7847]: Saved archive copies of 
j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
Oct  4 10:49:07 smtp1 MailScanner[16427]: Saved archive copies of 
j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
Oct  4 10:53:26 smtp1 MailScanner[18665]: Saved archive copies of 
j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
Oct  4 11:03:42 smtp1 MailScanner[18996]: Saved archive copies of 
j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908

Thanks

-- 
Kai Wang
System Services
Information Technologies, University of Calgary,
2500 University Drive, N.W.,
Calgary, Alberta, Canada T2N 1N4
Phone (403) 220-2423, Fax (403) 282-9361

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct  4 16:54:16 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: ProcessClamAVOutput unrecognised line (with up-to-date clamav)
Message-ID: <mailman.15743.1137101452.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 4 Oct 2005, at 15:53, mikea wrote:

> On Tue, Oct 04, 2005 at 02:12:00PM +0200, Nicolas Schmitz wrote:
>
>> Hi,
>> I've got a little trouble here, from time to time I see the following
>> lines in mail.log :
>>
>> MailScanner[17637]: poster.pdf
>> MailScanner[17637]: ProcessClamAVOutput: unrecognised line  
>> "poster.pdf".
>> Please contact the authors!
>>
>> MailScanner (4.41.3-2) is running on Debian sarge , with latest  
>> clamav
>> package from volatile : 0.87-0volatile1.
>>
>> it's really annoying because I use logcheck, and I can't exclude that
>> kind of lines...
>>
>> Am I the only one who have this problem ?
>>
>
> No. I find it merely an annoyance, though, not a problem.
>
> Oct  4 00:35:50 isdmona MailScanner[14105]: Virus and Content  
> Scanning: Starting
> Oct  4 00:35:51 isdmona MailScanner[14105]: /var/spool/MailScanner/ 
> incoming/14105/./j945ZnFh031367/msg-14105-159.txt: Empty file
> Oct  4 00:35:51 isdmona MailScanner[14105]: ProcessClamAVOutput:  
> unrecognised line "/var/spool/MailScanner/incoming/14105/./ 
> j945ZnFh031367/msg-14105-159.txt: Empty file". Please contact the  
> authors!
>
> It appears to happen only when the spammer sends an empty attachment,
> though I haven't looked into it very deeply.

Don't worry, it is quite harmless. If you want to stop it doing this,  
apply this patch:

- --- SweepViruses.pm.old    2005-07-11 16:44:22.000000000 +0100
+++ SweepViruses.pm     2005-10-04 16:52:35.874101033 +0100
@@ -2466,7 +2466,8 @@
    $logline = $line;
    $logline =~ s/%/%%/g;
    MailScanner::Log::WarnLog("ProcessClamAVOutput: unrecognised " .
- -                            "line \"$logline\". Please contact the  
authors!");
+                            "line \"$logline\". Please contact the  
authors!")
+    unless $logline =~ /Empty.*file/;
    return 0;
}

That is for /usr/lib/MailScanner/MailScanner/SweepViruses.pm. Remove  
one line and replace it with 2 new lines. Pretty obvious I hope :-)
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0Klqfw32o+k+q+hAQEscAf9Gp8BJFuF8iK29iUaWIgsf1Ke7a0Vhdif
XaPpM0E9jTWkK+7g+JFo7CgkxqeevR9/IawQkyXMV2vysC1LFWlvTitqPlKerrcV
/mEzu4hGtYXAU02Zq1DjdT8IdC6vKZK7HlI1Zk9iTliUP9j5U+mWOvva9Ow2isUb
eu1p2xLDQ4EtNitte6zv5XgI53jbbciHPD+GZMQvUuN0hqV/c2bVQGWJ6GOZSjRH
RevATtuwRhgy2ER4dK/iscpJwkMusvYgiGB+C0iJyLYH+B257WNIfLL5V1nk04Fz
0ysOoxLikULlJEFCWU/A4jNsHsRA4DIf7EYR02VMOf0cwT+Bg0jNgw==
=tJ/b
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct  4 18:52:18 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: A big message overwhelmed MailScanner
Message-ID: <mailman.15744.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 From the fact that several different MailScanner processes all tried to 
process the same message, I would say your "Lock Type" is set wrong. 
What version of sendmail are you using and what operating system and 
distribution are you using?

If you are using Linux and sendmail 8.13.1 or greater, then you need to set
    Lock Type = posix
in your MailScanner.conf. You will then need to "service MailScanner 
restart".

Kai Wang wrote:

> Hi,
>
> We are running MailScanner 4.43.8. Our message size limit is 50M. I 
> noticed a valid message was stuck in MailScanner for over an hour. The 
> server's load was very high and email processing was very slow. 
> Eventually I had to move it to the delivery queue manually. Does 
> anybody know what's the best practice for this situation?
>
> -rw-------    1 root     root     48384095 Oct  4 09:57 dfj94FuH024035
> -rw-------    1 root     root          867 Oct  4 09:57 qfj94FuH024035
>
> Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
> DATA[24035]: j94FuH024035: from=<XXXXXX@ucalgary.ca>, size=48384415, 
> class=0, nrcpts=1, 
> msgid=<a2a2d24bbef12aafca57ff41575a2abe@ucalgary.ca>, proto=ESMTP, 
> daemon=MTA, mech=PLAIN, relay=pc214-161.psych.ucalgary.ca 
> [136.159.214.161]
> Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
> DATA[24035]: j94FuH024035: to=<XXXXXX@ucalgary.ca>, delay=00:01:03, 
> mailer=relay, pri=48414415, stat=queued
> Oct  4 09:57:21 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
> DATA[24035]: NOQUEUE: --> 250 2.0.0 j94FuH024035 Message accepted for 
> delivery
> Oct  4 09:57:21 smtp1 MailScanner[7673]: Saved archive copies of 
> j94FuH024035
> Oct  4 10:07:39 smtp1 MailScanner[8930]: Saved archive copies of 
> j94G7W029517 j94FuH024035
> Oct  4 10:18:02 smtp1 MailScanner[1963]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:28:27 smtp1 MailScanner[7135]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:38:44 smtp1 MailScanner[7847]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:49:07 smtp1 MailScanner[16427]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:53:26 smtp1 MailScanner[18665]: Saved archive copies of 
> j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
> j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
> j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
> j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
> Oct  4 11:03:42 smtp1 MailScanner[18996]: Saved archive copies of 
> j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
> j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
> j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
> j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
>
> Thanks
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0LBUxH2WUcUFbZUEQKMeACgvJKpF8mRgaDLU6GJfNHuCrCm1VIAn27A
PxhZvsli7IVOF7KJEhsm/tx6
=v9LZ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From PHachey at CITY.CORNWALL.ON.CA  Tue Oct  4 21:26:49 2005
From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:30:52 2006
Subject: Workaround for MailScanner RPM installation when using 'Perl from
    source'
Message-ID: <mailman.15745.1137101452.24926.mailscanner@lists.mailscanner.info>

I have been using MailScanner for some time now.  I have it installed on a 
WhiteBox 3 (clone of RHEL 3) server.  Prior to the recent MailScanner 
upgrade (via RPMs), I had installed the most recent version of Perl 
(5.8.7) from the source available at CPAN.  In addition to the operating 
system RPM version of Perl (5.8.0) located under /usr/lib/perl5, I now 
have this new version of Perl located under /usr/local/lib/perl5.  I also 
swapped /usr/bin/perl with a symbolic link to /usr/local/bin/perl.

When MailScanner installs, it recognizes both Perls, but during the 
installation of MailScanner's included Perl RPM modules, the paths it 
decides to use for the installation are /usr/lib/perl5/5.8.7 and /usr/lib/perl5/site_perl/5.8.7 . 

POSSIBLE FIX: The correct paths would have been used if, in the spec file 
of each of the Perl RPMs, the call to 'perl Makefile.PL' did NOT include 
the PREFIX argument.

TEMPORARY WORKAROUND:  Before installing MailScanner, do the following:
# ln --symbolic /usr/local/lib/perl5/5.8.7 /usr/lib/perl5/5.8.7
# ln --symbolic /usr/local/lib/perl5/site_perl/5.8.7 
/usr/lib/perl5/site_perl/5.8.7


There is an additional problem I've noticed that, after having used CPAN 
to grab the latest version of various Perl modules, MailScanner will still 
install a lower version: those modules marked "IsABundle" in install.sh. 
Is this intentional?  Should I not be upgrading these modules via CPAN?

----------------------------------
Philip J. Hachey, BCS(High Hons)
Programmer-Analyst
City of Cornwall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Tue Oct  4 22:01:23 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:30:52 2006
Subject: OT - Anti DOS tips for sendmail configuration
Message-ID: <mailman.15746.1137101452.24926.mailscanner@lists.mailscanner.info>

Hello all,

I came across this,just wanted to share this with the list.Most of these
tips n tricks have been posted on this list already.

http://www.technoids.org/dossed.html

Thanks much,
Venkata Achanta

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kwang at UCALGARY.CA  Tue Oct  4 23:59:47 2005
From: kwang at UCALGARY.CA (Kai Wang)
Date: Thu Jan 12 21:30:52 2006
Subject: A big message overwhelmed MailScanner
Message-ID: <mailman.15747.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

We are running sendmail 8.11.7. It does not seem to be a lock problem. I 
re-put the message to the incoming queue. You can see the load went up 
quickly. According to lsof command, only one MailScanner process opened 
the qf file. After about 10 minutes, I found the MailScanner process ID 
changed from lsof command output. The original MailScanner process 
disappeared. There was another log entry. I guess the previous uvscan 
probably timed out and the original MailScanner process went away and 
released the lock.

# How to lock spool files.
# Don't set this unless you *know* you need to.
# For sendmail, it defaults to "flock".
# For sendmail 8.13 onwards, you will probably need to change it to posix.
# For Exim, it defaults to "posix".
# No other type is implemented.
Lock Type =

[root@smtp1 mqueue.in]# uname -a
Linux smtp1.ucalgary.ca 2.4.21-15.EL #1 Thu Apr 22 00:27:41 EDT 2004 
i686 i686 i386 GNU/Linux
[root@smtp1 mqueue.in]# cat /etc/redhat-release
Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
[root@smtp1 mqueue.in]# /usr/sbin/sendmail -d0.1 -bt < /dev/null
Version 8.11.7
 Compiled with: LDAPMAP MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7
                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE SASL 
SCANF
                SFIO SMTP STARTTLS TCPWRAPPERS USERDB

============ SYSTEM IDENTITY (after readcf) ============
      (short domain name) $w = smtp1
  (canonical domain name) $j = smtp1.ucalgary.ca
         (subdomain name) $m = ucalgary.ca
              (node name) $k = smtp1.ucalgary.ca
========================================================

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>

[root@smtp1 test]# ls -l /var/spool/mqueue.in/qfj94FuH024035
-rw-------    1 root     root          868 Oct  4 16:39 
/var/spool/mqueue.in/qfj94FuH024035

[root@smtp1 test]# top

 16:41:07  up 25 days, 16:25,  2 users,  load average: 5.73, 3.25, 2.52
63 processes: 59 sleeping, 4 running, 0 zombie, 0 stopped
CPU states:  cpu    user    nice  system    irq  softirq  iowait    idle
           total   84.4%    0.0%   15.2%   0.0%     0.4%    0.0%    0.0%
Mem:  2064640k av, 2043832k used,   20808k free,       0k shrd,  174268k 
buff
                   1358992k actv,  406880k in_d,   39624k in_c
Swap: 2048248k av,    1756k used, 2046492k free                 1587096k 
cached

  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU COMMAND
18369 root      25   0 24328  23M  1872 R    43.2  1.1   0:18   0 uvscan
 1234 root      20   0 18952  18M  2264 S    23.4  0.9   3:20   0 
MailScanner
 1702 root      21   0 18960  18M  2224 S     3.4  0.9   3:01   0 
MailScanner
18660 root      21   0  3996 3996  2824 R     1.6  0.1   0:00   0 sendmail
 1513 root      21   0 19236  18M  2224 S     0.2  0.9   3:10   0 
MailScanner

[root@smtp1 test]# lsof /var/spool/mqueue.in/qfj94FuH024035
COMMAND    PID USER   FD   TYPE DEVICE SIZE  NODE NAME
MailScann 6523 root    6uW  REG    8,7  868 95817 
/var/spool/mqueue.in/qfj94FuH024035

[root@smtp1 test]# lsof /var/spool/mqueue.in/qfj94FuH024035
COMMAND    PID USER   FD   TYPE DEVICE SIZE  NODE NAME
MailScann 1395 root    6uW  REG    8,7  868 95817 
/var/spool/mqueue.in/qfj94FuH024035
[root@smtp1 test]# ps -ef | grep MailScan
root     18664     1  0 10:53 ?        00:00:00 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      1024 18664  2 14:54 ?        00:03:01 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      1133 18664  3 14:54 ?        00:03:52 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      1234 18664  3 14:54 ?        00:03:38 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      1277 18664  2 14:54 ?        00:03:17 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      1395 18664  3 14:54 ?        00:04:03 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      1513 18664  3 14:55 ?        00:03:36 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      1702 18664  2 14:55 ?        00:03:25 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      2220 18664  3 14:56 ?        00:03:39 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root      9999 18664  3 15:12 ?        00:03:26 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root     21822 18664  2 16:50 ?        00:00:05 /usr/bin/perl 
-I/usr/lib/MailScanner /usr/sbin/MailScanner 
/etc/MailScanner/MailScanner.conf
root     22995 28404  0 16:53 pts/0    00:00:00 grep MailScan

Oct  4 16:40:05 smtp1 MailScanner[6523]: Saved archive copies of 
j94Me2J18130 j94Me2J18147 j94Me1J18118 j94Me1J18120 j94Me1J18042 
j94Me2J18139 j94Me3J18155 j94Me2J18137 j94Me3J18153 j94Me2J18133 
j94Me2J18149 j94Me2J18131 j94FuH024035 j94Me2J18128 j94Me2J18126 
j94Me1J18116 j94Me1J18114 j94Me3J18157 j94Me2J18141 j94Me2J18151 
j94Me1J18122 j94Me2J18135 j94Me2J18145 j94Me2J18124
Oct  4 16:50:35 smtp1 MailScanner[1395]: Saved archive copies of 
j94Me2J18130 j94Me2J18147 j94Me1J18118 j94Me1J18120 j94Me1J18042 
j94Me2J18139 j94Me3J18155 j94Me2J18137 j94Me3J18153 j94Me2J18133 
j94Me2J18149 j94Me2J18131 j94FuH024035 j94Me2J18128 j94Me2J18126 
j94Me1J18116 j94Me1J18114 j94Me3J18157 j94Me2J18141 j94Me2J18151 
j94Me1J18122 j94Me2J18135 j94Me2J18145 j94Me2J18124




Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
> From the fact that several different MailScanner processes all tried to 
>process the same message, I would say your "Lock Type" is set wrong. 
>What version of sendmail are you using and what operating system and 
>distribution are you using?
>
>If you are using Linux and sendmail 8.13.1 or greater, then you need to set
>    Lock Type = posix
>in your MailScanner.conf. You will then need to "service MailScanner 
>restart".
>
>Kai Wang wrote:
>
>  
>
>>Hi,
>>
>>We are running MailScanner 4.43.8. Our message size limit is 50M. I 
>>noticed a valid message was stuck in MailScanner for over an hour. The 
>>server's load was very high and email processing was very slow. 
>>Eventually I had to move it to the delivery queue manually. Does 
>>anybody know what's the best practice for this situation?
>>
>>-rw-------    1 root     root     48384095 Oct  4 09:57 dfj94FuH024035
>>-rw-------    1 root     root          867 Oct  4 09:57 qfj94FuH024035
>>
>>Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
>>DATA[24035]: j94FuH024035: from=<XXXXXX@ucalgary.ca>, size=48384415, 
>>class=0, nrcpts=1, 
>>msgid=<a2a2d24bbef12aafca57ff41575a2abe@ucalgary.ca>, proto=ESMTP, 
>>daemon=MTA, mech=PLAIN, relay=pc214-161.psych.ucalgary.ca 
>>[136.159.214.161]
>>Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
>>DATA[24035]: j94FuH024035: to=<XXXXXX@ucalgary.ca>, delay=00:01:03, 
>>mailer=relay, pri=48414415, stat=queued
>>Oct  4 09:57:21 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
>>DATA[24035]: NOQUEUE: --> 250 2.0.0 j94FuH024035 Message accepted for 
>>delivery
>>Oct  4 09:57:21 smtp1 MailScanner[7673]: Saved archive copies of 
>>j94FuH024035
>>Oct  4 10:07:39 smtp1 MailScanner[8930]: Saved archive copies of 
>>j94G7W029517 j94FuH024035
>>Oct  4 10:18:02 smtp1 MailScanner[1963]: Saved archive copies of 
>>j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
>>j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>Oct  4 10:28:27 smtp1 MailScanner[7135]: Saved archive copies of 
>>j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
>>j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>Oct  4 10:38:44 smtp1 MailScanner[7847]: Saved archive copies of 
>>j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
>>j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>Oct  4 10:49:07 smtp1 MailScanner[16427]: Saved archive copies of 
>>j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
>>j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>Oct  4 10:53:26 smtp1 MailScanner[18665]: Saved archive copies of 
>>j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
>>j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
>>j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
>>j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
>>Oct  4 11:03:42 smtp1 MailScanner[18996]: Saved archive copies of 
>>j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
>>j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
>>j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
>>j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
>>
>>Thanks
>>
>>    
>>
>
>- -- 
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.2 (Build 2424)
>
>iQA/AwUBQ0LBUxH2WUcUFbZUEQKMeACgvJKpF8mRgaDLU6GJfNHuCrCm1VIAn27A
>PxhZvsli7IVOF7KJEhsm/tx6
>=v9LZ
>-----END PGP SIGNATURE-----
>
>  
>

-- 
Kai Wang
System Services
Information Technologies, University of Calgary,
2500 University Drive, N.W.,
Calgary, Alberta, Canada T2N 1N4
Phone (403) 220-2423, Fax (403) 282-9361

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct  5 00:02:42 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:52 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15748.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Just getting a feel at which greylist solutions are used by the esteemed
recipients of this list.
Especially interested in sendmail milters.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Wed Oct  5 02:45:28 2005
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:52 2006
Subject: A big message overwhelmed MailScanner
Message-ID: <mailman.15749.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Take the user out back and beat them with a clue stick.

I had a client that specifically asked me *not* to put any size 
restrictions on his e-mail whatsoever. One day, a user decided to send 
her entire Outlook file (almost 2gb) to another user; she said she 
needed that other user to have a copy of all her e-mail and contacts, 
etc.  The server started to choke; even so, she managed to send *another 
copy* of her PST file since it had been "more than 5 minutes since she 
sent the first one and it hadn't arrived". She was used to the 
near-instantaneous response time provided by a finely tuned server.

Needless to say, caps were put at the MTA level (50MB) and at the 
individual user level using rulesets. My experience is that you should, 
at least for the sake of your server's health - not to mention bandwidth 
- limit your message sizes to something less than half the RAM 
available. Any message with attachments over 100MB in size means your 
users are in desperate need of a more reliable file transfer solution, 
such as (s)ftp. Even corporate intranets using php to upload files are 
prone to this, that's why PHP usually defaults to 8M max uploads.


Kai Wang wrote:
> Hi,
>
> We are running MailScanner 4.43.8. Our message size limit is 50M. I 
> noticed a valid message was stuck in MailScanner for over an hour. The 
> server's load was very high and email processing was very slow. 
> Eventually I had to move it to the delivery queue manually. Does 
> anybody know what's the best practice for this situation?
>
> -rw-------    1 root     root     48384095 Oct  4 09:57 dfj94FuH024035
> -rw-------    1 root     root          867 Oct  4 09:57 qfj94FuH024035
>
> Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
> DATA[24035]: j94FuH024035: from=<XXXXXX@ucalgary.ca>, size=48384415, 
> class=0, nrcpts=1, 
> msgid=<a2a2d24bbef12aafca57ff41575a2abe@ucalgary.ca>, proto=ESMTP, 
> daemon=MTA, mech=PLAIN, relay=pc214-161.psych.ucalgary.ca 
> [136.159.214.161]
> Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
> DATA[24035]: j94FuH024035: to=<XXXXXX@ucalgary.ca>, delay=00:01:03, 
> mailer=relay, pri=48414415, stat=queued
> Oct  4 09:57:21 smtp1 pc214-161.psych.ucalgary.ca [136.159.214.161]: 
> DATA[24035]: NOQUEUE: --> 250 2.0.0 j94FuH024035 Message accepted for 
> delivery
> Oct  4 09:57:21 smtp1 MailScanner[7673]: Saved archive copies of 
> j94FuH024035
> Oct  4 10:07:39 smtp1 MailScanner[8930]: Saved archive copies of 
> j94G7W029517 j94FuH024035
> Oct  4 10:18:02 smtp1 MailScanner[1963]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:28:27 smtp1 MailScanner[7135]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:38:44 smtp1 MailScanner[7847]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:49:07 smtp1 MailScanner[16427]: Saved archive copies of 
> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893 
> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
> Oct  4 10:53:26 smtp1 MailScanner[18665]: Saved archive copies of 
> j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
> j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
> j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
> j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
> Oct  4 11:03:42 smtp1 MailScanner[18996]: Saved archive copies of 
> j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517 
> j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907 
> j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912 
> j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
>
> Thanks
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Wed Oct  5 03:04:50 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:52 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15750.1137101452.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Tuesday, October 04, 2005 6:03 PM:

> Just getting a feel at which greylist solutions are used by
> the esteemed recipients of this list.
> Especially interested in sendmail milters.
> 

I use milter-sender

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Wed Oct  5 03:08:42 2005
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:52 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15751.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It seems snertsoft is charging for it now. I know I've downloaded it and 
I probably have a copy of it lying around somewhere... I've been 
thinking of installing it on a couple of places where spam is most 
troublesome, except modifying the callback routine so it comes from 
<postmaster@mydomain.com> instead of <> because of non-RFC-compliant ISP 
MTAs.

Mike Kercher wrote:
> MailScanner mailing list <> scribbled on Tuesday, October 04, 2005 6:03 PM:
>
>   
>> Just getting a feel at which greylist solutions are used by
>> the esteemed recipients of this list.
>> Especially interested in sendmail milters.
>>
>>     
>
> I use milter-sender
>
> Mike
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>   

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Wed Oct  5 03:09:38 2005
From: alex at nkpanama.com (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:52 2006
Subject: Anyone has milter-sender? Can you send one?
Message-ID: <mailman.15752.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Like I mentioned on another thread, I *may* have a copy lying around 
somewhere. I'll have a look and let you know.

Jose Nathaniel Nengasca wrote:
> Hi, 
>
>  
>
> Do anyone has a milter-sender? The version before the official stable
> release. 
>
>  
>
> Thanks
>
>  
>
>  
>
>  
>
> JOSE NATHANIEL G. NENGASCA
>
> Network Administrator
>
> San Sebastian College-Recoletos
>
> Manila
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>   

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From james at GRAYONLINE.ID.AU  Wed Oct  5 04:24:57 2005
From: james at GRAYONLINE.ID.AU (James Gray)
Date: Thu Jan 12 21:30:52 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15753.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wednesday 05 October 2005 09:02, Scott Silva wrote:
> Just getting a feel at which greylist solutions are used by the esteemed
> recipients of this list.
> Especially interested in sendmail milters.

We use milter-greylist on both our sendmail gateways (one FreeBSD, the other 
is CentOS).  Compiled the latest version from source so we can use extended 
regex in our configuration files.  The results have been good:
Spam reduction:  ~30-50%
Virus reduction: ~15-20%
(compared to total spam/viruses before the greylist, ie, not a %-age of total 
mail volume).  As always, the biggest bonus is that all this happens at the 
MTA level saving MailScanner the hassle.

The biggest problems we've had stem from the assumption amongst users that 
e-mail is actually some sort of instant-messaging.  If a message didn't 
arrive within X-seconds, they would log a help desk call!  Despite much 
education and assurance that once the mail (sender+recipient+originating SMTP 
host tuple) had been "learned" there would be no further delays as long as 
the sender sent you mail at least once a month (our autolearned-whitelist 
forgets unused entries older than 30 days).

Our solution was simply to not greylist mail from key clients' domains[1] and 
to manually whitelist a few internal mail accounts (mostly sales people).  
Beyond that, we simply ignored most cries for help from the user population 
until after a week-or-so to give the greylist a chance to "learn" the mail 
patterns.  Surprisingly, this worked - after a week, the flood of "my e-mail 
hasn't arrived" messages dried up. :)

Once these little niggles were sorted, we've been very impressed with the 
results.  The two mail gateways synchronise their autowhite-lists etc too.  
So if a sender gets auto-learned on the primary MX, then tries the secondary, 
they get through without delay there too.  Same rules apply for all 
auto-entries.  So if they try on the primary and get a 451-temporarily 
unavailable, then come back after the set time interval but on the secondary, 
they will still get through on the secondary (even though they originally hit 
the primary).

Grey listing can have some weird (but predictable) side-effects too.  Consider 
the following:

Jill is a user from snafu.foo who sends a message to Barry at fubar.bar.  
After a delay, the grey list lets Jill's mail through to Barry.  Jill and 
Barry exchange e-mail from now on without delay.  Jill sends another message 
to Fred at fubar.bar and CC'ed Barry.  The CC'ed message to Barry goes 
straight through but the message to Fred is delayed.  Barry talks to Fred 
about the message from Jill, but Fred says "WTF?!".  Jill gets a phone call 
from Fred and all three start annoying the IT people until (mysteriously) the 
message to Fred is delivered!

Education is the key I think, but we all know how reluctant lusers are to have 
$CLUE imparted.

Cheers,

James

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From augustin.siaens at AQUADEV.ORG  Wed Oct  5 10:07:35 2005
From: augustin.siaens at AQUADEV.ORG (augustin siaens)
Date: Thu Jan 12 21:30:52 2006
Subject: spam scanning blocked regularly
Message-ID: <mailman.15754.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi there,

It appears that my MailScanner has some problems. Every 2 days, it seems 
that MailScanner doesn't scan mail anymore for spams (antivirus seems 
OK). I have to stop the server, then I also have to stop sendmail (I 
know I shouldn't but it seems to be ON). Once I restart MailScanner 
scanning is OK. I don't understand what is wrong and more importantly 
how to spot the problem. In the log everything seems fine and then 
suddenly no more scanning!

here are the running processes

[root@server1 root]# ps aux | grep mail
smmsp    28794  0.0  0.1  7296 1996 ?        S    Oct04   0:00 sendmail: 
Queue runner@01:00:00 for /var/spool/clientmqueue
root      6377  0.0  0.2  7700 2592 ?        S    08:40   0:00 sendmail: 
accepting connections                             
smmsp     6382  0.0  0.2  7628 2264 ?        S    08:40   0:00 sendmail: 
Queue runner@00:15:00 for /var/spool/clientmqueue 
root      6388  0.0  0.2  6992 2352 ?        S    08:40   0:00 sendmail: 
Queue runner@00:15:00 for /var/spool/mqueue
root      6389  0.0  0.2  7736 3008 ?        S    08:40   0:00 sendmail: 
./j935jSwC007162 mail.spamrejection.com.: client DATA status
root      6503  0.0  0.0  4608  688 pts/0    S    08:53   0:00 grep mail

Ususally I was killing these processes and scanning was back on track 
but restarting server (yes, sendmail too) seems to do the trick.

sendmail 8.12.10
MailScanner 4.45
SA 3.1

-- 
Augustin Siaens
AQUADEV
Rue des Carmélites 151 Karmelietenstraat
1180 Bruxelles - Brussel
Tel: +32 2 347 70 00
Fax: +32 2 347 00 36

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct  5 08:59:25 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: Workaround for MailScanner RPM installation when using 'Perl
    from source'
Message-ID: <mailman.15755.1137101452.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

What's wrong with
./install.sh --perl=/usr/local/bin/perl
?

On 4 Oct 2005, at 21:26, Philip Hachey wrote:

> I have been using MailScanner for some time now.  I have it  
> installed on a
> WhiteBox 3 (clone of RHEL 3) server.  Prior to the recent MailScanner
> upgrade (via RPMs), I had installed the most recent version of Perl
> (5.8.7) from the source available at CPAN.  In addition to the  
> operating
> system RPM version of Perl (5.8.0) located under /usr/lib/perl5, I now
> have this new version of Perl located under /usr/local/lib/perl5.   
> I also
> swapped /usr/bin/perl with a symbolic link to /usr/local/bin/perl.
>
> When MailScanner installs, it recognizes both Perls, but during the
> installation of MailScanner's included Perl RPM modules, the paths it
> decides to use for the installation are /usr/lib/perl5/5.8.7 and / 
> usr/lib/perl5/site_perl/5.8.7 .
>
> POSSIBLE FIX: The correct paths would have been used if, in the  
> spec file
> of each of the Perl RPMs, the call to 'perl Makefile.PL' did NOT  
> include
> the PREFIX argument.
>
> TEMPORARY WORKAROUND:  Before installing MailScanner, do the  
> following:
> # ln --symbolic /usr/local/lib/perl5/5.8.7 /usr/lib/perl5/5.8.7
> # ln --symbolic /usr/local/lib/perl5/site_perl/5.8.7
> /usr/lib/perl5/site_perl/5.8.7
>
>
> There is an additional problem I've noticed that, after having used  
> CPAN
> to grab the latest version of various Perl modules, MailScanner  
> will still
> install a lower version: those modules marked "IsABundle" in  
> install.sh.
> Is this intentional?  Should I not be upgrading these modules via  
> CPAN?
>
> ----------------------------------
> Philip J. Hachey, BCS(High Hons)
> Programmer-Analyst
> City of Cornwall
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0OH3vw32o+k+q+hAQHJJAf9Hn+I5t2A/uGSgeGD/58Wg1Ic1AcVCs1U
QSIIZ5c25/DleXQa2KzxHpYs9kHki/BisrdXOo4e2QHHfq5nxkAo1/iAwohV04/d
Ehtv+4G6MQIb2PqEgivFFRWdjpzn0DAS3fOnDBT98fPv6y38vOSygONtkqsA3Ez5
F04xzkZQwHkPVK09JN2Q8m7hjc3KHsVzU8gZMjFw0SM7n0EWrk2LrVkUzGM6BCnB
qZUQAR3BK0auKLktNbONyLqHIsCvoEhCZJBf1lBNuvvVNBTF8Q1sLc0YP9CfUbXa
N897FWVrbK78oqKCwcXBFEmJIKAvq4z8EMNR0UMpKO0JiPJBCLRzcQ==
=k9nD
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct  5 09:03:00 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: A big message overwhelmed MailScanner
Message-ID: <mailman.15756.1137101452.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

What happens if you set Debug = yes and then do a check_mailscanner  
(after killing all MailScanner processes). I would be interested to  
hear what error it finally bombs out on. Almost certainly out of  
memory for something.

On 4 Oct 2005, at 23:59, Kai Wang wrote:

> We are running sendmail 8.11.7. It does not seem to be a lock  
> problem. I re-put the message to the incoming queue. You can see  
> the load went up quickly. According to lsof command, only one  
> MailScanner process opened the qf file. After about 10 minutes, I  
> found the MailScanner process ID changed from lsof command output.  
> The original MailScanner process disappeared. There was another log  
> entry. I guess the previous uvscan probably timed out and the  
> original MailScanner process went away and released the lock.
>
> # How to lock spool files.
> # Don't set this unless you *know* you need to.
> # For sendmail, it defaults to "flock".
> # For sendmail 8.13 onwards, you will probably need to change it to  
> posix.
> # For Exim, it defaults to "posix".
> # No other type is implemented.
> Lock Type =
>
> [root@smtp1 mqueue.in]# uname -a
> Linux smtp1.ucalgary.ca 2.4.21-15.EL #1 Thu Apr 22 00:27:41 EDT  
> 2004 i686 i686 i386 GNU/Linux
> [root@smtp1 mqueue.in]# cat /etc/redhat-release
> Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
> [root@smtp1 mqueue.in]# /usr/sbin/sendmail -d0.1 -bt < /dev/null
> Version 8.11.7
> Compiled with: LDAPMAP MAP_REGEX LOG MATCHGECOS MIME7TO8 MIME8TO7
>                NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS QUEUE  
> SASL SCANF
>                SFIO SMTP STARTTLS TCPWRAPPERS USERDB
>
> ============ SYSTEM IDENTITY (after readcf) ============
>      (short domain name) $w = smtp1
>  (canonical domain name) $j = smtp1.ucalgary.ca
>         (subdomain name) $m = ucalgary.ca
>              (node name) $k = smtp1.ucalgary.ca
> ========================================================
>
> ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
> Enter <ruleset> <address>
>
> [root@smtp1 test]# ls -l /var/spool/mqueue.in/qfj94FuH024035
> -rw-------    1 root     root          868 Oct  4 16:39 /var/spool/ 
> mqueue.in/qfj94FuH024035
>
> [root@smtp1 test]# top
>
> 16:41:07  up 25 days, 16:25,  2 users,  load average: 5.73, 3.25, 2.52
> 63 processes: 59 sleeping, 4 running, 0 zombie, 0 stopped
> CPU states:  cpu    user    nice  system    irq  softirq  iowait     
> idle
>           total   84.4%    0.0%   15.2%   0.0%     0.4%    0.0%     
> 0.0%
> Mem:  2064640k av, 2043832k used,   20808k free,       0k shrd,   
> 174268k buff
>                   1358992k actv,  406880k in_d,   39624k in_c
> Swap: 2048248k av,    1756k used, 2046492k free                  
> 1587096k cached
>
>  PID USER     PRI  NI  SIZE  RSS SHARE STAT %CPU %MEM   TIME CPU  
> COMMAND
> 18369 root      25   0 24328  23M  1872 R    43.2  1.1   0:18   0  
> uvscan
> 1234 root      20   0 18952  18M  2264 S    23.4  0.9   3:20   0  
> MailScanner
> 1702 root      21   0 18960  18M  2224 S     3.4  0.9   3:01   0  
> MailScanner
> 18660 root      21   0  3996 3996  2824 R     1.6  0.1   0:00   0  
> sendmail
> 1513 root      21   0 19236  18M  2224 S     0.2  0.9   3:10   0  
> MailScanner
>
> [root@smtp1 test]# lsof /var/spool/mqueue.in/qfj94FuH024035
> COMMAND    PID USER   FD   TYPE DEVICE SIZE  NODE NAME
> MailScann 6523 root    6uW  REG    8,7  868 95817 /var/spool/ 
> mqueue.in/qfj94FuH024035
>
> [root@smtp1 test]# lsof /var/spool/mqueue.in/qfj94FuH024035
> COMMAND    PID USER   FD   TYPE DEVICE SIZE  NODE NAME
> MailScann 1395 root    6uW  REG    8,7  868 95817 /var/spool/ 
> mqueue.in/qfj94FuH024035
> [root@smtp1 test]# ps -ef | grep MailScan
> root     18664     1  0 10:53 ?        00:00:00 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      1024 18664  2 14:54 ?        00:03:01 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      1133 18664  3 14:54 ?        00:03:52 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      1234 18664  3 14:54 ?        00:03:38 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      1277 18664  2 14:54 ?        00:03:17 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      1395 18664  3 14:54 ?        00:04:03 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      1513 18664  3 14:55 ?        00:03:36 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      1702 18664  2 14:55 ?        00:03:25 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      2220 18664  3 14:56 ?        00:03:39 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root      9999 18664  3 15:12 ?        00:03:26 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root     21822 18664  2 16:50 ?        00:00:05 /usr/bin/perl -I/ 
> usr/lib/MailScanner /usr/sbin/MailScanner /etc/MailScanner/ 
> MailScanner.conf
> root     22995 28404  0 16:53 pts/0    00:00:00 grep MailScan
>
> Oct  4 16:40:05 smtp1 MailScanner[6523]: Saved archive copies of  
> j94Me2J18130 j94Me2J18147 j94Me1J18118 j94Me1J18120 j94Me1J18042  
> j94Me2J18139 j94Me3J18155 j94Me2J18137 j94Me3J18153 j94Me2J18133  
> j94Me2J18149 j94Me2J18131 j94FuH024035 j94Me2J18128 j94Me2J18126  
> j94Me1J18116 j94Me1J18114 j94Me3J18157 j94Me2J18141 j94Me2J18151  
> j94Me1J18122 j94Me2J18135 j94Me2J18145 j94Me2J18124
> Oct  4 16:50:35 smtp1 MailScanner[1395]: Saved archive copies of  
> j94Me2J18130 j94Me2J18147 j94Me1J18118 j94Me1J18120 j94Me1J18042  
> j94Me2J18139 j94Me3J18155 j94Me2J18137 j94Me3J18153 j94Me2J18133  
> j94Me2J18149 j94Me2J18131 j94FuH024035 j94Me2J18128 j94Me2J18126  
> j94Me1J18116 j94Me1J18114 j94Me3J18157 j94Me2J18141 j94Me2J18151  
> j94Me1J18122 j94Me2J18135 j94Me2J18145 j94Me2J18124
>
>
>
>
> Julian Field wrote:
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> From the fact that several different MailScanner processes all  
>> tried to process the same message, I would say your "Lock Type" is  
>> set wrong. What version of sendmail are you using and what  
>> operating system and distribution are you using?
>>
>> If you are using Linux and sendmail 8.13.1 or greater, then you  
>> need to set
>>    Lock Type = posix
>> in your MailScanner.conf. You will then need to "service  
>> MailScanner restart".
>>
>> Kai Wang wrote:
>>
>>
>>
>>> Hi,
>>>
>>> We are running MailScanner 4.43.8. Our message size limit is 50M.  
>>> I noticed a valid message was stuck in MailScanner for over an  
>>> hour. The server's load was very high and email processing was  
>>> very slow. Eventually I had to move it to the delivery queue  
>>> manually. Does anybody know what's the best practice for this  
>>> situation?
>>>
>>> -rw-------    1 root     root     48384095 Oct  4 09:57  
>>> dfj94FuH024035
>>> -rw-------    1 root     root          867 Oct  4 09:57  
>>> qfj94FuH024035
>>>
>>> Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca  
>>> [136.159.214.161]: DATA[24035]: j94FuH024035:  
>>> from=<XXXXXX@ucalgary.ca>, size=48384415, class=0, nrcpts=1,  
>>> msgid=<a2a2d24bbef12aafca57ff41575a2abe@ucalgary.ca>,  
>>> proto=ESMTP, daemon=MTA, mech=PLAIN,  
>>> relay=pc214-161.psych.ucalgary.ca [136.159.214.161]
>>> Oct  4 09:57:20 smtp1 pc214-161.psych.ucalgary.ca  
>>> [136.159.214.161]: DATA[24035]: j94FuH024035:  
>>> to=<XXXXXX@ucalgary.ca>, delay=00:01:03, mailer=relay,  
>>> pri=48414415, stat=queued
>>> Oct  4 09:57:21 smtp1 pc214-161.psych.ucalgary.ca  
>>> [136.159.214.161]: DATA[24035]: NOQUEUE: --> 250 2.0.0  
>>> j94FuH024035 Message accepted for delivery
>>> Oct  4 09:57:21 smtp1 MailScanner[7673]: Saved archive copies of  
>>> j94FuH024035
>>> Oct  4 10:07:39 smtp1 MailScanner[8930]: Saved archive copies of  
>>> j94G7W029517 j94FuH024035
>>> Oct  4 10:18:02 smtp1 MailScanner[1963]: Saved archive copies of  
>>> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893  
>>> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>> Oct  4 10:28:27 smtp1 MailScanner[7135]: Saved archive copies of  
>>> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893  
>>> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>> Oct  4 10:38:44 smtp1 MailScanner[7847]: Saved archive copies of  
>>> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893  
>>> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>> Oct  4 10:49:07 smtp1 MailScanner[16427]: Saved archive copies of  
>>> j94GHv001891 j94G7W029517 j94FuH024035 j94GHx001902 j94GHv001893  
>>> j94GHx001907 j94GHx001912 j94GHt001887 j94GHx001908
>>> Oct  4 10:53:26 smtp1 MailScanner[18665]: Saved archive copies of  
>>> j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517  
>>> j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907  
>>> j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912  
>>> j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
>>> Oct  4 11:03:42 smtp1 MailScanner[18996]: Saved archive copies of  
>>> j94GHv001891 j94GrOJ18662 j94Gr0018612 j94Gqt018568 j94G7W029517  
>>> j94FuH024035 j94GHx001902 j94Gqv018575 j94GHv001893 j94GHx001907  
>>> j94Gqv018574 j94Gqt018562 j94Gqq018538 j94Gqr018549 j94GHx001912  
>>> j94Gqr018543 j94Gqp018536 j94GHt001887 j94GHx001908
>>>
>>> Thanks
>>>
>>>
>>>
>>
>> - -- Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> Professional Support Services at www.MailScanner.biz
>> MailScanner thanks transtec Computers for their support
>>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.2 (Build 2424)
>>
>> iQA/AwUBQ0LBUxH2WUcUFbZUEQKMeACgvJKpF8mRgaDLU6GJfNHuCrCm1VIAn27A
>> PxhZvsli7IVOF7KJEhsm/tx6
>> =v9LZ
>> -----END PGP SIGNATURE-----
>>
>>
>>
>
> -- 
> Kai Wang
> System Services
> Information Technologies, University of Calgary,
> 2500 University Drive, N.W.,
> Calgary, Alberta, Canada T2N 1N4
> Phone (403) 220-2423, Fax (403) 282-9361
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0OItvw32o+k+q+hAQGIPQf/SBb0VnjGKYNihxsczauX4pf+zdnQDcwQ
Zc0ei0Uj/mROw6IFOvB60FusG3je7D+VKptyrPfsaW7dotND0xVb0bIM+oZE9laA
uHkqxdTUIilBGa5wMdDyZedYOfh8lw0fdlRE/PUg6p3Q7K74A2NV5xxwIbHJx1GR
HFGYWLHoaXMXmDpSbP/Xo+vrub3/aa8eBHDdx7O0TTdDbgfNPc2ZQCHcmzwr17sG
R0Zw3dHcErQRzFsioOps8+rOPe229CPclC10mQz/zVa9Z/+CFccdp7/pjfkNy7qu
0XSt1qMh3gQ3tf2GZsSZbJyaUaa71j1wTpqIFNzxwZgjeHom9MwdTg==
=3MP3
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Nicolas.Schmitz at EC-NANTES.FR  Wed Oct  5 09:03:50 2005
From: Nicolas.Schmitz at EC-NANTES.FR (Nicolas Schmitz)
Date: Thu Jan 12 21:30:52 2006
Subject: ProcessClamAVOutput unrecognised line (with up-to-date clamav)
Message-ID: <mailman.15757.1137101452.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>Don't worry, it is quite harmless. If you want to stop it doing this,  
>apply this patch:
>
>- --- SweepViruses.pm.old    2005-07-11 16:44:22.000000000 +0100
>+++ SweepViruses.pm     2005-10-04 16:52:35.874101033 +0100
>@@ -2466,7 +2466,8 @@
>    $logline = $line;
>    $logline =~ s/%/%%/g;
>    MailScanner::Log::WarnLog("ProcessClamAVOutput: unrecognised " .
>- -                            "line \"$logline\". Please contact the  
>authors!");
>+                            "line \"$logline\". Please contact the  
>authors!")
>+    unless $logline =~ /Empty.*file/;
>    return 0;
>}
>
>That is for /usr/lib/MailScanner/MailScanner/SweepViruses.pm. Remove  
>one line and replace it with 2 new lines. Pretty obvious I hope :-)
>
Helllo, thanks for the answer.

But I don't think /Empty.*file/ will match

MailScanner[17637]: poster.pdf
MailScanner[17637]: ProcessClamAVOutput: unrecognised line  
"poster.pdf".


There is two different problems : one with "Empty file" and one with 
only the name of a file.
I know it's harmless, but I use logcheck (http://logcheck.org/), and I 
can't find a valid regexp to exclude that kind of line, without 
excluding all the MailScanner log !

Thanks.

-- 
Nicolas Schmitz

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Q.G.Campbell at NEWCASTLE.AC.UK  Wed Oct  5 09:34:01 2005
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:30:52 2006
Subject: MS 4.46.4-2 & SA 3.1.0 - still get warning from SA
Message-ID: <mailman.15758.1137101452.24926.mailscanner@lists.mailscanner.info>

Have installed the latest MS alongside SA 3.1.0.

What can be done to get rid of the warnings (see below) from SA when you
run "SpamAssassin -D"? 

...
[32293] warn: Use of uninitialized value in pattern match (m//) at
/usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line
870.
[32293] warn: Use of uninitialized value in concatenation (.) or string
at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line
944.
...

An earlier posting from Julian implied these messages would go away with
the latest MS. Can't see why though as this appears to be a problem with
SA, not MS. 

For completeness, details of the set up on the machine in question:

[root@cheviot69 MailScanner]# MailScanner -V
Running on
Linux cheviot69.ncl.ac.uk 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST
2005 i686 i686 i386 GNU/Linux
This is Red Hat Enterprise Linux AS release 4 (Nahant)
This is Perl version 5.008005 (5.8.5)

This is MailScanner version 4.46.2
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.810   DB_File
1.08    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.10    Digest::SHA1
0.44    Inline
0.17    Mail::ClamAV
3.001000        Mail::SpamAssassin
1.997   Mail::SPF::Query
0.15    Net::CIDR::Lite
0.48    Net::DNS
0.31    Net::LDAP
1.94    Parse::RecDescent
missing SAVI
1.2     Sys::Hostname::Long
2.42    Test::Harness
0.47    Test::Simple
1.95    Text::Balanced
1.35    URI


Quentin 
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
Any opinion expressed above is mine. The University can get its own. 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct  5 09:38:45 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:52 2006
Subject: MS 4.46.4-2 & SA 3.1.0 - still get warning from SA
Message-ID: <mailman.15759.1137101452.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

There was a line in SA which caused MailScanner to complain. That's  
what I stopped. These two remaining ones are harmless little things  
in SA.
They will probably fix them in the next release, I would guess.

On 5 Oct 2005, at 09:34, Quentin Campbell wrote:

> Have installed the latest MS alongside SA 3.1.0.
>
> What can be done to get rid of the warnings (see below) from SA  
> when you
> run "SpamAssassin -D"?
>
> ...
> [32293] warn: Use of uninitialized value in pattern match (m//) at
> /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm line
> 870.
> [32293] warn: Use of uninitialized value in concatenation (.) or  
> string
> at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/PerMsgStatus.pm  
> line
> 944.
> ...
>
> An earlier posting from Julian implied these messages would go away  
> with
> the latest MS. Can't see why though as this appears to be a problem  
> with
> SA, not MS.
>
> For completeness, details of the set up on the machine in question:
>
> [root@cheviot69 MailScanner]# MailScanner -V
> Running on
> Linux cheviot69.ncl.ac.uk 2.6.9-5.ELsmp #1 SMP Wed Jan 5 19:30:39 EST
> 2005 i686 i686 i386 GNU/Linux
> This is Red Hat Enterprise Linux AS release 4 (Nahant)
> This is Perl version 5.008005 (5.8.5)
>
> This is MailScanner version 4.46.2
> Module versions are:
> 1.00    AnyDBM_File
> 1.14    Archive::Zip
> 1.03    Carp
> 1.119   Convert::BinHex
> 1.00    DirHandle
> 1.05    Fcntl
> 2.73    File::Basename
> 2.08    File::Copy
> 2.01    FileHandle
> 1.06    File::Path
> 0.14    File::Temp
> 1.29    HTML::Entities
> 3.45    HTML::Parser
> 2.30    HTML::TokeParser
> 1.21    IO
> 1.10    IO::File
> 1.123   IO::Pipe
> 1.50    Mail::Header
> 3.05    MIME::Base64
> 5.417   MIME::Decoder
> 5.417   MIME::Decoder::UU
> 5.417   MIME::Head
> 5.417   MIME::Parser
> 3.03    MIME::QuotedPrint
> 5.417   MIME::Tools
> 0.10    Net::CIDR
> 1.08    POSIX
> 1.77    Socket
> 0.05    Sys::Syslog
> 1.02    Time::localtime
>
> Optional module versions are:
> 0.17    Convert::TNEF
> 1.810   DB_File
> 1.08    Digest
> 1.01    Digest::HMAC
> 2.33    Digest::MD5
> 2.10    Digest::SHA1
> 0.44    Inline
> 0.17    Mail::ClamAV
> 3.001000        Mail::SpamAssassin
> 1.997   Mail::SPF::Query
> 0.15    Net::CIDR::Lite
> 0.48    Net::DNS
> 0.31    Net::LDAP
> 1.94    Parse::RecDescent
> missing SAVI
> 1.2     Sys::Hostname::Long
> 2.42    Test::Harness
> 0.47    Test::Simple
> 1.95    Text::Balanced
> 1.35    URI
>
>
> Quentin
> ---
> PHONE: +44 191 222 8209    Information Systems and Services (ISS),
>                            University of Newcastle,
>                            Newcastle upon Tyne,
> FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
> ---------------------------------------------------------------------- 
> --
> Any opinion expressed above is mine. The University can get its own.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0ORF/w32o+k+q+hAQGGqwf/cZzowoAj3OATZq30WzcSgNBtV76sszJE
g/0SVljgZHAEXY2/izQw5TDVBXWVV5NBilwh0/tq4EX2mfW5rlILK+2j+I2PVWlA
YZidZ+bMDNi7aPPQnq4wNc6F33uTrLqpo+p1kn2ebGHqe5AY5Gi6OQFmG6yOjXf9
aGHXcc9taX3hyWccdfA6qfiJH3WPjCFLn8QFTG0+O+poCRRKATgzFn8/FN6SnTN2
qbvSogz/ZyqKSvfSES6wlrA6vCJMjHZ4p0kUDggDmibvzyOQlbYiWodTkPBYm37R
H+LzXSSLcGqRYIy6Q7y4GRxUtMoXBSqSIK4s4V/Tkk0zq1WSnJcznQ==
=th+e
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From stef at L5NET.NET  Wed Oct  5 11:56:38 2005
From: stef at L5NET.NET (Stef Morrell)
Date: Thu Jan 12 21:30:52 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15760.1137101452.24926.mailscanner@lists.mailscanner.info>

James Gray [james@GRAYONLINE.ID.AU] wrote:
> On Wednesday 05 October 2005 09:02, Scott Silva wrote:
>> Just getting a feel at which greylist solutions are used by the
>> esteemed recipients of this list.
>> Especially interested in sendmail milters.

Postfix shop here, so we're using postgrey.

> Grey listing can have some weird (but predictable)
> side-effects too.  Consider the following:
> 
> Jill is a user from snafu.foo who sends a message to Barry at
> fubar.bar. After a delay, the grey list lets Jill's mail through to
> Barry.  Jill and Barry exchange e-mail from now on without
> delay.  Jill sends another message to Fred at fubar.bar and
> CC'ed Barry.  The CC'ed message to Barry goes straight
> through but the message to Fred is delayed.  Barry talks to
> Fred about the message from Jill, but Fred says "WTF?!".
> Jill gets a phone call from Fred and all three start annoying
> the IT people until (mysteriously) the message to Fred is delivered!

Interesting comedy behaviour :)

Postgrey works somewhat differently. Rather than auto-whitelisting by
recipient, it auto-whitelists by server, which IMHO is more sensible. In
the scenario above, after the first email from Jenny, fubar.bar's
incoming mail server would trust mail from snafu.foo's outgoing server
and thus accept mail for both Barry and Fred.

> Education is the key I think, but we all know how reluctant
> lusers are to have $CLUE imparted.

I find that the general response... "Your email has been delayed, it
will come through soon, it's to help reduce your spam." ...works pretty
well. Anything which gives users less crap tends to be well received,
even if there is a slight inconvenience.

Stef
Stefan Morrell		| Director
Tel: 0870 365 2813	| Level 5 Internet Ltd
Fax: 0192 450 7307	| Part of the Alpha Omega Group
stef@l5net.net		| stef@aoc-uk.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From stef at L5NET.NET  Wed Oct  5 12:14:00 2005
From: stef at L5NET.NET (Stef Morrell)
Date: Thu Jan 12 21:30:52 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15761.1137101452.24926.mailscanner@lists.mailscanner.info>

> sensible. In the scenario above, after the first email from Jenny,

oops... 

s/Jenny/Jill/

Stefan Morrell		| Director
Tel: 0870 365 2813	| Level 5 Internet Ltd
Fax: 0192 450 7307	| Part of the Alpha Omega Group
stef@l5net.net		| stef@aoc-uk.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From phachey at CITY.CORNWALL.ON.CA  Wed Oct  5 18:52:00 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:30:53 2006
Subject: Workaround for MailScanner RPM installation when using 'Perl
    from source'
Message-ID: <mailman.15762.1137101453.24926.mailscanner@lists.mailscanner.info>

That is not a recognized option for install.sh.  The only available options
are "nodeps", "ingore-perl", and "fast".  That might be a nice option to
have -- although it's likely easier just to remove the PREFIX variable in
the RPM spec files and let the perl binary decide upon paths.

On Wed, 5 Oct 2005 08:59:25 +0100, Julian Field
<MailScanner@ECS.SOTON.AC.UK> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>What's wrong with
>./install.sh --perl=/usr/local/bin/perl
>?
>
>On 4 Oct 2005, at 21:26, Philip Hachey wrote:
>
>> I have been using MailScanner for some time now.  I have it
>> installed on a
>> WhiteBox 3 (clone of RHEL 3) server.  Prior to the recent MailScanner
>> upgrade (via RPMs), I had installed the most recent version of Perl
>> (5.8.7) from the source available at CPAN.  In addition to the
>> operating
>> system RPM version of Perl (5.8.0) located under /usr/lib/perl5, I now
>> have this new version of Perl located under /usr/local/lib/perl5.
>> I also
>> swapped /usr/bin/perl with a symbolic link to /usr/local/bin/perl.
>>
>> When MailScanner installs, it recognizes both Perls, but during the
>> installation of MailScanner's included Perl RPM modules, the paths it
>> decides to use for the installation are /usr/lib/perl5/5.8.7 and /
>> usr/lib/perl5/site_perl/5.8.7 .
>>
>> POSSIBLE FIX: The correct paths would have been used if, in the
>> spec file
>> of each of the Perl RPMs, the call to 'perl Makefile.PL' did NOT
>> include
>> the PREFIX argument.
>>
>> TEMPORARY WORKAROUND:  Before installing MailScanner, do the
>> following:
>> # ln --symbolic /usr/local/lib/perl5/5.8.7 /usr/lib/perl5/5.8.7
>> # ln --symbolic /usr/local/lib/perl5/site_perl/5.8.7
>> /usr/lib/perl5/site_perl/5.8.7
>>
>>
>> There is an additional problem I've noticed that, after having used
>> CPAN
>> to grab the latest version of various Perl modules, MailScanner
>> will still
>> install a lower version: those modules marked "IsABundle" in
>> install.sh.
>> Is this intentional?  Should I not be upgrading these modules via
>> CPAN?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From PHachey at CITY.CORNWALL.ON.CA  Wed Oct  5 20:03:35 2005
From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:30:53 2006
Subject: Suggestion: configuration option for ClamAV paths
Message-ID: <mailman.15763.1137101453.24926.mailscanner@lists.mailscanner.info>

I'd like to suggest the addition of two configuration options in 
MailScanner.conf:

ClamAV Log File
======================
Custom path for ClamAV log file (or perhaps any virus scanner).  For 
example, I have changed 
$LogFile = "/tmp/ClamAV.update.log";
to
$LogFile = "/var/log/clamav/freshclam.log";
in /usr/lib/MailScanner/clamav-autoupdate

ClamAV Work Dir
===============
It's nice to have ClamAV work in a tmpfs filesystem.  For example, I have 
changed
TempDir="/tmp/clamav.$$"
to
TempDir="/dev/shm/clamav.$$"
in /usr/lib/MailScanner/clamav-wrapper

Regards,
----------------------------------
Philip J. Hachey, BCS(High Hons)
Programmer-Analyst
City of Cornwall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Wed Oct  5 20:18:58 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: Suggestion: configuration option for ClamAV paths
Message-ID: <mailman.15764.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Hachey wrote:
> ClamAV Work Dir
> ===============
> It's nice to have ClamAV work in a tmpfs filesystem.  For example, I have 
> changed
> TempDir="/tmp/clamav.$$"
> to
> TempDir="/dev/shm/clamav.$$"
> in /usr/lib/MailScanner/clamav-wrapper
>   
Would this be needed if one is using ClamAVmodule?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cstone at AXINT.NET  Wed Oct  5 20:27:36 2005
From: cstone at AXINT.NET (Chris Stone)
Date: Thu Jan 12 21:30:53 2006
Subject: Anyone has milter-sender? Can you send one?
Message-ID: <mailman.15765.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 04 October 2005 08:09 pm, Alex Neuman van der Hans wrote:
> Like I mentioned on another thread, I *may* have a copy lying around
> somewhere. I'll have a look and let you know.
>

You can get it from http://www.axint.net/downloads/milter-sender-0.62.tgz


Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDRCkuG4PxJjbMvv0RAmnOAJ0bwwvbPRnsGaML60pMJOLQvBYjkACbBgVh
gaw621NIHgpfT/wKbtfYeI4=
=DVnC
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jd at BARITEC.COM  Wed Oct  5 21:22:07 2005
From: jd at BARITEC.COM (JD Doelitzsch)
Date: Thu Jan 12 21:30:53 2006
Subject: securing relay...
Message-ID: <mailman.15766.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks again guys, I checked the relay using those site and it seems to be
secure. I think what might be happening is my MS box takes any email then
forwards it to my winbox which will accept or deny depending on if there is
such a user. If no user my MS box tries to return to sender and so it looks
like spam is going out. Is this a possible scenario? would this generate
enough returned email that is spam to blacklist me? I am considering using
milter-ahead as a possible fix. What do you think?

-JD

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Dhawal Doshy
Sent: Tuesday, October 04, 2005 1:17 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: securing relay...


> Hey guys,
>
> Im not sure if this has to do with MailScanner or not, because its just
> totally beyond me, maybe you can shed some light or point me in the
> right
> direction. The setup is MailScanner pushes to exchange via
> Mailertable/sendmail. Access only has mydomain.com in it. When I telnet
> to
> the MS box relay-denied(good) when trying to send other than
> mydomain.net as
> far as i can tell, But when monitoring packets I see spam originating or
> relaying from my MS server to the net. It's getting me blacklisted. What
> kind of command lets people relay? thats the one thing i can't verify
> when
> looking through the packets. I would like the MSbox only to relay to my
> exchange server and nowhere else. The only thing i can think or is to
> put a
> firewall on the MS box to only allow outgoing to my exchange box. What
> would
> be the forseeable results of that? is there a better way?
>
> -JD

Check the results of 'telnet relay-test.mail-abuse.org' from a shell on
your mail server..

Fix the problem for whatever is allowed to relay. Also read this once
again if you haven't already, theres always something that you could
have missed out on :)

http://wiki.mailscanner.info/doku.php?id=best_practices

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct  5 22:44:15 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15767.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have two mostly identical systems, but one has recently stopped
hitting the SURBL hits in spamassassin.
I re-installed spamassasin, and diffed the configs between the two
systems, but can't find the problem.
I can lint a test message on the non-working spamassassin and the
SURBL's hit.

My next try is to re-install Net::DNS.
Any other ideas?

MailScanner is latest stable
Spamassassin 3.1.0
ClamAV 0.87
All installed from Julian's tarball.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Wed Oct  5 23:01:00 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15768.1137101453.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Wednesday, October 05, 2005 4:44
PM:

> I have two mostly identical systems, but one has recently
> stopped hitting the SURBL hits in spamassassin.
> I re-installed spamassasin, and diffed the configs between
> the two systems, but can't find the problem.
> I can lint a test message on the non-working spamassassin and
> the SURBL's hit.
> 
> My next try is to re-install Net::DNS.
> Any other ideas?
> 
> MailScanner is latest stable
> Spamassassin 3.1.0
> ClamAV 0.87
> All installed from Julian's tarball.
> 


Is it possible you are being hit by the fact that Cogent and Level3
de-peered today?  This is killing me as some of my customers are unable to
even check their email!

http://status.cogento.com

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct  5 23:15:20 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15769.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mike Kercher spake the following on 10/5/2005 3:01 PM:
> MailScanner mailing list <> scribbled on Wednesday, October 05, 2005 4:44
> PM:
> 
> 
>>I have two mostly identical systems, but one has recently
>>stopped hitting the SURBL hits in spamassassin.
>>I re-installed spamassasin, and diffed the configs between
>>the two systems, but can't find the problem.
>>I can lint a test message on the non-working spamassassin and
>>the SURBL's hit.
>>
>>My next try is to re-install Net::DNS.
>>Any other ideas?
>>
>>MailScanner is latest stable
>>Spamassassin 3.1.0
>>ClamAV 0.87
>>All installed from Julian's tarball.
>>
> 
> 
> 
> Is it possible you are being hit by the fact that Cogent and Level3
> de-peered today?  This is killing me as some of my customers are unable to
> even check their email!
> 
> http://status.cogento.com
> 
> Mike
> 
Both my hosts are on MCI / whoever they are this week.
One works, one quit about a week ago.
Just noticed as the same spam seemed to score too differently on each.

After reinstalling Net::DNS, I got lint errors with spamassassin, so now
I'm re-installing it again to see what's up.



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter at UCGBOOK.COM  Wed Oct  5 23:35:49 2005
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:30:53 2006
Subject: Suggestion: configuration option for ClamAV paths
Message-ID: <mailman.15770.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Hachey wrote:
> It's nice to have ClamAV work in a tmpfs filesystem.  For example, I have 
> changed
> TempDir="/tmp/clamav.$$"

If you used Solaris that would be a tmpfs file system. ;-)

-- 
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kevins at BMRB.CO.UK  Wed Oct  5 23:41:09 2005
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:30:53 2006
Subject: CentOS 4.1 final w/posix lock still having issues
Message-ID: <mailman.15771.1137101453.24926.mailscanner@lists.mailscanner.info>

On Wed, 2005-10-05 at 10:17 -0400, Richard D Alloway wrote:
> But, I still get deliveries with the dreaded "Message body disappears" errors.
...
> What should I look for at this point?

Wild shot in the dark, from the one time I saw this myself (very long
time ago).  Make sure that sendmail is being started from the
MailScanner startup scripts and that you have the noetrn option on in
that startup script (its there by default so it should be...).  Also
worth grepping the logs for etrn, just in case the command line option
isn't being honoured for some reason.  You don't want to let folks use
etrn!

Probably not your problem, but doesn't hurt to check.

=================================================================

BMRB 
http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct  5 23:31:01 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15772.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva spake the following on 10/5/2005 2:44 PM:
> I have two mostly identical systems, but one has recently stopped
> hitting the SURBL hits in spamassassin.
> I re-installed spamassasin, and diffed the configs between the two
> systems, but can't find the problem.
> I can lint a test message on the non-working spamassassin and the
> SURBL's hit.
> 
> My next try is to re-install Net::DNS.
> Any other ideas?
> 
> MailScanner is latest stable
> Spamassassin 3.1.0
> ClamAV 0.87
> All installed from Julian's tarball.
> 
Now I have;
Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus"
Not sure what module is hosed.
-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From maillists at CONACTIVE.COM  Thu Oct  6 00:17:59 2005
From: maillists at CONACTIVE.COM (Kai Schaetzl)
Date: Thu Jan 12 21:30:53 2006
Subject: Workaround for MailScanner RPM installation when using 'Perl
    from source'
Message-ID: <mailman.15773.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Hachey wrote on         Tue, 4 Oct 2005 16:26:49 -0400:

> There is an additional problem I've noticed that, after having used CPAN 
> to grab the latest version of various Perl modules, MailScanner will still 
> install a lower version: those modules marked "IsABundle" in install.sh. 
> Is this intentional?  Should I not be upgrading these modules via CPAN?

If you do know you have "everything onboard" simply install "rpm -uvh 
--nodeps" the MailScanner rpm and nothing else!

Kai

-- 
Kai Schätzl, Berlin, Germany
Get your web at Conactive Internet Services: http://www.conactive.com
IE-Center: http://ie5.de & http://msie.winware.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 00:18:32 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15774.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:
> Scott Silva spake the following on 10/5/2005 2:44 PM:
>   
>> I have two mostly identical systems, but one has recently stopped
>> hitting the SURBL hits in spamassassin.
>> I re-installed spamassasin, and diffed the configs between the two
>> systems, but can't find the problem.
>> I can lint a test message on the non-working spamassassin and the
>> SURBL's hit.
>>
>> My next try is to re-install Net::DNS.
>> Any other ideas?
>>
>> MailScanner is latest stable
>> Spamassassin 3.1.0
>> ClamAV 0.87
>> All installed from Julian's tarball.
>>
>>     
> Now I have;
> Can't locate object method "check_uridnsbl" via package
> "Mail::SpamAssassin::PerMsgStatus"
> Not sure what module is hosed.
>   
Whenever I've had problems like that I look up all the modules that are 
required by every part (spamassassin, mailscanner, etc.) and perl -MCPAN 
-e 'install Whatever::Module' one by one.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 00:20:22 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: Workaround for MailScanner RPM installation when using 'Perl
    from source'
Message-ID: <mailman.15775.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Kai Schaetzl wrote:
> Philip Hachey wrote on         Tue, 4 Oct 2005 16:26:49 -0400:
>
>   
>> There is an additional problem I've noticed that, after having used CPAN 
>> to grab the latest version of various Perl modules, MailScanner will still 
>> install a lower version: those modules marked "IsABundle" in install.sh. 
>> Is this intentional?  Should I not be upgrading these modules via CPAN?
>>     
>
> If you do know you have "everything onboard" simply install "rpm -uvh 
> --nodeps" the MailScanner rpm and nothing else!
>
> Kai
>
>   
And if you're still in doubt, perl -MCPAN -e 'install 
whatever::isneeded' when if MailScanner complains or if you want to 
really make sure.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 00:41:50 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15776.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman spake the following on 10/5/2005 4:18 PM:
> Scott Silva wrote:
> 
>> Scott Silva spake the following on 10/5/2005 2:44 PM:
>>  
>>
>>> I have two mostly identical systems, but one has recently stopped
>>> hitting the SURBL hits in spamassassin.
>>> I re-installed spamassasin, and diffed the configs between the two
>>> systems, but can't find the problem.
>>> I can lint a test message on the non-working spamassassin and the
>>> SURBL's hit.
>>>
>>> My next try is to re-install Net::DNS.
>>> Any other ideas?
>>>
>>> MailScanner is latest stable
>>> Spamassassin 3.1.0
>>> ClamAV 0.87
>>> All installed from Julian's tarball.
>>>
>>>     
>>
>> Now I have;
>> Can't locate object method "check_uridnsbl" via package
>> "Mail::SpamAssassin::PerMsgStatus"
>> Not sure what module is hosed.
>>   
> 
> Whenever I've had problems like that I look up all the modules that are
> required by every part (spamassassin, mailscanner, etc.) and perl -MCPAN
> -e 'install Whatever::Module' one by one.
> 
Whatever hosed this system seemed to happen at the upgrade to
spamassassin 3.1.0.
I'll have to hack at it again tomorrow.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Thu Oct  6 02:32:19 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:30:53 2006
Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive" Targets
    Microsoft Access Vulnerability (fwd)
Message-ID: <mailman.15777.1137101453.24926.mailscanner@lists.mailscanner.info>

Gang,

FYI below.  In the course of attempting to figure out what an mdb file
is, I stumbled across this website, telling what types of attachments
Outlook 2003 blocks.  Wow, what a list...

http://office.microsoft.com/en-us/assistance/HA011402971033.aspx

Jeff Earickson
Colby College

---------- Forwarded message ----------
Date: Thu, 06 Oct 2005 10:04:05 +1000
From: AusCERT <auscert@auscert.org.au>
To: national-alerts@auscert.org.au
Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive" Targets
     Microsoft Access Vulnerability

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                        AL-2005.0030 -- AUSCERT ALERT
           Trojan "Hesive" Targets Microsoft Access Vulnerability
                               4 October 2005

===========================================================================

         AusCERT Alert Summary
         ---------------------

Product:           Microsoft Access
Operating System:  Windows
Impact:            Administrator Compromise
Access:            Remote/Unauthenticated
Member-only until: Thursday, October 06 2005

OVERVIEW:

     A new trojan, Hesive, targets a flaw in Microsoft Access that allows a
     remote attacker to execute arbitrary code or commands in the context of
     the currently logged in user. The vulnerability exploited by this trojan
     is five months old, and no patch is currently available.

     The trojan requires a local user to open a specially crafted Access .mdb
     file. This file can be received via email. Once activated, it opens a
     backdoor onto the system to allow further access to the remote attacker.


IMPACT:

     While the trojan itself performs minimal actions on the infected system,
     it allows a remote attacker to access the system. Since many home users
     log on to Windows as an Administrator level user, this is effectively an
     Administrator Compromise.

     The trojan itself is simple to remove using an antivirus product, however
     actions taken by a remote attacker through the back door the trojan sets
     up are unpredictable and may not be reversible.


MITIGATION:

     Treat Microsoft Office files as you would an executable program - do not
     open Office files that you have received from an unknown, untrusted or
     unexpected source, especially Access '.mdb' files.

     Ensure Windows Update is enabled on your systems so that any updates to
     fix this problem are installed.


REFERENCES:

     Symantec Virus Definition:
       http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hesive.html

     SecurityFocus:
       http://www.securityfocus.com/news/11335

     Secunia:
       http://secunia.com/advisories/14896/

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

         http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                 AusCERT personnel answer during Queensland business hours
                 which are GMT+10:00 (AEST).
                 On call after hours for member emergencies only.
===========================================================================


-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQ0Rp9Ch9+71yA2DNAQMxyQP/czgdZNIbzc3mK5xk6kSV9agUWPqe6lxq
cguUcWHRLPQI437an3urcpepZXTozrhrBDW2h1+C+sxaMxe4os9Cy1B12TeJrR8j
TUNYZGBbKKL5b/MK0nTdWZlHTIQGKBPYrZcR8QLBoMYVKnR41/GXXR1TANc3WqfC
UFZ1gGTUntk=
=sEsT
-----END PGP SIGNATURE-----

AusCERT is the national computer emergency response team for Australia.  We
monitor various sources around the globe and provide reliable and independent
information about serious computer network threats and vulnerabilities.
AusCERT, which is a not-for-profit organisation, operates a cost-recovery
service for its members and a smaller free security bulletin service to
subscribers of the National Alerts Service.

In the interests of protecting your information systems and keeping up to date
with relevant information to protect your information systems, you should be
aware that not all security bulletins published or distributed by AusCERT are
included in the National Alert Service.  AusCERT may publish and distribute
bulletins to its members which contain information about serious computer
network threats and vulnerabilities that could affect your information
systems. Many of these security bulletins are publicly accessible from our web
site.

AusCERT maintains the mailing list for access to National Alerts Service
security bulletins. If you are subscribed to the National Alerts Service and
wish to cancel your subscription to this service, please follow the
instructions at:

         http://www.auscert.org.au/msubmit.html?it=3058

Previous security bulletins published or distributed as part of the National
Alerts Service can be retrieved from:

         http://national.auscert.org.au/render.html?cid=2998

Previous security bulletins published or distributed by AusCERT can be
retrieved from:

         http://www.auscert.org.au/render.html?cid=1

If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:

         http://national.auscert.org.au/render.html?it=3192

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Thu Oct  6 08:55:13 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15778.1137101453.24926.mailscanner@lists.mailscanner.info>

Try a "MailScanner -v" and a 

"spamassassin -p /etc/MailScanner/spam.assassin.prefs.com -D --lint"

To clues as to whats broke.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Scott Silva
Sent: 05 October 2005 23:31
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Spamassassin woes

Scott Silva spake the following on 10/5/2005 2:44 PM:
> I have two mostly identical systems, but one has recently stopped
> hitting the SURBL hits in spamassassin.
> I re-installed spamassasin, and diffed the configs between the two
> systems, but can't find the problem.
> I can lint a test message on the non-working spamassassin and the
> SURBL's hit.
> 
> My next try is to re-install Net::DNS.
> Any other ideas?
> 
> MailScanner is latest stable
> Spamassassin 3.1.0
> ClamAV 0.87
> All installed from Julian's tarball.
> 
Now I have;
Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus"
Not sure what module is hosed.
-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Wed Oct  5 13:00:02 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:30:53 2006
Subject: Mailscanner disturbs my domainkey?
Message-ID: <mailman.15779.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

John Rudd wrote:
> On Oct 1, 2005, at 6:31 AM, Julian Field wrote:
>>> In any case, any good info, pointers, tips on getting domainkeys to
>>> work using sendmail+MailScanner would be appreciated. I've already
>>> set up SPF, but having domainkeys as well would be a plus.
>>
>>  From what I have seen over the past 20 years or so is that the usual
>> practice is to put "Received" headers at the top, and all X- headers
>> and
>> other header modifications at the bottom. If they produce one
>> exception saying that all new headers must be before the domainkeys
>> header, then how many others are there likely to be in future? They
>> have somewhat changed the rules.
>>
>
> There's no "somewhat" about it.  If you embrace DomainKeys, then you
> have to accept that the rules have changed.
>
> With DomainKeys, all new headers have to be added above the DomainKeys
> header (the easiest way is to add them to the beginning of all of the
> headers; this is what the new spamassassin does).  You also may not
> modify the subject, change the body content, because you may not
> modify anything after the DomainKeys header.
>
>
> So, when MailScanner wants to modify the body of a message, you would
> almost want-to/have-to get rid of the DomainKey header.  ...

The DomainKey header is:
DomainKey-Signature: a=rsa-sha1; s=arnold; d=neland.dk; c=nofws; q=dns;
    h=message-id:from:to:cc:references:subject:date:
    mime-version:content-type:content-transfer-encoding:x-priority:
    x-msmail-priority:x-mailer:xmimeole;
    b=kntlhXWmVzOKnkd73K3EKoPUvQz7zUokFzY97EYK5EoWvIBuaQ+sQrfS6VFLdp6LE
    lsy+qDYuED3/4uLnbygcQ==

AFAICR that means that domainkey verification only looks at the headers 
mentioned above, and the rest, and the body may be freely modified.
But isn't there a risk for the content-transfer-encoding to change, eg from 
qp to 8-bit?

Leif


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ralloway at WINBEAM.COM  Wed Oct  5 15:17:08 2005
From: ralloway at WINBEAM.COM (Richard D Alloway)
Date: Thu Jan 12 21:30:53 2006
Subject: CentOS 4.1 final w/posix lock still having issues
Message-ID: <mailman.15780.1137101453.24926.mailscanner@lists.mailscanner.info>

Hi.

I have 6 SMTP gateway servers, each running either RH9, FC1, FC2 or (as of a 
few days ago) CentOS4.1final.

They all use the same MailScanner.conf file which explicitly states:

Lock Type = posix

This appears to be honored correctly:

Oct  5 04:05:55 smtp-gateway-5 MailScanner[23752]: Using locktype = posix
Oct  5 04:05:55 smtp-gateway-5 MailScanner[23752]: Creating hardcoded 
struct_flock subroutine for linux (Linux-type)

But, I still get deliveries with the dreaded "Message body disappears" errors.

Here are the logs showing this:

Oct  5 04:05:53 smtp-gateway-5 sendmail[23744]: j957uWFm017187: SYSERR(root): 
readqf: cannot open ./dfj957uWFm017187: No such file or directory
Oct  5 04:05:53 smtp-gateway-5 sendmail[23744]: j957uWFm017187: 
to=<michael@xxxx.com>, delay=00:09:19, xdelay=00:00:00, mailer=smtp, 
pri=125159, relay=mail.xxxxxx.net. [64.84.xx.xx], dsn=2.0.0, stat=Sent (ok 
1128499555 qp 15073)

Oct  5 04:05:53 smtp-gateway-5 sendmail[23744]: j957ulAU017283: SYSERR(root): 
readqf: cannot open ./dfj957ulAU017283: No such file or directory
Oct  5 04:05:53 smtp-gateway-5 sendmail[23744]: j957ulAU017283: 
to=<kelsimon@xxxx.com>, delay=00:09:06, xdelay=00:00:00, mailer=esmtp, 
pri=156080, relay=mailin-01.mx.xxxxx.net. [205.188.156.185], dsn=2.0.0, 
stat=Sent (OK)

I'm using:

CentOS release 4.1 (Final) - Kernel 2.6.9
MailScanner-4.42.9-1
spamassassin-3.0.4-1.i386.rpm
perl-Mail-SpamAssassin-3.0.4-1.i386.rpm
spamassassin-tools-3.0.4-1.i386.rpm
sendmail 8.13.2
 	Compiled with: DNSMAP LOG MATCHGECOS MILTER MIME7TO8 MIME8TO7
 		NAMED_BIND NETINET NETUNIX NEWDB PIPELINING SCANF USERDB XDEBUG


What should I look for at this point?

Thanks!

-Rich

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Oct  5 15:52:33 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner ANNOUNCE: 4.46.2 release
Message-ID: <mailman.15781.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I have just released the latest stable version of MailScanner, 4.46.2.
>
>Download as usual from www.mailscanner.info
>
>The Change Log is pretty small this month, things have been quiet. The 
>important bit for Postfix users is a fix involving the internal TNEF 
>expander. Also SpamAssassin 3.1.0 is supported and doesn't generate any 
>warnings.
>
>The full Change Log is this:
>* New Features and Improvements *
>- - Improved phishing net JavaScript detection to make reports more sensible.
>- - Loads of additions to phishing net safe sites list (thanks Denis!).
>- - Improved Install-Clam-SA package so that it sets up your /etc/ld.so.conf
>  file for you, by adding /usr/local/lib if necessary.
>- - Increased the default expansion factor of archives for the clamav scanner.
>- - Removed -j3 from call to Kaspersky in kaspersky-wrapper, on advice from
>  Kaspersky users.
>
>* Fixes *
>- - Fixed problem with a few TNEF files and the internal TNEF decoder,
>  caused occasional crashes.
>- - Fixed warnings with numeric tests in a couple of places.
>- - Tested against SpamAssassin 3.1.0, one minor problem found and fixed.
>- - Fixed minor bug in "actions" parser in ZMailer support code.
>
>
>  
>
Julian,

Do I need to run install.sh if I upgrade from mailscanner-4.44.6-2 or 
will a rpm -Uvh mailscanner-4.46.2-2.noarch.rpm do?

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]


From gmatt at NERC.AC.UK  Thu Oct  6 11:52:49 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:30:53 2006
Subject: sophos and glibc resolved?
Message-ID: <mailman.15782.1137101453.24926.mailscanner@lists.mailscanner.info>

Is the problem with the glibc version of Sophos resolved yet?

There was a problem with the glibc version of sophos and it appeared to
be broken on many modern linux distros. The solution was to use the
(allegedly slower) libc6 version. Any update?

GREG
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Thu Oct  6 13:41:08 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:30:53 2006
Subject: 4.46.2: updates to perl modules
Message-ID: <mailman.15783.1137101453.24926.mailscanner@lists.mailscanner.info>

Julian,

In my monthly review of current perl modules used by MailScanner,
I found on CPAN:

                  your    latest
module          version  version
---------------------------------
Compress-zlib    1.34      1.40
Archive-Zip      1.14      1.16
File-Spec        0.82      0.90
HTML-Tagset      3.03      3.04
IO-stringy       2.108     2.110
MailTools        1.50      1.67
Mime-tools       5.417     5.418
Net-CIDR         0.10      0.11
TimeDate         1.1301    1.16

I am running the latest versions with MS 4.46.2 on Solaris
9 with no problems.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brose at MED.WAYNE.EDU  Thu Oct  6 13:55:35 2005
From: brose at MED.WAYNE.EDU (Rose, Bobby)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner and Logwatch
Message-ID: <mailman.15784.1137101453.24926.mailscanner@lists.mailscanner.info>

Recently, we've migrated our gateway from Solaris to Linux and before I
go munging the script/confs is there a simple switch to disable the
reporting of unmatched entries for MailScanner?

Thanks
-=B

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 14:58:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner ANNOUNCE: 4.46.2 release
Message-ID: <mailman.15785.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 5 Oct 2005, at 15:52, Denis Beauchemin wrote:

> Julian Field wrote:
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I have just released the latest stable version of MailScanner,  
>> 4.46.2.
>>
>> Download as usual from www.mailscanner.info
>>
>> The Change Log is pretty small this month, things have been quiet.  
>> The important bit for Postfix users is a fix involving the  
>> internal TNEF expander. Also SpamAssassin 3.1.0 is supported and  
>> doesn't generate any warnings.
>>
>>
> Julian,
>
> Do I need to run install.sh if I upgrade from mailscanner-4.44.6-2  
> or will a rpm -Uvh mailscanner-4.46.2-2.noarch.rpm do?

You should be able to just rpm -Uvh it from 4.44 to 4.46. But  
generally I advise people to run ./install.sh anyway. You can speed  
it up a lot by doing "./install.sh fast".

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0UtiPw32o+k+q+hAQF51ggAplvVuEvqZJAUNhH3/8rVDr3jO0H5383/
x+N1OGGHo2oJmGkp28XR3QuCWEV4cOq50LJFuU7PVeqmVqRGVnoHEJ5/LJffkGpC
cdlMXMG8d0rAXOhcwvB51L5QKvCtHZsjLF2TQLfm+5P7HtQ2dxWFlFV6Cka7Or5x
u96fNAlPgRbup9QaK1aGxcH57HB353/vw+0Xhg5ip9UpmPTN2GQhNo+7bDzIzt6S
6ny7Xor1nA0U90zqFH7O960m7qMNaLv35jWNbfaFEj9Esz39U5ZmylxaTfGHzMwf
zJzdYxcrDIB1QAnc/E2lGrJB6ltbceKrvhSKS64NvZQbnULLZDq3gw==
=jlKI
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 15:01:34 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Workaround for MailScanner RPM installation when using 'Perl
    from source'
Message-ID: <mailman.15786.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Yes, sorry, you are quite right. The ClamAV+SA package has a --perl  
option, but the main MailScanner one doesn't.

On 5 Oct 2005, at 18:52, Philip Hachey wrote:

> That is not a recognized option for install.sh.  The only available  
> options
> are "nodeps", "ingore-perl", and "fast".  That might be a nice  
> option to
> have -- although it's likely easier just to remove the PREFIX  
> variable in
> the RPM spec files and let the perl binary decide upon paths.
>
> On Wed, 5 Oct 2005 08:59:25 +0100, Julian Field
> <MailScanner@ECS.SOTON.AC.UK> wrote:
>
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> What's wrong with
>> ./install.sh --perl=/usr/local/bin/perl
>> ?
>>
>> On 4 Oct 2005, at 21:26, Philip Hachey wrote:
>>
>>
>>> I have been using MailScanner for some time now.  I have it
>>> installed on a
>>> WhiteBox 3 (clone of RHEL 3) server.  Prior to the recent  
>>> MailScanner
>>> upgrade (via RPMs), I had installed the most recent version of Perl
>>> (5.8.7) from the source available at CPAN.  In addition to the
>>> operating
>>> system RPM version of Perl (5.8.0) located under /usr/lib/perl5,  
>>> I now
>>> have this new version of Perl located under /usr/local/lib/perl5.
>>> I also
>>> swapped /usr/bin/perl with a symbolic link to /usr/local/bin/perl.
>>>
>>> When MailScanner installs, it recognizes both Perls, but during the
>>> installation of MailScanner's included Perl RPM modules, the  
>>> paths it
>>> decides to use for the installation are /usr/lib/perl5/5.8.7 and /
>>> usr/lib/perl5/site_perl/5.8.7 .
>>>
>>> POSSIBLE FIX: The correct paths would have been used if, in the
>>> spec file
>>> of each of the Perl RPMs, the call to 'perl Makefile.PL' did NOT
>>> include
>>> the PREFIX argument.
>>>
>>> TEMPORARY WORKAROUND:  Before installing MailScanner, do the
>>> following:
>>> # ln --symbolic /usr/local/lib/perl5/5.8.7 /usr/lib/perl5/5.8.7
>>> # ln --symbolic /usr/local/lib/perl5/site_perl/5.8.7
>>> /usr/lib/perl5/site_perl/5.8.7
>>>
>>>
>>> There is an additional problem I've noticed that, after having used
>>> CPAN
>>> to grab the latest version of various Perl modules, MailScanner
>>> will still
>>> install a lower version: those modules marked "IsABundle" in
>>> install.sh.
>>> Is this intentional?  Should I not be upgrading these modules via
>>> CPAN?
>>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0UuQPw32o+k+q+hAQH/nwgAqYfoH+Y54VgnuYob6atsiyIazNhFKwGn
sA1yV3ETaMzr8jZqsBGZMvepNCbQJvRr96TEQ29ray39vmWjJFkmdo+HmGwd94ev
tLGRCNpfQ+1pwDRcZVH0PqsW/WYkhxhB/7AXVbMaGwXXyuX5oHbrfIjrr/U3sCxY
TWy92LF5URTuApgeAqCg93C0z/XSooiWQgq7o6Y5sPPinOeJeMxi55i1lGJyNvVN
kLTxPosi6T2smMYYkAYWAE4q7x126kCtRrUfGtUqraT/5sXEe84q7vWzxaOO2P0L
qHEs2Y3jvu2CPnlAstWHcLKSNMav3v9HBN9lDym0QA4Aq6wDcuLNug==
=jcQi
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 15:04:07 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Suggestion: configuration option for ClamAV paths
Message-ID: <mailman.15787.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 5 Oct 2005, at 20:03, Philip Hachey wrote:

> I'd like to suggest the addition of two configuration options in
> MailScanner.conf:
>
> ClamAV Work Dir
> ===============
> It's nice to have ClamAV work in a tmpfs filesystem.  For example,  
> I have
> changed
> TempDir="/tmp/clamav.$$"
> to
> TempDir="/dev/shm/clamav.$$"
> in /usr/lib/MailScanner/clamav-wrapper

That only works if you have /dev/shm mounted as tmpfs, or if you have  
it at all. Most Unix distributions don't, only Linux has it. And I'm  
certainly not getting into OS-dependent -wrapper scripts.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0Uu2Pw32o+k+q+hAQHtUwgAmE975smml3/Bob/fWo3vcshWBVJ48psK
4KG362t4sagie/JMzs//L/yBjML/hgFaQ/GIp/ou2JVwb0pyD41q/z3Tk8uuzhef
NXaCpBnHS/sS6Y7lCcgFtyDY1ptllX+FYbryqkU1E2oWu+s+U30DTwN5qM79HaIU
cL8JLHhx0RLLiRaTT56hpPcuLf22bys8/Waf+OUiwNVeIGsCJTsf7pRyZ/EcULsB
Ju66GMniO7YTktLjaDiSylX0cXrQeTS/wXTFjzwBxZZoqPJSPVyTP1XDhLRlxJSx
olepyPcTwS673uqT+5Rn5MgILQ2Tq4XgwupLgd7nWBZPJTYjj+Vo+g==
=p6ym
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 15:06:47 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Suggestion: configuration option for ClamAV paths
Message-ID: <mailman.15788.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 5 Oct 2005, at 23:35, Peter Bonivart wrote:

> Philip Hachey wrote:
>
>> It's nice to have ClamAV work in a tmpfs filesystem.  For example,  
>> I have changed
>> TempDir="/tmp/clamav.$$"
>>
>
> If you used Solaris that would be a tmpfs file system. ;-)

Quite. On most of my systems I mount /tmp with tmpfs. Much faster and  
it is only for tmp stuff anyway, so who cares that it gets lost over  
a reboot.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0Uvefw32o+k+q+hAQHGEQgAu0aWUcD6Gv1GtbejW7nR7ikOSGLPutvu
92GdqIi3T/8kDfddrMmqFHfJPU7b4y9rz1AuAbuJJBAwm80ZygnFp+JHsYswV/1t
ivBrFHiiUvpOAB0ZjyWU30LXFIs5ZHTSRF+wgsK/Z/BJAhZFmiSLoxkndjxnp61O
zBloQf4JURL8ZQ8NqY1+lt/+N+aHA5rX+Px9z2Kyg9tkFa2zjWvquHEzkoK8SAgA
VHh0CW26f4gAxpSXf6VlbgQnLq2KCyEnF+CXV6T7Fz4s1k0k/aFgCcILkxWyBQE9
DGcR3LS2lrX88qesffjDBciSt9EdIdZiN9qHR10Y5LAmjO7zEFFShA==
=imjN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 15:09:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15789.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 6 Oct 2005, at 00:41, Scott Silva wrote:

> Alex Neuman spake the following on 10/5/2005 4:18 PM:
>
>> Scott Silva wrote:
>>
>>
>>> Scott Silva spake the following on 10/5/2005 2:44 PM:
>>>
>>>
>>>
>>>> I have two mostly identical systems, but one has recently stopped
>>>> hitting the SURBL hits in spamassassin.
>>>> I re-installed spamassasin, and diffed the configs between the two
>>>> systems, but can't find the problem.
>>>> I can lint a test message on the non-working spamassassin and the
>>>> SURBL's hit.
>>>>
>>>> My next try is to re-install Net::DNS.
>>>> Any other ideas?
>>>>
>>>> MailScanner is latest stable
>>>> Spamassassin 3.1.0
>>>> ClamAV 0.87
>>>> All installed from Julian's tarball.
>>>>
>>>>
>>>>
>>>
>>> Now I have;
>>> Can't locate object method "check_uridnsbl" via package
>>> "Mail::SpamAssassin::PerMsgStatus"
>>> Not sure what module is hosed.
>>>
>>>
>>
>> Whenever I've had problems like that I look up all the modules  
>> that are
>> required by every part (spamassassin, mailscanner, etc.) and perl - 
>> MCPAN
>> -e 'install Whatever::Module' one by one.
>>
>>
> Whatever hosed this system seemed to happen at the upgrade to
> spamassassin 3.1.0.
> I'll have to hack at it again tomorrow.

You haven't got 2 perls installed have you? Just a thought. You might  
be installing some of it into the wrong one.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0UwDvw32o+k+q+hAQHfLAf/Yla7AwVo9/jsytHkb0YCSq8QIg5a7cak
bNZIabYorFsJYo7OPkC/f41DJ1V6IDiVqLn6vwG4tmlPuutaR8CyJ6JRXrM8m88/
jf6fkmiAkFFFfALJOVRU4TADxoAAu6Z6u7gtOc0NEz+vM6kdoQYkJ42UYt1TWY8+
6QxuMh/FCUwgQz+Su+EkAhy2D4N6pt68IfjvFSVsajPykxPAug+WFzFS07rcafcl
zWs5QT5Gs26Srbhtx/0mz9M1FXk2TZ//Vs7ZDBl6QKrpP7Q7M63Oe2ip7Vcg2mu/
ul5j+n3QpFYeVT9U4XL5ZSeOxkOvbJB/Pqxvz38jr0mTAx7NJPFhBg==
=NbuJ
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 15:13:42 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive"
    Targets Microsoft Access Vulnerability (fwd)
Message-ID: <mailman.15790.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

They miss out 2 things:

1) an apology for having to publicly admit that you can't trust their  
files
2) going to Windows Update to get a patch for Office (which is  
presumably where they will patch it) won't work, as Office patches  
are only available from office.microsoft.com and not from  
windowsupdate.microsoft.com.

On 6 Oct 2005, at 02:32, Jeff A. Earickson wrote:

> Gang,
>
> FYI below.  In the course of attempting to figure out what an mdb file
> is, I stumbled across this website, telling what types of attachments
> Outlook 2003 blocks.  Wow, what a list...
>
> http://office.microsoft.com/en-us/assistance/HA011402971033.aspx
>
> Jeff Earickson
> Colby College
>
> ---------- Forwarded message ----------
> Date: Thu, 06 Oct 2005 10:04:05 +1000
> From: AusCERT <auscert@auscert.org.au>
> To: national-alerts@auscert.org.au
> Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive"  
> Targets
>     Microsoft Access Vulnerability
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> ====================================================================== 
> =====
> A  U  S  C  E  R  T                                           A  L   
> E  R  T
>
>                        AL-2005.0030 -- AUSCERT ALERT
>           Trojan "Hesive" Targets Microsoft Access Vulnerability
>                               4 October 2005
>
> ====================================================================== 
> =====
>
>         AusCERT Alert Summary
>         ---------------------
>
> Product:           Microsoft Access
> Operating System:  Windows
> Impact:            Administrator Compromise
> Access:            Remote/Unauthenticated
> Member-only until: Thursday, October 06 2005
>
> OVERVIEW:
>
>     A new trojan, Hesive, targets a flaw in Microsoft Access that  
> allows a
>     remote attacker to execute arbitrary code or commands in the  
> context of
>     the currently logged in user. The vulnerability exploited by  
> this trojan
>     is five months old, and no patch is currently available.
>
>     The trojan requires a local user to open a specially crafted  
> Access .mdb
>     file. This file can be received via email. Once activated, it  
> opens a
>     backdoor onto the system to allow further access to the remote  
> attacker.
>
>
> IMPACT:
>
>     While the trojan itself performs minimal actions on the  
> infected system,
>     it allows a remote attacker to access the system. Since many  
> home users
>     log on to Windows as an Administrator level user, this is  
> effectively an
>     Administrator Compromise.
>
>     The trojan itself is simple to remove using an antivirus  
> product, however
>     actions taken by a remote attacker through the back door the  
> trojan sets
>     up are unpredictable and may not be reversible.
>
>
> MITIGATION:
>
>     Treat Microsoft Office files as you would an executable program  
> - do not
>     open Office files that you have received from an unknown,  
> untrusted or
>     unexpected source, especially Access '.mdb' files.
>
>     Ensure Windows Update is enabled on your systems so that any  
> updates to
>     fix this problem are installed.
>
>
> REFERENCES:
>
>     Symantec Virus Definition:
>       http://securityresponse.symantec.com/avcenter/venc/data/ 
> backdoor.hesive.html
>
>     SecurityFocus:
>       http://www.securityfocus.com/news/11335
>
>     Secunia:
>       http://secunia.com/advisories/14896/
>
> AusCERT has made every effort to ensure that the information contained
> in this document is accurate.  However, the decision to use the  
> information
> described is the responsibility of each user or organisation. The  
> decision to
> follow or act on information or advice contained in this security  
> bulletin is
> the responsibility of each user or organisation, and should be  
> considered in
> accordance with your organisation's site policies and procedures.  
> AusCERT
> takes no responsibility for consequences which may arise from  
> following or
> acting on information or advice contained in this security bulletin.
>
> If you believe that your computer system has been compromised or  
> attacked in
> any way, we encourage you to let us know by completing the secure  
> National IT
> Incident Reporting Form at:
>
>         http://www.auscert.org.au/render.html?it=3192
>
> ====================================================================== 
> =====
> Australian Computer Emergency Response Team
> The University of Queensland
> Brisbane
> Qld 4072
>
> Internet Email: auscert@auscert.org.au
> Facsimile:      (07) 3365 7031
> Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
>                 AusCERT personnel answer during Queensland business  
> hours
>                 which are GMT+10:00 (AEST).
>                 On call after hours for member emergencies only.
> ====================================================================== 
> =====
>
>
> -----BEGIN PGP SIGNATURE-----
> Comment: http://www.auscert.org.au/render.html?it=1967
> Comment: http://www.auscert.org.au/render.html?it=1967
>
> iQCVAwUBQ0Rp9Ch9+71yA2DNAQMxyQP/czgdZNIbzc3mK5xk6kSV9agUWPqe6lxq
> cguUcWHRLPQI437an3urcpepZXTozrhrBDW2h1+C+sxaMxe4os9Cy1B12TeJrR8j
> TUNYZGBbKKL5b/MK0nTdWZlHTIQGKBPYrZcR8QLBoMYVKnR41/GXXR1TANc3WqfC
> UFZ1gGTUntk=
> =sEsT
> -----END PGP SIGNATURE-----
>
> AusCERT is the national computer emergency response team for  
> Australia.  We
> monitor various sources around the globe and provide reliable and  
> independent
> information about serious computer network threats and  
> vulnerabilities.
> AusCERT, which is a not-for-profit organisation, operates a cost- 
> recovery
> service for its members and a smaller free security bulletin  
> service to
> subscribers of the National Alerts Service.
>
> In the interests of protecting your information systems and keeping  
> up to date
> with relevant information to protect your information systems, you  
> should be
> aware that not all security bulletins published or distributed by  
> AusCERT are
> included in the National Alert Service.  AusCERT may publish and  
> distribute
> bulletins to its members which contain information about serious  
> computer
> network threats and vulnerabilities that could affect your information
> systems. Many of these security bulletins are publicly accessible  
> from our web
> site.
>
> AusCERT maintains the mailing list for access to National Alerts  
> Service
> security bulletins. If you are subscribed to the National Alerts  
> Service and
> wish to cancel your subscription to this service, please follow the
> instructions at:
>
>         http://www.auscert.org.au/msubmit.html?it=3058
>
> Previous security bulletins published or distributed as part of the  
> National
> Alerts Service can be retrieved from:
>
>         http://national.auscert.org.au/render.html?cid=2998
>
> Previous security bulletins published or distributed by AusCERT can be
> retrieved from:
>
>         http://www.auscert.org.au/render.html?cid=1
>
> If you believe that your computer system has been compromised or  
> attacked in
> any way, we encourage you to let us know by completing the secure  
> National IT
> Incident Reporting Form at:
>
>         http://national.auscert.org.au/render.html?it=3192
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0UxGPw32o+k+q+hAQELQgf/VT1kj4Ovfkn9cU5JeC2dsdkdE/romu4p
16R5Xo0V7m+BPDEc01CkEowD3AnKUodw96Oezkf8HVMtlPlWc5pVHXC7noXCnjyS
i/9m6NVdiAuyvkdICrmSWfcAevF9cXQJH1+9tK4a22qihUmGmVifQeqVUCnhxoTA
fzFsFL98PXKJmLzboYgA/43Iq3AQWW8r4Dzs9p+hMvDAPHTUSAWyAvPYMBqteTGE
Uv+uozfK5M9CHzzKRU2k5NjVqn166QZ3SyiKMH/1GQSJfOYchRywfUrANPAaVymh
OWyJO9liS1hM2jLmu/e9vLWocqzGGf7CfBL/BULBMheYWItf9xh/yg==
=P04s
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 15:14:56 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner and Logwatch
Message-ID: <mailman.15791.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Not currently, no.

On 6 Oct 2005, at 13:55, Rose, Bobby wrote:

> Recently, we've migrated our gateway from Solaris to Linux and  
> before I
> go munging the script/confs is there a simple switch to disable the
> reporting of unmatched entries for MailScanner?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0UxYvw32o+k+q+hAQHPrwf/erimi40H4vEmcTsO1W72bFlMq3B8b3DO
IRTx786ShfGpasbw4QrAIJzWoJMKs/2Jd+rbqn7lj2WtBQ/UGvnWAmD0ahDzAorw
s/PMaImCTOhIw89hVOfCsZy0fLwOuTmLKIByes+pv1aBslTxSc1Qfia1kMaQws/q
7isL/N81mqiVvmD0jC1rCICge0gosZRRYCCrd+VHu4iW61sqPUuqBHxoGcEW7DXw
KjjlQecK5yj8bnBL3M3FvUT8F6GKUlIGHgWQxEKFqAKtvoBtvppWYzT10vwyhEak
3bX34UXbnlfsXyvp+TU56LrNkYQKAEkv/hr71+PpeQXc4fuSaH6Ujg==
=5xLt
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Thu Oct  6 15:18:58 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:53 2006
Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive"
    Targets Microsoft Access Vulnerability (fwd)
Message-ID: <mailman.15792.1137101453.24926.mailscanner@lists.mailscanner.info>

One more reason why you need to manage the M$ desktop with
LanDesk/SMS/whatever and not let the users handle all this themselves...

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: 06 October 2005 15:14
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan
"Hesive" Targets Microsoft Access Vulnerability (fwd)

-----BEGIN PGP SIGNED MESSAGE-----

They miss out 2 things:

1) an apology for having to publicly admit that you can't trust their  
files
2) going to Windows Update to get a patch for Office (which is  
presumably where they will patch it) won't work, as Office patches  
are only available from office.microsoft.com and not from  
windowsupdate.microsoft.com.

On 6 Oct 2005, at 02:32, Jeff A. Earickson wrote:

> Gang,
>
> FYI below.  In the course of attempting to figure out what an mdb file
> is, I stumbled across this website, telling what types of attachments
> Outlook 2003 blocks.  Wow, what a list...
>
> http://office.microsoft.com/en-us/assistance/HA011402971033.aspx
>
> Jeff Earickson
> Colby College
>
> ---------- Forwarded message ----------
> Date: Thu, 06 Oct 2005 10:04:05 +1000
> From: AusCERT <auscert@auscert.org.au>
> To: national-alerts@auscert.org.au
> Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive"  
> Targets
>     Microsoft Access Vulnerability
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> ====================================================================== 
> =====
> A  U  S  C  E  R  T                                           A  L   
> E  R  T
>
>                        AL-2005.0030 -- AUSCERT ALERT
>           Trojan "Hesive" Targets Microsoft Access Vulnerability
>                               4 October 2005
>
> ====================================================================== 
> =====
>
>         AusCERT Alert Summary
>         ---------------------
>
> Product:           Microsoft Access
> Operating System:  Windows
> Impact:            Administrator Compromise
> Access:            Remote/Unauthenticated
> Member-only until: Thursday, October 06 2005
>
> OVERVIEW:
>
>     A new trojan, Hesive, targets a flaw in Microsoft Access that  
> allows a
>     remote attacker to execute arbitrary code or commands in the  
> context of
>     the currently logged in user. The vulnerability exploited by  
> this trojan
>     is five months old, and no patch is currently available.
>
>     The trojan requires a local user to open a specially crafted  
> Access .mdb
>     file. This file can be received via email. Once activated, it  
> opens a
>     backdoor onto the system to allow further access to the remote  
> attacker.
>
>
> IMPACT:
>
>     While the trojan itself performs minimal actions on the  
> infected system,
>     it allows a remote attacker to access the system. Since many  
> home users
>     log on to Windows as an Administrator level user, this is  
> effectively an
>     Administrator Compromise.
>
>     The trojan itself is simple to remove using an antivirus  
> product, however
>     actions taken by a remote attacker through the back door the  
> trojan sets
>     up are unpredictable and may not be reversible.
>
>
> MITIGATION:
>
>     Treat Microsoft Office files as you would an executable program  
> - do not
>     open Office files that you have received from an unknown,  
> untrusted or
>     unexpected source, especially Access '.mdb' files.
>
>     Ensure Windows Update is enabled on your systems so that any  
> updates to
>     fix this problem are installed.
>
>
> REFERENCES:
>
>     Symantec Virus Definition:
>       http://securityresponse.symantec.com/avcenter/venc/data/ 
> backdoor.hesive.html
>
>     SecurityFocus:
>       http://www.securityfocus.com/news/11335
>
>     Secunia:
>       http://secunia.com/advisories/14896/
>
> AusCERT has made every effort to ensure that the information contained
> in this document is accurate.  However, the decision to use the  
> information
> described is the responsibility of each user or organisation. The  
> decision to
> follow or act on information or advice contained in this security  
> bulletin is
> the responsibility of each user or organisation, and should be  
> considered in
> accordance with your organisation's site policies and procedures.  
> AusCERT
> takes no responsibility for consequences which may arise from  
> following or
> acting on information or advice contained in this security bulletin.
>
> If you believe that your computer system has been compromised or  
> attacked in
> any way, we encourage you to let us know by completing the secure  
> National IT
> Incident Reporting Form at:
>
>         http://www.auscert.org.au/render.html?it=3192
>
> ====================================================================== 
> =====
> Australian Computer Emergency Response Team
> The University of Queensland
> Brisbane
> Qld 4072
>
> Internet Email: auscert@auscert.org.au
> Facsimile:      (07) 3365 7031
> Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
>                 AusCERT personnel answer during Queensland business  
> hours
>                 which are GMT+10:00 (AEST).
>                 On call after hours for member emergencies only.
> ====================================================================== 
> =====
>
>
> -----BEGIN PGP SIGNATURE-----
> Comment: http://www.auscert.org.au/render.html?it=1967
> Comment: http://www.auscert.org.au/render.html?it=1967
>
> iQCVAwUBQ0Rp9Ch9+71yA2DNAQMxyQP/czgdZNIbzc3mK5xk6kSV9agUWPqe6lxq
> cguUcWHRLPQI437an3urcpepZXTozrhrBDW2h1+C+sxaMxe4os9Cy1B12TeJrR8j
> TUNYZGBbKKL5b/MK0nTdWZlHTIQGKBPYrZcR8QLBoMYVKnR41/GXXR1TANc3WqfC
> UFZ1gGTUntk=
> =sEsT
> -----END PGP SIGNATURE-----
>
> AusCERT is the national computer emergency response team for  
> Australia.  We
> monitor various sources around the globe and provide reliable and  
> independent
> information about serious computer network threats and  
> vulnerabilities.
> AusCERT, which is a not-for-profit organisation, operates a cost- 
> recovery
> service for its members and a smaller free security bulletin  
> service to
> subscribers of the National Alerts Service.
>
> In the interests of protecting your information systems and keeping  
> up to date
> with relevant information to protect your information systems, you  
> should be
> aware that not all security bulletins published or distributed by  
> AusCERT are
> included in the National Alert Service.  AusCERT may publish and  
> distribute
> bulletins to its members which contain information about serious  
> computer
> network threats and vulnerabilities that could affect your information
> systems. Many of these security bulletins are publicly accessible  
> from our web
> site.
>
> AusCERT maintains the mailing list for access to National Alerts  
> Service
> security bulletins. If you are subscribed to the National Alerts  
> Service and
> wish to cancel your subscription to this service, please follow the
> instructions at:
>
>         http://www.auscert.org.au/msubmit.html?it=3058
>
> Previous security bulletins published or distributed as part of the  
> National
> Alerts Service can be retrieved from:
>
>         http://national.auscert.org.au/render.html?cid=2998
>
> Previous security bulletins published or distributed by AusCERT can be
> retrieved from:
>
>         http://www.auscert.org.au/render.html?cid=1
>
> If you believe that your computer system has been compromised or  
> attacked in
> any way, we encourage you to let us know by completing the secure  
> National IT
> Incident Reporting Form at:
>
>         http://national.auscert.org.au/render.html?it=3192
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0UxGPw32o+k+q+hAQELQgf/VT1kj4Ovfkn9cU5JeC2dsdkdE/romu4p
16R5Xo0V7m+BPDEc01CkEowD3AnKUodw96Oezkf8HVMtlPlWc5pVHXC7noXCnjyS
i/9m6NVdiAuyvkdICrmSWfcAevF9cXQJH1+9tK4a22qihUmGmVifQeqVUCnhxoTA
fzFsFL98PXKJmLzboYgA/43Iq3AQWW8r4Dzs9p+hMvDAPHTUSAWyAvPYMBqteTGE
Uv+uozfK5M9CHzzKRU2k5NjVqn166QZ3SyiKMH/1GQSJfOYchRywfUrANPAaVymh
OWyJO9liS1hM2jLmu/e9vLWocqzGGf7CfBL/BULBMheYWItf9xh/yg==
=P04s
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Russell at KNOWLEDGEIT.CO.UK  Thu Oct  6 15:20:50 2005
From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell)
Date: Thu Jan 12 21:30:53 2006
Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive"
    Targets Microsoft Access Vulnerability (fwd)
Message-ID: <mailman.15793.1137101453.24926.mailscanner@lists.mailscanner.info>

 >2) going to Windows Update to get a patch for Office (which is
presumably where they will patch it) won't work,
 > as Office patches are only available from office.microsoft.com

 .. AND update.microsoft.com :)

Ta

Chris


The contents of this e-mail may be privileged and are confidential.
It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.

If received in error, please advise the sender, then delete it from your system.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at gmail.com  Thu Oct  6 15:12:42 2005
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 12 21:30:53 2006
Subject: securing relay...
Message-ID: <mailman.15794.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 05/10/05, JD Doelitzsch <jd@baritec.com> wrote:
> Thanks again guys, I checked the relay using those site and it seems to be
> secure. I think what might be happening is my MS box takes any email then
> forwards it to my winbox which will accept or deny depending on if there is
> such a user. If no user my MS box tries to return to sender and so it looks
> like spam is going out. Is this a possible scenario? would this generate
> enough returned email that is spam to blacklist me? I am considering using
> milter-ahead as a possible fix. What do you think?
>
> -JD
Yes, well ... if you check the archives to this list you'll find a lot
about this ("NDR-spam", "backwash", whatever). You could be
"originating" a hefty amount of spam, yes. But, to my knowledge, no
BLs blacklist this type of behaviour as such ... yet (but then, you
might be the first ... :-)..
At least for postfix, this is documented in the wiki
(http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users))
 ... using milter-ahead seems to be a reasonable way of fixing this
for sendmail.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ryan at MARINOCRANE.COM  Thu Oct  6 15:40:39 2005
From: ryan at MARINOCRANE.COM (Ryan Pitt)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner and Logwatch
Message-ID: <mailman.15795.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I use Logwatch also - and have found that you can have Logwatch *ignore* 
certain strings.  Its quite simple to do.
Add the desired string to /etc/log.d/ignore.conf (Fedora Core 1) and 
Logwatch will output a single line ie.  "3415 Ignored Lines" in place of 
the usual long output.
Hope this helps.
Ryan

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Not currently, no.
> 
> On 6 Oct 2005, at 13:55, Rose, Bobby wrote:
> 
> 
>>Recently, we've migrated our gateway from Solaris to Linux and  
>>before I
>>go munging the script/confs is there a simple switch to disable the
>>reporting of unmatched entries for MailScanner?
> 
> 
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2425)
> 
> iQEVAwUBQ0UxYvw32o+k+q+hAQHPrwf/erimi40H4vEmcTsO1W72bFlMq3B8b3DO
> IRTx786ShfGpasbw4QrAIJzWoJMKs/2Jd+rbqn7lj2WtBQ/UGvnWAmD0ahDzAorw
> s/PMaImCTOhIw89hVOfCsZy0fLwOuTmLKIByes+pv1aBslTxSc1Qfia1kMaQws/q
> 7isL/N81mqiVvmD0jC1rCICge0gosZRRYCCrd+VHu4iW61sqPUuqBHxoGcEW7DXw
> KjjlQecK5yj8bnBL3M3FvUT8F6GKUlIGHgWQxEKFqAKtvoBtvppWYzT10vwyhEak
> 3bX34UXbnlfsXyvp+TU56LrNkYQKAEkv/hr71+PpeQXc4fuSaH6Ujg==
> =5xLt
> -----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 15:41:17 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner ANNOUNCE: 4.46.2 release
Message-ID: <mailman.15796.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/6/2005 6:58 AM:
> 
> On 5 Oct 2005, at 15:52, Denis Beauchemin wrote:
> 
> 
>>>Julian Field wrote:
>>>
>>>
>>>
>>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>>Hash: SHA1
>>>>
>>>>I have just released the latest stable version of MailScanner,  
>>>>4.46.2.
>>>>
>>>>Download as usual from www.mailscanner.info
>>>>
>>>>The Change Log is pretty small this month, things have been quiet.  
>>>>The important bit for Postfix users is a fix involving the  
>>>>internal TNEF expander. Also SpamAssassin 3.1.0 is supported and  
>>>>doesn't generate any warnings.
>>>>
>>>>
>>>
>>>Julian,
>>>
>>>Do I need to run install.sh if I upgrade from mailscanner-4.44.6-2  
>>>or will a rpm -Uvh mailscanner-4.46.2-2.noarch.rpm do?
> 
> 
> You should be able to just rpm -Uvh it from 4.44 to 4.46. But  
> generally I advise people to run ./install.sh anyway. You can speed  
> it up a lot by doing "./install.sh fast".
> 
Is there a --force option in install.sh?
Sometimes it would be nice to MAKE everything install again when things
get hosed.
-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 15:52:48 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15797.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/6/2005 7:09 AM:
> On 6 Oct 2005, at 00:41, Scott Silva wrote:
> 
> 
>>>Alex Neuman spake the following on 10/5/2005 4:18 PM:
>>>
>>>
>>>>Scott Silva wrote:
>>>>
>>>>
>>>>
>>>>>Scott Silva spake the following on 10/5/2005 2:44 PM:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>I have two mostly identical systems, but one has recently stopped
>>>>>>hitting the SURBL hits in spamassassin.
>>>>>>I re-installed spamassasin, and diffed the configs between the two
>>>>>>systems, but can't find the problem.
>>>>>>I can lint a test message on the non-working spamassassin and the
>>>>>>SURBL's hit.
>>>>>>
>>>>>>My next try is to re-install Net::DNS.
>>>>>>Any other ideas?
>>>>>>
>>>>>>MailScanner is latest stable
>>>>>>Spamassassin 3.1.0
>>>>>>ClamAV 0.87
>>>>>>All installed from Julian's tarball.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>Now I have;
>>>>>Can't locate object method "check_uridnsbl" via package
>>>>>"Mail::SpamAssassin::PerMsgStatus"
>>>>>Not sure what module is hosed.
>>>>>
>>>>>
>>>>
>>>>Whenever I've had problems like that I look up all the modules  
>>>>that are
>>>>required by every part (spamassassin, mailscanner, etc.) and perl - 
>>>>MCPAN
>>>>-e 'install Whatever::Module' one by one.
>>>>
>>>>
>>>
>>>Whatever hosed this system seemed to happen at the upgrade to
>>>spamassassin 3.1.0.
>>>I'll have to hack at it again tomorrow.
> 
> 
> You haven't got 2 perls installed have you? Just a thought. You might  
> be installing some of it into the wrong one.
Just one. It was the first think I checked.
5.8.0
I think I will run through CPAN and force install each module again.
I also see this;

[28256] warn: config: failed to parse line, skipping: dcc_path
usr/local/bin/dccproc
[28256] warn: config: failed to parse line, skipping: dcc_home /var/dcc
[28256] warn: config: failed to parse line, skipping: razor_timeout 10
[28256] warn: config: failed to parse line, skipping: urirhssub
URIBL_BLACK  multi.uribl.com.        A   2
[28256] warn: config: failed to parse line, skipping: urirhssub
URIBL_GREY  multi.uribl.com.        A   4
[28256] warn: config: warning: score set for non-existent rule
RAZOR2_CF_RANGE_51_100


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dl6mpg at GMAIL.COM  Thu Oct  6 15:50:17 2005
From: dl6mpg at GMAIL.COM (Uwe)
Date: Thu Jan 12 21:30:53 2006
Subject: sophos and glibc resolved?
Message-ID: <mailman.15798.1137101453.24926.mailscanner@lists.mailscanner.info>

Hi,

> Is the problem with the glibc version of Sophos resolved yet?

... I think so. Using 3.98 and works fine for me with sophosavi.
Running linux glib2.2 version.

Uwe

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ralloway at WINBEAM.COM  Thu Oct  6 15:17:54 2005
From: ralloway at WINBEAM.COM (Richard D Alloway)
Date: Thu Jan 12 21:30:53 2006
Subject: CentOS 4.1 final w/posix lock still having issues
Message-ID: <mailman.15799.1137101453.24926.mailscanner@lists.mailscanner.info>

On Wed, 5 Oct 2005, Kevin Spicer wrote:

> On Wed, 2005-10-05 at 10:17 -0400, Richard D Alloway wrote:
>> But, I still get deliveries with the dreaded "Message body disappears" errors.
> ...
>> What should I look for at this point?
>
> Wild shot in the dark, from the one time I saw this myself (very long
> time ago).  Make sure that sendmail is being started from the
> MailScanner startup scripts and that you have the noetrn option on in
> that startup script (its there by default so it should be...).  Also
> worth grepping the logs for etrn, just in case the command line option
> isn't being honoured for some reason.  You don't want to let folks use
> etrn!
>
> Probably not your problem, but doesn't hurt to check.

Thanks for the suggestions, but it doesn't look like etrn is the issue.  We 
don't have anyone using etrn at all on any of our mail servers at this point 
and the noetrn option is in the MailScanner startup script.  Also, the only 
reference to etrn in the logs are lines like:

Oct  6 09:59:55 smtp-gateway-5 sendmail[22406]: j96DxtOg022406: 
[218.68.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

So, there's still something going on that I'm not aware of...

Any other thoughts? :)

-Rich

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rpoe at PLATTESHERIFF.ORG  Thu Oct  6 16:27:47 2005
From: rpoe at PLATTESHERIFF.ORG (Rob Poe)
Date: Thu Jan 12 21:30:53 2006
Subject: SpamAssassin Efficiency
Message-ID: <mailman.15800.1137101453.24926.mailscanner@lists.mailscanner.info>

Running Spamassassin with MailScanner.  As I use more rulesets, during busy / peak mail server periods, SpamAssassin is timing out and the spam message makes it through.  

I'd rather default the box to WAIT for SpamAssassin, even if that means backing up email a little bit.  Hopefully I'll be able to replace the box soon (it's a 2.0ghz celeron / 1g ram) with a dual 2.8 xeon / 3 gigs ram / hardware RAID5 (instead of software raid1)..But for now I have to use what I have..

Any suggestions?

Thanks in advance.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 16:41:14 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15801.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 6 Oct 2005, at 15:52, Scott Silva wrote:

> Julian Field spake the following on 10/6/2005 7:09 AM:
>
>> On 6 Oct 2005, at 00:41, Scott Silva wrote:
>>
>>
>>
>>>> Alex Neuman spake the following on 10/5/2005 4:18 PM:
>>>>
>>>>
>>>>
>>>>> Scott Silva wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Scott Silva spake the following on 10/5/2005 2:44 PM:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> I have two mostly identical systems, but one has recently  
>>>>>>> stopped
>>>>>>> hitting the SURBL hits in spamassassin.
>>>>>>> I re-installed spamassasin, and diffed the configs between  
>>>>>>> the two
>>>>>>> systems, but can't find the problem.
>>>>>>> I can lint a test message on the non-working spamassassin and  
>>>>>>> the
>>>>>>> SURBL's hit.
>>>>>>>
>>>>>>> My next try is to re-install Net::DNS.
>>>>>>> Any other ideas?
>>>>>>>
>>>>>>> MailScanner is latest stable
>>>>>>> Spamassassin 3.1.0
>>>>>>> ClamAV 0.87
>>>>>>> All installed from Julian's tarball.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> Now I have;
>>>>>> Can't locate object method "check_uridnsbl" via package
>>>>>> "Mail::SpamAssassin::PerMsgStatus"
>>>>>> Not sure what module is hosed.
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>> Whenever I've had problems like that I look up all the modules
>>>>> that are
>>>>> required by every part (spamassassin, mailscanner, etc.) and  
>>>>> perl -
>>>>> MCPAN
>>>>> -e 'install Whatever::Module' one by one.
>>>>>
>>>>>
>>>>>
>>>>
>>>> Whatever hosed this system seemed to happen at the upgrade to
>>>> spamassassin 3.1.0.
>>>> I'll have to hack at it again tomorrow.
>>>>
>>
>>
>> You haven't got 2 perls installed have you? Just a thought. You might
>> be installing some of it into the wrong one.
>>
> Just one. It was the first think I checked.
> 5.8.0
> I think I will run through CPAN and force install each module again.
> I also see this;
>
> [28256] warn: config: failed to parse line, skipping: dcc_path
> usr/local/bin/dccproc
> [28256] warn: config: failed to parse line, skipping: dcc_home /var/ 
> dcc
> [28256] warn: config: failed to parse line, skipping: razor_timeout 10

Have you uncommented the relevant lines in your /etc/mail/ 
spamassassin/v310.pre (or whatever it's called)?

If you use my ClamAV+SA bundle then it tells you exactly what you  
need to do to this file at the end of the installation process.

> [28256] warn: config: failed to parse line, skipping: urirhssub
> URIBL_BLACK  multi.uribl.com.        A   2
> [28256] warn: config: failed to parse line, skipping: urirhssub
> URIBL_GREY  multi.uribl.com.        A   4

That's probably the same reason as above. There are some lines you  
have to add to the file as well.

> [28256] warn: config: warning: score set for non-existent rule
> RAZOR2_CF_RANGE_51_100

As above.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0VFnPw32o+k+q+hAQGvRQf/d0VNkOIc5hrxsUgfq1cTj/ecKU9X1v3c
KVVcpNverv/xyt4rPVmzAp0gwVenG2kZn75IU/6DZQ1YJA0WpwSbjegkseccSHMT
kLTB1+d4XJMG+6/oZZ7TCEKP27ZJ2K4y65Ab0E3LqsooF7px+2CTspJk54RC6xcx
NdmdDRd/qvEMhVZ75MHkfZdXliRdPi08l9WJIR+UISUzkZtApMnY/0V3ro5CMLax
PxkHbYTDBcXgseWsGUNiCqYylRChIPSA7d43sYl/AVnY0m38w036y9CUaT4VXwKi
OoOQDhzT8Qq/XRutVUkH/TZDDemAEQSdgK7nb6Q8JEFlELPRCUzt/w==
=WQuP
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 15:58:10 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15802.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Martin Hepworth spake the following on 10/6/2005 12:55 AM:
> Try a "MailScanner -v" and a 
> 
> "spamassassin -p /etc/MailScanner/spam.assassin.prefs.com -D --lint"
> 
> To clues as to whats broke.
> 
The lint test is where I am getting these;
[28404] warn: config: failed to parse line, skipping: dcc_path
/usr/local/bin/dccproc
[28404] warn: config: failed to parse line, skipping: dcc_home /var/dcc
[28404] warn: config: failed to parse line, skipping: razor_timeout 10
[28404] warn: config: failed to parse line, skipping: urirhssub
URIBL_BLACK  multi.uribl.com.        A   2
[28404] warn: config: failed to parse line, skipping: urirhssub
URIBL_GREY  multi.uribl.com.        A   4
[28404] warn: config: warning: score set for non-existent rule
RAZOR2_CF_RANGE_51_100
[28404] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x92bed4c) implements
'finish_parsing_end'

 and plugin did not register

All seems OK with MailScanner  -v
Running on
Linux mail.fontanawater.com 2.4.20-43.9.legacysmp #1 SMP Sat Apr 30
19:07:33 EDT
 2005 i686 i686 i386 GNU/Linux
This is Red Hat Linux release 9 (Shrike)
This is Perl version 5.008000 (5.8.0)

This is MailScanner version 4.46.2
Module versions are:
1.00    AnyDBM_File
1.16    Archive::Zip
1.01    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.04    Fcntl
2.71    File::Basename
2.05    File::Copy
2.01    FileHandle
1.05    File::Path
0.16    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.20    IO
1.09    IO::File
1.122   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.05    POSIX
1.75    Socket
0.03    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.810   DB_File
1.08    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.10    Digest::SHA1
0.44    Inline
0.17    Mail::ClamAV
3.001000        Mail::SpamAssassin
1.997   Mail::SPF::Query
0.15    Net::CIDR::Lite
0.53    Net::DNS
0.32    Net::LDAP
1.94    Parse::RecDescent
missing SAVI
1.2     Sys::Hostname::Long
2.42    Test::Harness
0.47    Test::Simple
1.89    Text::Balanced
1.35    URI


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Thu Oct  6 16:34:01 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:53 2006
Subject: McAfee not being updated to 4561
Message-ID: <mailman.15803.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> 
>>>Seems speedownload.nai.com is OK, so a simple and probably very
>>>temporary fix could be to alter the mcafee-autoupdate script to use
>>>that. Sigh.
>>>
>>>Suggestions for the notes section of the wiki (that don't contain too
>>>many profanities) much appreciated:).
>>>

Julian,

If most MailScanner users using mcafee agree, could you change the 
FTPDIR in mcafee-autoupdate to this URL in future MS releases:
http://speedownload.nai.com/products/datfiles/4.x/nai

Though i believe most of us already have changed it manually when there 
was a problem some time back. If someone is aware of a better URL, do 
update us (and the wiki)

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From phachey at CITY.CORNWALL.ON.CA  Thu Oct  6 16:45:19 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:30:53 2006
Subject: Suggestion: configuration option for ClamAV paths
Message-ID: <mailman.15804.1137101453.24926.mailscanner@lists.mailscanner.info>

On Thu, 6 Oct 2005 15:04:07 +0100, Julian Field
<MailScanner@ECS.SOTON.AC.UK> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>
>On 5 Oct 2005, at 20:03, Philip Hachey wrote:
>
>> I'd like to suggest the addition of two configuration options in
>> MailScanner.conf:
>>
>> ClamAV Work Dir
>> ===============
>> It's nice to have ClamAV work in a tmpfs filesystem.  For example,
>> I have
>> changed
>> TempDir="/tmp/clamav.$$"
>> to
>> TempDir="/dev/shm/clamav.$$"
>> in /usr/lib/MailScanner/clamav-wrapper
>
>That only works if you have /dev/shm mounted as tmpfs, or if you have
>it at all. Most Unix distributions don't, only Linux has it. And I'm
>certainly not getting into OS-dependent -wrapper scripts.

I wasn't suggesting something OS-dependent, just the ability to configure
where the temporary "clamav.$$" gets written to.

As has been suggested, mounting /tmp as tmpfs is also a good idea.

Thanks,
Philip

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 16:42:32 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: SpamAssassin Efficiency
Message-ID: <mailman.15805.1137101453.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 6 Oct 2005, at 16:27, Rob Poe wrote:

> Running Spamassassin with MailScanner.  As I use more rulesets,  
> during busy / peak mail server periods, SpamAssassin is timing out  
> and the spam message makes it through.
>
> I'd rather default the box to WAIT for SpamAssassin, even if that  
> means backing up email a little bit.  Hopefully I'll be able to  
> replace the box soon (it's a 2.0ghz celeron / 1g ram) with a dual  
> 2.8 xeon / 3 gigs ram / hardware RAID5 (instead of software  
> raid1)..But for now I have to use what I have..
>
> Any suggestions?

Why not just increase the SpamAssassin timeout value in  
MailScanner.conf?
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0VF7Pw32o+k+q+hAQE04ggAkTzkq16x2Yh0kvRO84b7N99NxPKjwQUs
xkYTSNBmiD7JkWGy4yx6FacjLXk07gXXkIlwNoaBX7l46vDcdQ61mdpcD9ZuZ6wF
bnOtNpL5PSzt3Sxvo0RWMksRdwyjqDLepBYP2sxSBbDSjouv/pNe5dEwf7VpmjT6
ZRQBi6eW6Ifl381tvDoyF7A6bwh2yX4uJ0QoX298h0gCeGyL9B/CRbqYVlqOvE7R
7Zg3xyzKMLRhb4WXAXV9Cl2oCP1D1OJDkrBUemxzkakt0HGWvXVfNFWv6DWtDsJC
XSiUggbSk4Qz1EExLnMMaOD3XU5ia2yIt3T8atUhBvch5k8KPj9xIA==
=J7BG
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 17:13:34 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner ANNOUNCE: 4.46.2 release
Message-ID: <mailman.15806.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva spake the following on 10/6/2005 7:41 AM:
> Julian Field spake the following on 10/6/2005 6:58 AM:
> 
>>On 5 Oct 2005, at 15:52, Denis Beauchemin wrote:
>>
>>
>>
>>>>Julian Field wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>-----BEGIN PGP SIGNED MESSAGE-----
>>>>>Hash: SHA1
>>>>>
>>>>>I have just released the latest stable version of MailScanner,  
>>>>>4.46.2.
>>>>>
>>>>>Download as usual from www.mailscanner.info
>>>>>
>>>>>The Change Log is pretty small this month, things have been quiet.  
>>>>>The important bit for Postfix users is a fix involving the  
>>>>>internal TNEF expander. Also SpamAssassin 3.1.0 is supported and  
>>>>>doesn't generate any warnings.
>>>>>
>>>>>
>>>>
>>>>Julian,
>>>>
>>>>Do I need to run install.sh if I upgrade from mailscanner-4.44.6-2  
>>>>or will a rpm -Uvh mailscanner-4.46.2-2.noarch.rpm do?
>>
>>
>>You should be able to just rpm -Uvh it from 4.44 to 4.46. But  
>>generally I advise people to run ./install.sh anyway. You can speed  
>>it up a lot by doing "./install.sh fast".
>>
> 
> Is there a --force option in install.sh?
> Sometimes it would be nice to MAKE everything install again when things
> get hosed.
In looking at install.sh, I see there isn't.
But it looks like it would be easy to add.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Oct  6 17:39:22 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:53 2006
Subject: McAfee not being updated to 4561
Message-ID: <mailman.15807.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 06/10/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> Glenn Steen wrote:
> >
> >>>Seems speedownload.nai.com is OK, so a simple and probably very
> >>>temporary fix could be to alter the mcafee-autoupdate script to use
> >>>that. Sigh.
> >>>
> >>>Suggestions for the notes section of the wiki (that don't contain too
> >>>many profanities) much appreciated:).
> >>>
>
> Julian,
>
> If most MailScanner users using mcafee agree, could you change the
> FTPDIR in mcafee-autoupdate to this URL in future MS releases:
> http://speedownload.nai.com/products/datfiles/4.x/nai
>
> Though i believe most of us already have changed it manually when there
> was a problem some time back. If someone is aware of a better URL, do
> update us (and the wiki)
>
> - dhawal
>
I dunno Dahwal... As you can see I've updated the wiki to give the tip
to evryone who think they need it... But I've moved back to the
official one since then (no glitches so far:).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 17:39:55 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: 4.46.2: updates to perl modules
Message-ID: <mailman.15808.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson wrote:
> Julian,
>
> In my monthly review of current perl modules used by MailScanner,
> I found on CPAN:
>
Same here...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 17:42:19 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: Suggestion: configuration option for ClamAV paths
Message-ID: <mailman.15809.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Philip Hachey wrote:
> As has been suggested, mounting /tmp as tmpfs is also a good idea.
>   

Unless you're running on a box with not much more RAM than it really 
needs - or if any of the tmp processes would mean data loss in case of 
power loss, unexpected reboots, etc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Oct  6 17:42:12 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:53 2006
Subject: McAfee not being updated to 4561
Message-ID: <mailman.15810.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 06/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> On 06/10/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> > Glenn Steen wrote:
> > >
> > >>>Seems speedownload.nai.com is OK, so a simple and probably very
> > >>>temporary fix could be to alter the mcafee-autoupdate script to use
> > >>>that. Sigh.
> > >>>
> > >>>Suggestions for the notes section of the wiki (that don't contain too
> > >>>many profanities) much appreciated:).
> > >>>
> >
> > Julian,
> >
> > If most MailScanner users using mcafee agree, could you change the
> > FTPDIR in mcafee-autoupdate to this URL in future MS releases:
> > http://speedownload.nai.com/products/datfiles/4.x/nai
> >
> > Though i believe most of us already have changed it manually when there
> > was a problem some time back. If someone is aware of a better URL, do
> > update us (and the wiki)
> >
> > - dhawal
> >
> I dunno Dahwal... As you can see I've updated the wiki to give the tip
> to evryone who think they need it... But I've moved back to the
> official one since then (no glitches so far:).
>

Spoke too soon. See your point. Sigh.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 17:44:20 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: securing relay...
Message-ID: <mailman.15811.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> about this ("NDR-spam", "backwash", whatever). You could be
> "originating" a hefty amount of spam, yes. But, to my knowledge, no
> BLs blacklist this type of behaviour as such ... yet (but then, you
>   
I think I once looked something up on dnsstuff.com's list and the RBL 
said something about IP's being blocked for (virus bounces|bogus 
NDRs|open proxies) - so I wouldn't rule it out.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 17:46:20 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: [NATIONAL-ALERTS] (AUSCERT AL-2005.0030) Trojan "Hesive"
    Targets Microsoft Access Vulnerability (fwd)
Message-ID: <mailman.15812.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Russell wrote:
>  >2) going to Windows Update to get a patch for Office (which is
> presumably where they will patch it) won't work,
>  > as Office patches are only available from office.microsoft.com
>
>  .. AND update.microsoft.com :)
>
>   
True, since a few weeks back there's an update site that''ll do both.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 17:11:01 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15813.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/6/2005 8:41 AM:
> 
> On 6 Oct 2005, at 15:52, Scott Silva wrote:
> 
> 
>>>Julian Field spake the following on 10/6/2005 7:09 AM:
>>>
>>>
>>>>On 6 Oct 2005, at 00:41, Scott Silva wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>>Alex Neuman spake the following on 10/5/2005 4:18 PM:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Scott Silva wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>Scott Silva spake the following on 10/5/2005 2:44 PM:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>I have two mostly identical systems, but one has recently  
>>>>>>>>>stopped
>>>>>>>>>hitting the SURBL hits in spamassassin.
>>>>>>>>>I re-installed spamassasin, and diffed the configs between  
>>>>>>>>>the two
>>>>>>>>>systems, but can't find the problem.
>>>>>>>>>I can lint a test message on the non-working spamassassin and  
>>>>>>>>>the
>>>>>>>>>SURBL's hit.
>>>>>>>>>
>>>>>>>>>My next try is to re-install Net::DNS.
>>>>>>>>>Any other ideas?
>>>>>>>>>
>>>>>>>>>MailScanner is latest stable
>>>>>>>>>Spamassassin 3.1.0
>>>>>>>>>ClamAV 0.87
>>>>>>>>>All installed from Julian's tarball.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>Now I have;
>>>>>>>>Can't locate object method "check_uridnsbl" via package
>>>>>>>>"Mail::SpamAssassin::PerMsgStatus"
>>>>>>>>Not sure what module is hosed.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>Whenever I've had problems like that I look up all the modules
>>>>>>>that are
>>>>>>>required by every part (spamassassin, mailscanner, etc.) and  
>>>>>>>perl -
>>>>>>>MCPAN
>>>>>>>-e 'install Whatever::Module' one by one.
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>Whatever hosed this system seemed to happen at the upgrade to
>>>>>>spamassassin 3.1.0.
>>>>>>I'll have to hack at it again tomorrow.
>>>>>>
>>>>
>>>>
>>>>You haven't got 2 perls installed have you? Just a thought. You might
>>>>be installing some of it into the wrong one.
>>>>
>>>
>>>Just one. It was the first think I checked.
>>>5.8.0
>>>I think I will run through CPAN and force install each module again.
>>>I also see this;
>>>
>>>[28256] warn: config: failed to parse line, skipping: dcc_path
>>>usr/local/bin/dccproc
>>>[28256] warn: config: failed to parse line, skipping: dcc_home /var/ 
>>>dcc
>>>[28256] warn: config: failed to parse line, skipping: razor_timeout 10
> 
> 
> Have you uncommented the relevant lines in your /etc/mail/ 
> spamassassin/v310.pre (or whatever it's called)?
> 
> If you use my ClamAV+SA bundle then it tells you exactly what you  
> need to do to this file at the end of the installation process.
> 
> 
>>>[28256] warn: config: failed to parse line, skipping: urirhssub
>>>URIBL_BLACK  multi.uribl.com.        A   2
>>>[28256] warn: config: failed to parse line, skipping: urirhssub
>>>URIBL_GREY  multi.uribl.com.        A   4
> 
> 
> That's probably the same reason as above. There are some lines you  
> have to add to the file as well.
> 
> 
>>>[28256] warn: config: warning: score set for non-existent rule
>>>RAZOR2_CF_RANGE_51_100
> 
> 
> As above.

Finally!
After an extended session in CPAN, things seem OK. I still don't know
which module was tanked, but it's fixed!
Thank you to all!

And greeting from California, USA.
Where any actor can aspire to Governor!


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 17:48:21 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: SpamAssassin Efficiency
Message-ID: <mailman.15814.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Why not just increase the SpamAssassin timeout value in  
> MailScanner.conf?
>   
That and the usual "use local rbldns or a caching nameserver"... plus 
the "help, my sendmail is being DDOSed!" page that's been mentioned a 
couple of times on this list.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From andy at TIRESWING.NET  Thu Oct  6 17:54:19 2005
From: andy at TIRESWING.NET (Andy Norris)
Date: Thu Jan 12 21:30:53 2006
Subject: Opting a user/domain out of attachment checking
Message-ID: <mailman.15815.1137101453.24926.mailscanner@lists.mailscanner.info>

I recently upgraded MailScanner and SpamAssassin, and it seems that 
some of my fine-tuning has been wiped out. The rule to not scan mail 
for viruses FromOrTo a domain isn't working, apparently, and I've got 
people screaming at me about their zip files not coming through.

The book says to look in filename.rules.conf and filetype.rules.conf.

For now, I have commented out the line in filename.rules.conf for EXE files.

I have left alone filetype.rules.conf. Not sure why this file is 
necessary in conjunction with the other... but am leaving it alone for now.

This allows the exes in the zip files, but this is not really what I 
want to do server-wide.

I had set in the file virus-scan.rules the following line:

FromOrTo: *@calian.us no

I've tried both spaces and tabs here, and no difference... it doesn't work.

So am I messing with the wrong files, or not enough files? :-)

I'm running:
MailScanner version 4.45.4
SpamAssassin version 3.1.0

Please let me know if there's more information I need to include here 
for anyone to give me a hand here.

Thanks in advance for any and all suggestions. Especially the ones that help!

Andy Norris
andy@tireswing.net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 17:41:45 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15816.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> 
> Finally!
> After an extended session in CPAN, things seem OK. I still don't know
> which module was tanked, but it's fixed!
> Thank you to all!
> 
> And greeting from California, USA.
> Where any actor can aspire to Governor!
> 
> 

Spoke too soon!
Although lint tests all work, MailScanner isn't adding the URIBL scores
into messages.
If I take the same message and run it through lint, it shows up.
I guess I'm going to reinstall MailScanner now.
I think I will diff the config files for the two machines again first,
just to make sure.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Russell at KNOWLEDGEIT.CO.UK  Thu Oct  6 17:57:27 2005
From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell)
Date: Thu Jan 12 21:30:53 2006
Subject: Opting a user/domain out of attachment checking
Message-ID: <mailman.15817.1137101453.24926.mailscanner@lists.mailscanner.info>

The contents of this e-mail may be privileged and are confidential.
It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.

If received in error, please advise the sender, then delete it from your system.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
From alex at nkpanama.com  Thu Oct  6 18:19:05 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner and Logwatch
Message-ID: <mailman.15818.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Any examples? :)

Ryan Pitt wrote:
> I use Logwatch also - and have found that you can have Logwatch 
> *ignore* certain strings.  Its quite simple to do.
> Add the desired string to /etc/log.d/ignore.conf (Fedora Core 1) and 
> Logwatch will output a single line ie.  "3415 Ignored Lines" in place 
> of the usual long output.
> Hope this helps.
> Ryan
>
> Julian Field wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> Not currently, no.
>>
>> On 6 Oct 2005, at 13:55, Rose, Bobby wrote:
>>
>>
>>> Recently, we've migrated our gateway from Solaris to Linux and  
>>> before I
>>> go munging the script/confs is there a simple switch to disable the
>>> reporting of unmatched entries for MailScanner?
>>
>>
>> - -- Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: PGP Desktop 9.0.2 (Build 2425)
>>
>> iQEVAwUBQ0UxYvw32o+k+q+hAQHPrwf/erimi40H4vEmcTsO1W72bFlMq3B8b3DO
>> IRTx786ShfGpasbw4QrAIJzWoJMKs/2Jd+rbqn7lj2WtBQ/UGvnWAmD0ahDzAorw
>> s/PMaImCTOhIw89hVOfCsZy0fLwOuTmLKIByes+pv1aBslTxSc1Qfia1kMaQws/q
>> 7isL/N81mqiVvmD0jC1rCICge0gosZRRYCCrd+VHu4iW61sqPUuqBHxoGcEW7DXw
>> KjjlQecK5yj8bnBL3M3FvUT8F6GKUlIGHgWQxEKFqAKtvoBtvppWYzT10vwyhEak
>> 3bX34UXbnlfsXyvp+TU56LrNkYQKAEkv/hr71+PpeQXc4fuSaH6Ujg==
>> =5xLt
>> -----END PGP SIGNATURE-----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 18:03:22 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15819.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva spake the following on 10/6/2005 9:41 AM:
>>Finally!
>>After an extended session in CPAN, things seem OK. I still don't know
>>which module was tanked, but it's fixed!
>>Thank you to all!
>>
>>And greeting from California, USA.
>>Where any actor can aspire to Governor!
>>
>>
> 
> 
> Spoke too soon!
> Although lint tests all work, MailScanner isn't adding the URIBL scores
> into messages.
> If I take the same message and run it through lint, it shows up.
> I guess I'm going to reinstall MailScanner now.
> I think I will diff the config files for the two machines again first,
> just to make sure.
> 

Running MailScanner in debug mode gets entries like this;

rules: failed to run URIBL_BLACK test, skipping:
        (Can't locate object method "check_uridnsbl" via package
"Mail::SpamAssassin::PerMsgStatus" at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2581.

But if I pipe the same message into a lint, it works fine.

BUMP, BUMP, SLAM! (Head banging against wall)
-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 18:09:09 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:53 2006
Subject: securing relay...
Message-ID: <mailman.15820.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen spake the following on 10/6/2005 7:12 AM:
> On 05/10/05, JD Doelitzsch <jd@baritec.com> wrote:
> 
>>Thanks again guys, I checked the relay using those site and it seems to be
>>secure. I think what might be happening is my MS box takes any email then
>>forwards it to my winbox which will accept or deny depending on if there is
>>such a user. If no user my MS box tries to return to sender and so it looks
>>like spam is going out. Is this a possible scenario? would this generate
>>enough returned email that is spam to blacklist me? I am considering using
>>milter-ahead as a possible fix. What do you think?
>>
>>-JD
> 
> Yes, well ... if you check the archives to this list you'll find a lot
> about this ("NDR-spam", "backwash", whatever). You could be
> "originating" a hefty amount of spam, yes. But, to my knowledge, no
> BLs blacklist this type of behaviour as such ... yet (but then, you
> might be the first ... :-)..
> At least for postfix, this is documented in the wiki
> (http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:reject_non_existent_users))
>  ... using milter-ahead seems to be a reasonable way of fixing this
> for sendmail.
> 
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 
And not bouncing mail with the attachments still there.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 18:32:31 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Opting a user/domain out of attachment checking
Message-ID: <mailman.15821.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What did you mean to say?

Chris Russell wrote:

>The contents of this e-mail may be privileged and are confidential.
>It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.
>
>If received in error, please advise the sender, then delete it from your system.
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 18:37:54 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Spamassassin woes
Message-ID: <mailman.15822.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>Scott Silva spake the following on 10/6/2005 9:41 AM:
>  
>
>>>Finally!
>>>After an extended session in CPAN, things seem OK. I still don't know
>>>which module was tanked, but it's fixed!
>>>Thank you to all!
>>>
>>>And greeting from California, USA.
>>>Where any actor can aspire to Governor!
>>>
>>>
>>>      
>>>
>>Spoke too soon!
>>Although lint tests all work, MailScanner isn't adding the URIBL scores
>>into messages.
>>If I take the same message and run it through lint, it shows up.
>>I guess I'm going to reinstall MailScanner now.
>>I think I will diff the config files for the two machines again first,
>>just to make sure.
>>
>>    
>>
>
>Running MailScanner in debug mode gets entries like this;
>
>rules: failed to run URIBL_BLACK test, skipping:
>        (Can't locate object method "check_uridnsbl" via package
>"Mail::SpamAssassin::PerMsgStatus" at
>/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line 2581.
>
>But if I pipe the same message into a lint, it works fine.
>  
>
You don't have 2 Perl installations do you?
You will need to have added
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

to your init.pre file in /etc/mail/spamassassin, or else the SURBL stuff 
won't work at all.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 18:34:38 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:53 2006
Subject: Opting a user/domain out of attachment checking
Message-ID: <mailman.15823.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Check
Maximum Archive Depth
setting.
Also if you have "File Command" set to point to your "file" command, 
then filetype.rules.conf will be blocking executables by default, 
regardless of what they are called.


Andy Norris wrote:

> I recently upgraded MailScanner and SpamAssassin, and it seems that 
> some of my fine-tuning has been wiped out. The rule to not scan mail 
> for viruses FromOrTo a domain isn't working, apparently, and I've got 
> people screaming at me about their zip files not coming through.
>
> The book says to look in filename.rules.conf and filetype.rules.conf.
>
> For now, I have commented out the line in filename.rules.conf for EXE 
> files.
>
> I have left alone filetype.rules.conf. Not sure why this file is 
> necessary in conjunction with the other... but am leaving it alone for 
> now.
>
> This allows the exes in the zip files, but this is not really what I 
> want to do server-wide.
>
> I had set in the file virus-scan.rules the following line:
>
> FromOrTo: *@calian.us no
>
> I've tried both spaces and tabs here, and no difference... it doesn't 
> work.
>
> So am I messing with the wrong files, or not enough files? :-)
>
> I'm running:
> MailScanner version 4.45.4
> SpamAssassin version 3.1.0
>
> Please let me know if there's more information I need to include here 
> for anyone to give me a hand here.
>
> Thanks in advance for any and all suggestions. Especially the ones 
> that help!
>
> Andy Norris
> andy@tireswing.net
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Thu Oct  6 18:44:19 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:30:53 2006
Subject: Still getting spam of the drug nature
Message-ID: <mailman.15824.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

How would you do this in Postfix?

>If you'd drop connections from IP's with no reverse DNS, you'd lose a lot of
>your daily spam intake.
>  
>

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 18:56:04 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: Still getting spam of the drug nature
Message-ID: <mailman.15825.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Is there a way to do this using sendmail? I'll google around a bit, but 
in case anybody's already done it... I know AOL and a whole bunch of 
other ISPs are doing just that.

Rodney Green wrote:
> How would you do this in Postfix?
>
>> If you'd drop connections from IP's with no reverse DNS, you'd lose a 
>> lot of
>> your daily spam intake.
>>  
>>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 18:56:28 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:53 2006
Subject: Mailscanner and big Attach = much swap
Message-ID: <mailman.15826.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Needs more RAM? :)

Suporte SETi - Dennis wrote:
> Hi. I'm using MailScanner with Qmail, and i dont know wht when I send
> a mail .. like 40Mb, in my test mail-server the mail scanner go use 
> all RAM and
> use all SWAP that i set.. and CPU goes 100% .. for much time, like 1 hour.
>  
> what's the real problem??
>  
>  
> thanks
>
>
>
> --------------------------------------------------------------------
> Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam.
> Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From suporte at SETINET.COM.BR  Thu Oct  6 22:55:21 2005
From: suporte at SETINET.COM.BR (Suporte SETi - Dennis)
Date: Thu Jan 12 21:30:53 2006
Subject: Mailscanner and big Attach = much swap
Message-ID: <mailman.15827.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi. I'm using MailScanner with Qmail, and i dont know wht when I send
a mail .. like 40Mb, in my test mail-server the mail scanner go use all
RAM and
use all SWAP that i set.. and CPU goes 100% .. for much time, like 1
hour.
 
what's the real problem??
 
 
thanks



--------------------------------------------------------------------
Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam.
Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ryan at MARINOCRANE.COM  Thu Oct  6 19:09:18 2005
From: ryan at MARINOCRANE.COM (Ryan Pitt)
Date: Thu Jan 12 21:30:53 2006
Subject: MailScanner and Logwatch
Message-ID: <mailman.15828.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sure...I added the line
"Logging message" (without the quotes ;-)) to /etc/log.d/ignore.conf
Which resulted in "3415 Ignored Lines" for me in Logwatch yesterday.

Quoted from ignore.conf documentation....
"Simply cut and paste as much of the line as needed below be warned that 
it is possible to really limit your reports by placing a bad value below.
BAD EXAMPLE: putting a single "." alone on a line will filter all output"

Also, I noticed that YUM did not update the package for me and found 
that a much later version of Logwatch was available in rpm format from 
their web site.
http://www2.logwatch.org:8080/tabs/download/

Have fun!

Ryan

Alex Neuman wrote:
> Any examples? :)
> 
> Ryan Pitt wrote:
> 
>> I use Logwatch also - and have found that you can have Logwatch 
>> *ignore* certain strings.  Its quite simple to do.
>> Add the desired string to /etc/log.d/ignore.conf (Fedora Core 1) and 
>> Logwatch will output a single line ie.  "3415 Ignored Lines" in place 
>> of the usual long output.
>> Hope this helps.
>> Ryan
>>
>> Julian Field wrote:
>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>
>>> Not currently, no.
>>>
>>> On 6 Oct 2005, at 13:55, Rose, Bobby wrote:
>>>
>>>
>>>> Recently, we've migrated our gateway from Solaris to Linux and  
>>>> before I
>>>> go munging the script/confs is there a simple switch to disable the
>>>> reporting of unmatched entries for MailScanner?
>>>
>>>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From andy at TIRESWING.NET  Thu Oct  6 19:24:56 2005
From: andy at TIRESWING.NET (Andy Norris)
Date: Thu Jan 12 21:30:53 2006
Subject: Opting a user/domain out of attachment checking
Message-ID: <mailman.15829.1137101453.24926.mailscanner@lists.mailscanner.info>

Thanks Julian for your quick response.

Maximum Archive Depth = 2
Filetype Rules = %etc-dir%/filetype.rules.conf

%etc-dir% = /etc/MailScanner (that directory and file exist there).

I've just commented out, for the time-being, the lines denying .exe 
and .chm files. But I don't want to do that server-wide. Just for the 
domain calian.us.

Thanks again,
Andy


At 12:34 pm 2005-10-06, you wrote:
>Check
>Maximum Archive Depth
>setting.
>Also if you have "File Command" set to point to your "file" command, 
>then filetype.rules.conf will be blocking executables by default, 
>regardless of what they are called.
>
>
>Andy Norris wrote:
>
>>I recently upgraded MailScanner and SpamAssassin, and it seems that 
>>some of my fine-tuning has been wiped out. The rule to not scan 
>>mail for viruses FromOrTo a domain isn't working, apparently, and 
>>I've got people screaming at me about their zip files not coming through.
>>
>>The book says to look in filename.rules.conf and filetype.rules.conf.
>>
>>For now, I have commented out the line in filename.rules.conf for EXE files.
>>
>>I have left alone filetype.rules.conf. Not sure why this file is 
>>necessary in conjunction with the other... but am leaving it alone for now.
>>
>>This allows the exes in the zip files, but this is not really what 
>>I want to do server-wide.
>>
>>I had set in the file virus-scan.rules the following line:
>>
>>FromOrTo: *@calian.us no
>>
>>I've tried both spaces and tabs here, and no difference... it doesn't work.
>>
>>So am I messing with the wrong files, or not enough files? :-)
>>
>>I'm running:
>>MailScanner version 4.45.4
>>SpamAssassin version 3.1.0
>>
>>Please let me know if there's more information I need to include 
>>here for anyone to give me a hand here.
>>
>>Thanks in advance for any and all suggestions. Especially the ones that help!
>>
>>Andy Norris
>>andy@tireswing.net
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>
>
>--
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Thu Oct  6 19:18:16 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner and Logwatch
Message-ID: <mailman.15830.1137101453.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks... I'll look into it right away...

Ryan Pitt wrote:
> Sure...I added the line
> "Logging message" (without the quotes ;-)) to /etc/log.d/ignore.conf
> Which resulted in "3415 Ignored Lines" for me in Logwatch yesterday.
>
> Quoted from ignore.conf documentation....
> "Simply cut and paste as much of the line as needed below be warned 
> that it is possible to really limit your reports by placing a bad 
> value below.
> BAD EXAMPLE: putting a single "." alone on a line will filter all output"
>
> Also, I noticed that YUM did not update the package for me and found 
> that a much later version of Logwatch was available in rpm format from 
> their web site.
> http://www2.logwatch.org:8080/tabs/download/
>
> Have fun!
>
> Ryan
>
> Alex Neuman wrote:
>> Any examples? :)
>>
>> Ryan Pitt wrote:
>>
>>> I use Logwatch also - and have found that you can have Logwatch 
>>> *ignore* certain strings.  Its quite simple to do.
>>> Add the desired string to /etc/log.d/ignore.conf (Fedora Core 1) and 
>>> Logwatch will output a single line ie.  "3415 Ignored Lines" in 
>>> place of the usual long output.
>>> Hope this helps.
>>> Ryan
>>>
>>> Julian Field wrote:
>>>
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>
>>>> Not currently, no.
>>>>
>>>> On 6 Oct 2005, at 13:55, Rose, Bobby wrote:
>>>>
>>>>
>>>>> Recently, we've migrated our gateway from Solaris to Linux and  
>>>>> before I
>>>>> go munging the script/confs is there a simple switch to disable the
>>>>> reporting of unmatched entries for MailScanner?
>>>>
>>>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 19:11:25 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:54 2006
Subject: Spamassassin woes
Message-ID: <mailman.15831.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/6/2005 10:37 AM:
> Scott Silva wrote:
> 
>> Scott Silva spake the following on 10/6/2005 9:41 AM:
>>  
>>
>>>> Finally!
>>>> After an extended session in CPAN, things seem OK. I still don't know
>>>> which module was tanked, but it's fixed!
>>>> Thank you to all!
>>>>
>>>> And greeting from California, USA.
>>>> Where any actor can aspire to Governor!
>>>>
>>>>
>>>>     
>>>
>>> Spoke too soon!
>>> Although lint tests all work, MailScanner isn't adding the URIBL scores
>>> into messages.
>>> If I take the same message and run it through lint, it shows up.
>>> I guess I'm going to reinstall MailScanner now.
>>> I think I will diff the config files for the two machines again first,
>>> just to make sure.
>>>
>>>   
>>
>>
>> Running MailScanner in debug mode gets entries like this;
>>
>> rules: failed to run URIBL_BLACK test, skipping:
>>        (Can't locate object method "check_uridnsbl" via package
>> "Mail::SpamAssassin::PerMsgStatus" at
>> /usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line
>> 2581.
>>
>> But if I pipe the same message into a lint, it works fine.
>>  
>>
> You don't have 2 Perl installations do you?
> You will need to have added
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
> 
> to your init.pre file in /etc/mail/spamassassin, or else the SURBL stuff
> won't work at all.
> 
One perl, and I have the line to load the plugin.
Can't figure out why I can lint a message as root, and get different
results than MailScanner running as root.
That should eliminate any path or permission problems.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Thu Oct  6 19:45:13 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15832.1137101454.24926.mailscanner@lists.mailscanner.info>

Is there a possible to work on the fraud issue .

It is a good idea, but it does need refining.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Oct  6 19:45:03 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:54 2006
Subject: Still getting spam of the drug nature
Message-ID: <mailman.15833.1137101454.24926.mailscanner@lists.mailscanner.info>

On 6 Oct 2005, at 18:44, Rodney Green wrote:

> How would you do this in Postfix?

smtpd_helo_restrictions = reject_non_fqdn_hostname

And you can also add reject_unknown_hostname to reject MTAs that HELO  
with unknown names.

These can be quite draconian so you might want to first test them by  
adding warn_if_reject in front of those so Postfix does the test and  
logs the failure instead of actually rejecting based on the failure.  
That way over a few days you can make sure you best customer's dodgy  
Exchange server isn't being rejected in error.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct  6 19:49:28 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15834.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

In what way? You need to give me rather more information than that.

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the 
Problem wrote:

>Is there a possible to work on the fraud issue .
>
>It is a good idea, but it does need refining.
>  
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From henker at S-H-COM.DE  Thu Oct  6 19:56:13 2005
From: henker at S-H-COM.DE (Steffan Henke)
Date: Thu Jan 12 21:30:54 2006
Subject: Still getting spam of the drug nature
Message-ID: <mailman.15835.1137101454.24926.mailscanner@lists.mailscanner.info>

On Thu, 6 Oct 2005, Alex Neuman wrote:

> Is there a way to do this using sendmail? I'll google around a bit, but in 
> case anybody's already done it... I know AOL and a whole bunch of other ISPs 
> are doing just that.

IIRC, this should be somewhere in the list archives. You may want to 
google for require_rdns.m4 , just add it to sendmail.

Regards,

Steffan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Thu Oct  6 19:47:00 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:54 2006
Subject: Mailscanner and big Attach = much swap
Message-ID: <mailman.15836.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


On 6 Oct 2005, at 22:55, Suporte SETi - Dennis wrote:

      Hi. I'm using MailScanner with Qmail, and i dont know wht
      when I send
a mail .. like 40Mb, in my test mail-server the mail scanner go use
all RAM and
use all SWAP that i set.. and CPU goes 100% .. for much time, like
1 hour.
 
what's the real problem??
 

Try putting MailScanner into debug (See bottom of MailScanner.conf) and
restarting MS. It will run one batch 'on screen' and should give you an
idea what is causing the problem

Drew

--
In line with our policy, this message has been scanned for
viruses and dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From raymond at PROLOCATION.NET  Thu Oct  6 20:11:37 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15837.1137101454.24926.mailscanner@lists.mailscanner.info>

Hi!

> Is there a possible to work on the fraud issue .
>
> It is a good idea, but it does need refining.

Sure, go ahead.... :)

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Oct  6 20:13:13 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15838.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
Problem wrote:
> Is there a possible to work on the fraud issue .
> 
> It is a good idea, but it does need refining.
> 
Could you be more vague? :)

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KGoods at AIAINSURANCE.COM  Thu Oct  6 20:41:31 2005
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15839.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon:: Blacknight.ie wrote:
> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
> Problem wrote:
>> Is there a possible to work on the fraud issue .
>> 
>> It is a good idea, but it does need refining.
>> 
> Could you be more vague? :)

Maybe..... 

Sorry, couldn't resist. :)

Ken

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ralloway at WINBEAM.COM  Thu Oct  6 20:49:55 2005
From: ralloway at WINBEAM.COM (Richard D Alloway)
Date: Thu Jan 12 21:30:54 2006
Subject: CentOS 4.1 final w/posix lock still having issues
Message-ID: <mailman.15840.1137101454.24926.mailscanner@lists.mailscanner.info>

On Thu, 6 Oct 2005, Richard D Alloway wrote:

> On Wed, 5 Oct 2005, Kevin Spicer wrote:
>
>> On Wed, 2005-10-05 at 10:17 -0400, Richard D Alloway wrote:
>>> But, I still get deliveries with the dreaded "Message body disappears" 
>>> errors.
>> ...
>>> What should I look for at this point?
>> 
>> Wild shot in the dark, from the one time I saw this myself (very long
>> time ago).  Make sure that sendmail is being started from the
>> MailScanner startup scripts and that you have the noetrn option on in
>> that startup script (its there by default so it should be...).  Also
>> worth grepping the logs for etrn, just in case the command line option
>> isn't being honoured for some reason.  You don't want to let folks use
>> etrn!
>> 
>> Probably not your problem, but doesn't hurt to check.
>
> Thanks for the suggestions, but it doesn't look like etrn is the issue.  We 
> don't have anyone using etrn at all on any of our mail servers at this point 
> and the noetrn option is in the MailScanner startup script.  Also, the only 
> reference to etrn in the logs are lines like:
>
> Oct  6 09:59:55 smtp-gateway-5 sendmail[22406]: j96DxtOg022406: 
> [218.68.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> So, there's still something going on that I'm not aware of...
>
> Any other thoughts? :)
>
> -Rich

In addition to any further thoughts anyone has regarding why identical 
installations fail (No Message Collected error) when the only difference is the 
one failing is the only CentOS box deployed, can someone tell suggest a way to 
watch the locking processes for sendmail and MailScanner?

I can do a strace on sendmail and watch sendmail opening the files in mqueue.in 
with O_EXCL but watching MailScanner with the same options to strace only shows 
a bunch of temp files in /tmp and some for clamav.

This is regardless of whether it is one of my 5 boxes that is working or the 1 
box that isn't.

Thanks!

-Rich

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 20:35:32 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:54 2006
Subject: Spamassassin woes
Message-ID: <mailman.15841.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva spake the following on 10/6/2005 11:11 AM:
> Julian Field spake the following on 10/6/2005 10:37 AM:
> 
>>Scott Silva wrote:
>>
>>
>>>Scott Silva spake the following on 10/6/2005 9:41 AM:
>>> 
>>>
>>>
>>>>>Finally!
>>>>>After an extended session in CPAN, things seem OK. I still don't know
>>>>>which module was tanked, but it's fixed!
>>>>>Thank you to all!
>>>>>
>>>>>And greeting from California, USA.
>>>>>Where any actor can aspire to Governor!
>>>>>
>>>>>
>>>>>    
>>>>
>>>>Spoke too soon!
>>>>Although lint tests all work, MailScanner isn't adding the URIBL scores
>>>>into messages.
>>>>If I take the same message and run it through lint, it shows up.
>>>>I guess I'm going to reinstall MailScanner now.
>>>>I think I will diff the config files for the two machines again first,
>>>>just to make sure.
>>>>
>>>>  
>>>
>>>
>>>Running MailScanner in debug mode gets entries like this;
>>>
>>>rules: failed to run URIBL_BLACK test, skipping:
>>>       (Can't locate object method "check_uridnsbl" via package
>>>"Mail::SpamAssassin::PerMsgStatus" at
>>>/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line
>>>2581.
>>>
>>>But if I pipe the same message into a lint, it works fine.
>>> 
>>>
>>
>>You don't have 2 Perl installations do you?
>>You will need to have added
>>loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>>
>>to your init.pre file in /etc/mail/spamassassin, or else the SURBL stuff
>>won't work at all.
>>
> 
> One perl, and I have the line to load the plugin.
> Can't figure out why I can lint a message as root, and get different
> results than MailScanner running as root.
> That should eliminate any path or permission problems.
> 
> 
I have found the problem.
For some reason, the local rules directory is getting ignored and either
MailScanner or spamassassin is looking in /usr/etc/mail/spamassassin
instead of /etc/mail/spamassassin
The working system had that directory, and the non working system didn't.
Making a symlink seems to have cured the non-working system, but now I
need to find out why this happened.
All my config files have the proper paths in them, so I do not know
where this /usr/etc/mail/spamassassin came from.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From campbell at CNPAPERS.COM  Thu Oct  6 21:08:04 2005
From: campbell at CNPAPERS.COM (Steve Campbell)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15842.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Maybe you should take the alias (aka) more literally. The answer lies there.

Steve Campbell
campbell@cnpapers.com
Charleston Newspapers

----- Original Message ----- 
From: "Ken Goods" <KGoods@AIAINSURANCE.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, October 06, 2005 3:41 PM
Subject: Re: Fraud


> Michele Neylon:: Blacknight.ie wrote:
>> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
>> Problem wrote:
>>> Is there a possible to work on the fraud issue .
>>> 
>>> It is a good idea, but it does need refining.
>>> 
>> Could you be more vague? :)
> 
> Maybe..... 
> 
> Sorry, couldn't resist. :)
> 
> Ken
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct  6 21:02:11 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:54 2006
Subject: Spamassassin woes - OT
Message-ID: <mailman.15843.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva spake the following on 10/6/2005 12:35 PM:
> Scott Silva spake the following on 10/6/2005 11:11 AM:
> 
>>Julian Field spake the following on 10/6/2005 10:37 AM:
>>
>>
>>>Scott Silva wrote:
>>>
>>>
>>>
>>>>Scott Silva spake the following on 10/6/2005 9:41 AM:
>>>>
>>>>
>>>>
>>>>
>>>>>>Finally!
>>>>>>After an extended session in CPAN, things seem OK. I still don't know
>>>>>>which module was tanked, but it's fixed!
>>>>>>Thank you to all!
>>>>>>
>>>>>>And greeting from California, USA.
>>>>>>Where any actor can aspire to Governor!
>>>>>>
>>>>>>
>>>>>>   
>>>>>
>>>>>Spoke too soon!
>>>>>Although lint tests all work, MailScanner isn't adding the URIBL scores
>>>>>into messages.
>>>>>If I take the same message and run it through lint, it shows up.
>>>>>I guess I'm going to reinstall MailScanner now.
>>>>>I think I will diff the config files for the two machines again first,
>>>>>just to make sure.
>>>>>
>>>>> 
>>>>
>>>>
>>>>Running MailScanner in debug mode gets entries like this;
>>>>
>>>>rules: failed to run URIBL_BLACK test, skipping:
>>>>      (Can't locate object method "check_uridnsbl" via package
>>>>"Mail::SpamAssassin::PerMsgStatus" at
>>>>/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line
>>>>2581.
>>>>
>>>>But if I pipe the same message into a lint, it works fine.
>>>>
>>>>
>>>
>>>You don't have 2 Perl installations do you?
>>>You will need to have added
>>>loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>>>
>>>to your init.pre file in /etc/mail/spamassassin, or else the SURBL stuff
>>>won't work at all.
>>>
>>
>>One perl, and I have the line to load the plugin.
>>Can't figure out why I can lint a message as root, and get different
>>results than MailScanner running as root.
>>That should eliminate any path or permission problems.
>>
>>
> 
> I have found the problem.
> For some reason, the local rules directory is getting ignored and either
> MailScanner or spamassassin is looking in /usr/etc/mail/spamassassin
> instead of /etc/mail/spamassassin
> The working system had that directory, and the non working system didn't.
> Making a symlink seems to have cured the non-working system, but now I
> need to find out why this happened.
> All my config files have the proper paths in them, so I do not know
> where this /usr/etc/mail/spamassassin came from.
> 
> 
Right after I fixed this, I got my highest scoring message - 80.37 points.

BAM! You're gone!

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Thu Oct  6 23:10:14 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15844.1137101454.24926.mailscanner@lists.mailscanner.info>

On Thu, Oct 06, 2005 at 07:49:28PM +0100, Julian Field wrote:
> In what way? You need to give me rather more information than that.
>

Again newsletters are marked {Fraud?}   even from localhost.

Yes there are frauds, but legitimate newsletters?

That is for starters.

> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the 
> Problem wrote:
> 
> >Is there a possible to work on the fraud issue .
> >
> >It is a good idea, but it does need refining.
> > 
> >
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Thu Oct  6 23:11:11 2005
From: Dave (Dave)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15845.1137101454.24926.mailscanner@lists.mailscanner.info>

On Thu, Oct 06, 2005 at 08:13:13PM +0100, Michele Neylon:: Blacknight.ie wrote:
> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
> Problem wrote:
> > Is there a possible to work on the fraud issue .
> > 
> > It is a good idea, but it does need refining.
> > 
> Could you be more vague? :)
>

Now that the attention has been captured ...
 
> -- 
> Mr Michele Neylon
> Blacknight Solutions
> Quality Business Hosting & Colocation
> http://www.blacknight.ie/
> Tel. 1850 927 280
> Intl. +353 (0) 59  9183072
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 59  9164239
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Oct  6 23:14:58 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:30:54 2006
Subject: Fraud
Message-ID: <mailman.15846.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
Problem wrote:
> On Thu, Oct 06, 2005 at 07:49:28PM +0100, Julian Field wrote:
> 
>>In what way? You need to give me rather more information than that.
>>
> 
> 
> Again newsletters are marked {Fraud?}   even from localhost.
> 
> Yes there are frauds, but legitimate newsletters?
> 
> That is for starters.
> 

Why don't you do us all a favour and do the following:
1 - Read the documentation. There is plenty of it both in the
configuration files, on the MailScanner site and elsewhere
2 - Read the mailing list archives or use the search option
3 - Learn to provide _clear_ information when you are asking for assistance.

There are plenty of people on this list who will help you if you follow
steps 1 to 3





-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ka at PACIFIC.NET  Thu Oct  6 23:29:58 2005
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:30:54 2006
Subject: O.T. mod_perl smtp server
Message-ID: <mailman.15847.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Anyone played with this?
http://search.cpan.org/~mock/Apache-SMTP-0.01/lib/Apache/SMTP.pm

It's Apache2, mod_perl, and Net::SMTP to make a simple scalable smtp 
server or smtp proxy.

Might it be a good fit for mailscanner?

Looks like it was developed by http://www.mailchannels.com/opensource/

I think I'd like being able to use mod_throttle to throttle smtp 
connections! It's made my list of 'must tinker with' toys of 2005.

Ken A
Pacific.Net

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vasiliy at linuxspecial.com  Thu Oct  6 23:35:48 2005
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 12 21:30:54 2006
Subject: We would love to help! (RE: FRAUD)
Message-ID: <mailman.15848.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff,

Please join the Irc server (irc.freenode.net) and join #mailscanner.

I hope you know how to use irc...

On irc people disregard the needless 1s 2s and 3s and get right to the 
point :)))))))

-- 
Vasiliy Boulytchev
Colorado Information Technologies
www.coinfotech.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mgt at STELLARCORE.NET  Fri Oct  7 00:19:22 2005
From: mgt at STELLARCORE.NET (Mike Tremaine)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner and Logwatch
Message-ID: <mailman.15849.1137101454.24926.mailscanner@lists.mailscanner.info>

On Thu, 6 Oct 2005 13:18:16 -0500, Alex Neuman <alex@NKPANAMA.COM> wrote:

>Thanks... I'll look into it right away...
>

You can also post the types of entries you are not getting matched to
logawtch -at- logwatch -dot- org and I'll be happy to do something with
them. We should have a new beta coming out shortly so now would be a good
time to hit me with new stuff.

-Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vasiliy at linuxspecial.com  Fri Oct  7 00:23:27 2005
From: vasiliy at linuxspecial.com (Vasiliy Boulytchev)
Date: Thu Jan 12 21:30:54 2006
Subject: We would love to help! (RE: FRAUD)
Message-ID: <mailman.15850.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Vasiliy Boulytchev wrote:

> Dave Shariff,
>
> Please join the Irc server (irc.freenode.net) and join #mailscanner.
>
> I hope you know how to use irc...
>
> On irc people disregard the needless 1s 2s and 3s and get right to the 
> point :)))))))
>


http://www.google.com/search?q=dave+shariff&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official

Gentlemen, here is a google search on David Shariff's cries out for help 
:).  Seems that he follows the same pattern :)))

Sorry, its just too funny.

Anyone posting this to slashdot?

j/k

-- 
Vasiliy Boulytchev
Colorado Information Technologies
www.coinfotech.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Fri Oct  7 02:01:55 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:30:54 2006
Subject: spam mail
Message-ID: <mailman.15851.1137101454.24926.mailscanner@lists.mailscanner.info>

Maybe I'm not getting the jest of how this is supposed to work, but I keep getting sporadic spam mail with basically the same content and certain key words that in my opinion should be picked up by either SA or MS.  The subject is different but the content isn't.  So my question is does either of the two apps actually scan the content (body) of the e-mail or are they just looking at the header and subject line?

Thanks


Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  32 lines. ]
    [ Unable to print this part. ]


From ugob at CAMO-ROUTE.COM  Fri Oct  7 02:45:14 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:54 2006
Subject: spam mail
Message-ID: <mailman.15852.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jon Miller wrote:
> Maybe I'm not getting the jest of how this is supposed to work, but I keep getting sporadic spam mail with basically the same content and certain key words that in my opinion should be picked up by either SA or MS.  The subject is different but the content isn't.  So my question is does either of the two apps actually scan the content (body) of the e-mail or are they just looking at the header and subject line?

Spamassassin scans the headers + body.  MailScanner doesn't scan 
anything for spam.  It only checks for RBL if you ask it to.

You can't decide to treat a message as spam just because of one word...

To improve your setup, please read: 
http://wiki.mailscanner.info/doku.php?id=maq:index#optimization_tips

Regards,
-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Fri Oct  7 03:30:02 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:54 2006
Subject: O.T. mod_perl smtp server
Message-ID: <mailman.15853.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken A wrote:
> Anyone played with this?
> http://search.cpan.org/~mock/Apache-SMTP-0.01/lib/Apache/SMTP.pm
> 
> It's Apache2, mod_perl, and Net::SMTP to make a simple scalable smtp 
> server or smtp proxy.
> 
> Might it be a good fit for mailscanner?
> 

I don't see exactly why one would use in prod environment a product that 
seems to be young.  You have a lot of mature alternatives for MTA: 
Sendmail, Postfix, Exim, Qmail, Zmailer that offer many different ways 
to be configured.  Apparently, you can throttle connexions with a milter 
or a config.

> Looks like it was developed by http://www.mailchannels.com/opensource/
> 
> I think I'd like being able to use mod_throttle to throttle smtp 
> connections! It's made my list of 'must tinker with' toys of 2005.
> 
> Ken A
> Pacific.Net
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct  7 08:59:16 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:54 2006
Subject: Spamassassin woes
Message-ID: <mailman.15854.1137101454.24926.mailscanner@lists.mailscanner.info>

Scott

Oh and 

SpamAssassin Site Rules Dir = /etc/mail/spamassassin

As well :-)

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Scott Silva
Sent: 06 October 2005 20:36
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Spamassassin woes

Scott Silva spake the following on 10/6/2005 11:11 AM:
> Julian Field spake the following on 10/6/2005 10:37 AM:
> 
>>Scott Silva wrote:
>>
>>
>>>Scott Silva spake the following on 10/6/2005 9:41 AM:
>>> 
>>>
>>>
>>>>>Finally!
>>>>>After an extended session in CPAN, things seem OK. I still don't know
>>>>>which module was tanked, but it's fixed!
>>>>>Thank you to all!
>>>>>
>>>>>And greeting from California, USA.
>>>>>Where any actor can aspire to Governor!
>>>>>
>>>>>
>>>>>    
>>>>
>>>>Spoke too soon!
>>>>Although lint tests all work, MailScanner isn't adding the URIBL scores
>>>>into messages.
>>>>If I take the same message and run it through lint, it shows up.
>>>>I guess I'm going to reinstall MailScanner now.
>>>>I think I will diff the config files for the two machines again first,
>>>>just to make sure.
>>>>
>>>>  
>>>
>>>
>>>Running MailScanner in debug mode gets entries like this;
>>>
>>>rules: failed to run URIBL_BLACK test, skipping:
>>>       (Can't locate object method "check_uridnsbl" via package
>>>"Mail::SpamAssassin::PerMsgStatus" at
>>>/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line
>>>2581.
>>>
>>>But if I pipe the same message into a lint, it works fine.
>>> 
>>>
>>
>>You don't have 2 Perl installations do you?
>>You will need to have added
>>loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>>
>>to your init.pre file in /etc/mail/spamassassin, or else the SURBL stuff
>>won't work at all.
>>
> 
> One perl, and I have the line to load the plugin.
> Can't figure out why I can lint a message as root, and get different
> results than MailScanner running as root.
> That should eliminate any path or permission problems.
> 
> 
I have found the problem.
For some reason, the local rules directory is getting ignored and either
MailScanner or spamassassin is looking in /usr/etc/mail/spamassassin
instead of /etc/mail/spamassassin
The working system had that directory, and the non working system didn't.
Making a symlink seems to have cured the non-working system, but now I
need to find out why this happened.
All my config files have the proper paths in them, so I do not know
where this /usr/etc/mail/spamassassin came from.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct  7 09:01:42 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:54 2006
Subject: spam mail
Message-ID: <mailman.15855.1137101454.24926.mailscanner@lists.mailscanner.info>

Also check
http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassi
n:rules:recommended

There's a whole load of rules that are really useful.

Also check you've got the URI-RBL's working..

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Jon Miller
Sent: 07 October 2005 02:02
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [MAILSCANNER] spam mail

Maybe I'm not getting the jest of how this is supposed to work, but I keep
getting sporadic spam mail with basically the same content and certain key
words that in my opinion should be picked up by either SA or MS.  The
subject is different but the content isn't.  So my question is does either
of the two apps actually scan the content (body) of the e-mail or are they
just looking at the header and subject line?

Thanks


Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct  7 08:58:27 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:54 2006
Subject: Spamassassin woes
Message-ID: <mailman.15856.1137101454.24926.mailscanner@lists.mailscanner.info>

Scott

Check MailScanner.conf and make sure "SpamAssassin Local Rules Dir" and
"SpamAssassin Default Rules Dir" equal nothing...

ie

#SpamAssassin Local Rules Dir = /opt/MailScanner/etc/mail/spamassassin
SpamAssassin Local Rules Dir =

# The default rules are searched for here, and in prefix/share/spamassassin,
# /usr/local/share/spamassassin, /usr/share/spamassassin, and maybe others.
# If this is set then it adds to the list of places that are searched;
# otherwise it has no effect.
#SpamAssassin Default Rules Dir = /opt/MailScanner/share/spamassassin
SpamAssassin Default Rules Dir =

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Scott Silva
Sent: 06 October 2005 20:36
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: [MAILSCANNER] Spamassassin woes

Scott Silva spake the following on 10/6/2005 11:11 AM:
> Julian Field spake the following on 10/6/2005 10:37 AM:
> 
>>Scott Silva wrote:
>>
>>
>>>Scott Silva spake the following on 10/6/2005 9:41 AM:
>>> 
>>>
>>>
>>>>>Finally!
>>>>>After an extended session in CPAN, things seem OK. I still don't know
>>>>>which module was tanked, but it's fixed!
>>>>>Thank you to all!
>>>>>
>>>>>And greeting from California, USA.
>>>>>Where any actor can aspire to Governor!
>>>>>
>>>>>
>>>>>    
>>>>
>>>>Spoke too soon!
>>>>Although lint tests all work, MailScanner isn't adding the URIBL scores
>>>>into messages.
>>>>If I take the same message and run it through lint, it shows up.
>>>>I guess I'm going to reinstall MailScanner now.
>>>>I think I will diff the config files for the two machines again first,
>>>>just to make sure.
>>>>
>>>>  
>>>
>>>
>>>Running MailScanner in debug mode gets entries like this;
>>>
>>>rules: failed to run URIBL_BLACK test, skipping:
>>>       (Can't locate object method "check_uridnsbl" via package
>>>"Mail::SpamAssassin::PerMsgStatus" at
>>>/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line
>>>2581.
>>>
>>>But if I pipe the same message into a lint, it works fine.
>>> 
>>>
>>
>>You don't have 2 Perl installations do you?
>>You will need to have added
>>loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>>
>>to your init.pre file in /etc/mail/spamassassin, or else the SURBL stuff
>>won't work at all.
>>
> 
> One perl, and I have the line to load the plugin.
> Can't figure out why I can lint a message as root, and get different
> results than MailScanner running as root.
> That should eliminate any path or permission problems.
> 
> 
I have found the problem.
For some reason, the local rules directory is getting ignored and either
MailScanner or spamassassin is looking in /usr/etc/mail/spamassassin
instead of /etc/mail/spamassassin
The working system had that directory, and the non working system didn't.
Making a symlink seems to have cured the non-working system, but now I
need to find out why this happened.
All my config files have the proper paths in them, so I do not know
where this /usr/etc/mail/spamassassin came from.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct  7 09:22:16 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:54 2006
Subject: Fwd: IPv6 sendmail problem
Message-ID: <mailman.15857.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Repost as it seems to have lost the message.



      From: Julian Field <MailScanner@ecs.soton.ac.uk>
Date: 7 October 2005 08:45:18 BDT
To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
Subject: IPv6 sendmail problem


One for you gurus out there...

I'm using IPv6 with sendmail 8.13.1 on RHEL 4 box.

Got problems relaying. My access db contains these IPv6 lines:

IPv6:2001:0630:00d0 RELAY
IPv6:2001:630:d0 RELAY
[IPv6:2001:0630:00d0] RELAY

As you can see I have tried a few variants :-)

But I still get these errors:

   ----- Transcript of session follows -----
... while talking to relay.ecs.soton.ac.uk.:


                  DATA


<<< 550 5.7.1 <user@domain.ac.uk>... Relaying denied. IP name
lookup failed [IPv6:2001:630:d0:f110:204:23ff:feb3:e42c]
550 5.1.1 user@domain.ac.uk... User unknown
<<< 503 5.0.0 Need RCPT (recipient)

(Names changed to protect the innocent)

It appears to be ignoring my IPv6 RELAY lines altogether.

Any ideas?
-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From dee at asyouneed.com  Fri Oct  7 09:52:10 2005
From: dee at asyouneed.com (Dee Lowndes)
Date: Thu Jan 12 21:30:54 2006
Subject: Stopping Messages broken up by HTML
Message-ID: <mailman.15858.1137101454.24926.mailscanner@lists.mailscanner.info>

Hi All,

	Does anyone have a ruleset that can stop messages that are broken up by
html as seen below.

Regards,
Dee Lowndes
Hi Do you
want t


pend less
On yo


ations?


o s
ur Meddic






Yes? Peace of cake :) - Additional information  
Lev
Xan
Cia
Via
Am
Vali
it
a
li
g
b
u
ra
x
s $1
ra $
ien
m $
 
 
.21
3.33
 
3.75
  plus 200 other , Good bye 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct  7 10:07:51 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:54 2006
Subject: Stopping Messages broken up by HTML
Message-ID: <mailman.15859.1137101454.24926.mailscanner@lists.mailscanner.info>

Dee
Put up the full email on a web page somewhere (headers and all). I'll run it
over my system, which has lots of extra rules, and I'll what hits.



--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Dee Lowndes
Sent: 07 October 2005 09:52
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [MAILSCANNER] Stopping Messages broken up by HTML

Hi All,

	Does anyone have a ruleset that can stop messages that are broken up
by
html as seen below.

Regards,
Dee Lowndes
Hi Do you
want t


pend less
On yo


ations?


o s
ur Meddic






Yes? Peace of cake :) - Additional information  
Lev
Xan
Cia
Via
Am
Vali
it
a
li
g
b
u
ra
x
s $1
ra $
ien
m $
 
 
.21
3.33
 
3.75
  plus 200 other , Good bye 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct  7 08:45:18 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:54 2006
Subject: IPv6 sendmail problem
Message-ID: <mailman.15860.1137101454.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

One for you gurus out there...

I'm using IPv6 with sendmail 8.13.1 on RHEL 4 box.

Got problems relaying. My access db contains these IPv6 lines:

IPv6:2001:0630:00d0 RELAY
IPv6:2001:630:d0 RELAY
[IPv6:2001:0630:00d0] RELAY

As you can see I have tried a few variants :-)

But I still get these errors:

    ----- Transcript of session follows -----
... while talking to relay.ecs.soton.ac.uk.:

>>> DATA
>>>
<<< 550 5.7.1 <user@domain.ac.uk>... Relaying denied. IP name lookup  
failed [IPv6:2001:630:d0:f110:204:23ff:feb3:e42c]
550 5.1.1 user@domain.ac.uk... User unknown
<<< 503 5.0.0 Need RCPT (recipient)

(Names changed to protect the innocent)

It appears to be ignoring my IPv6 RELAY lines altogether.

Any ideas?
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0YnkPw32o+k+q+hAQFasAf/WaQ/qCu5PbQbhCSHmpmWl75AjDGvYrT+
8IkT/Lm7Cov8DNceoeAvVpkgpdPHFxQjpNfHA5yiTOjky39m/dKn2X9HXSq0J8Aa
bY+Z2EeyMqx3LXAG9Kw7LA993gACewkd+yIKHPWCIZVclYTzp3zpjE1Tg3rF3Eq7
xHyh4B/zh4NPIec7bUE1YsNf1qq2DtJ3ANygr+jCHir6LAhGu9tZOJWS5mlf9zs2
HgERppUP9fhqggFBZAyNcddSNr3v2gu9Bqdp4oRCrcV+8SPRIznZh3nreiQ3Xept
ZLcIi9CkeNbDpANTigEAULoytY9LAqzczl6BkYIxZBIjgewZYYEVHQ==
=SRIs
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Fri Oct  7 14:39:51 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:54 2006
Subject: Clustering MS
Message-ID: <mailman.15861.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I did a search on MailScanner wiki for rsync and did not find Glenn's
5ki15 script.  Was wondering if the script was done, and posted somewhere
that I am not aware of?

On 8/30/05, Glenn Steen <glenn.steen@gmail.com> wrote:
      On 30/08/05, James Gray <james@grayonline.id.au> wrote:
      > On Tuesday 30 August 2005 19:58, Raymond Dijkxhoorn wrote:
      (snip)
      > > > Simplistically you could keep the plaintext config
      files in sync with
      > > > any tool ... like rsync...
      > >
      > > Sure, but there is a product doing that, the things you
      mentioned. If you
      > > have the cashflow to make 2 datacenters you most likely
      can send some
      > > towards Julian by supporting the product. You can also do
      some rsync trics
      > > but most likely you have to figure that out ytourself.
      >
      > It's weird - we have two data centres (Boston MA, USA and
      Sydney AUST), two
      > MailScanner gateways and I was only pondering today that I
      really should pull
      > my finger out and write a combined script that "rsync's"
      all the configs then
      > restarts stuff that's changed so I only have to modify the
      files on one
      > machine.....
      >
      > Anyone interested to see my scripting 5ki15 when it's all
      done?

      Should fit well in the wiki, no?

      >
      > We run independent bayes databases on each server - they
      get enough of the
      > same sort of mail to be "close enough".  If we ever wanted
      shared a database
      > I'd put in some sort of funky mysql replication...or
      something along those
      > lines anyway (never looked into it in much detail).
      >
      > Cheers
      >
      > James
      > --
      > Until Eve arrived, this was a man's world.
      >   -- Richard Armour
      Are you sure Eve sisn't take the position "You had it on loan
      for a
      few minutes, 's all! You no-good oaf!" on this one?-)

      --
      -- Glenn
      email: glenn < dot > steen < at > gmail < dot > com
      work: glenn < dot > steen < at > ap1 < dot > se

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (
      http://wiki.mailscanner.info/) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From lbcadmin at gmail.com  Fri Oct  7 14:44:14 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner on boot
Message-ID: <mailman.15862.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have a CentOS 4.1 system with MailScanner loaded for the possibility of
using in one or our remote locations.  I have gone into the GUI services
and took the check out of MailScanner and Sendmail to startup at boot,
but that did not seem to keep MailScanner from starting on a boot.  I did
a chkconfig and turned off all mailscanner levels, and I must not
understand the purpose of chkconfig, but once again Mailscanner has
decided to when the system is booted.  What can I do to keep MailScanner
from running when the system is rebooted?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From naolson at gmail.com  Fri Oct  7 14:53:17 2005
From: naolson at gmail.com (Nathan Olson)
Date: Thu Jan 12 21:30:54 2006
Subject: Clustering MS
Message-ID: <mailman.15863.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

cfengine may be useful for synchronization.  Ideally, a Makefile
should exist if rsync is used.  You'd change the config and then just
type 'make'.

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michael at NOMENNESCIO.NET  Fri Oct  7 15:07:07 2005
From: michael at NOMENNESCIO.NET (Mike)
Date: Thu Jan 12 21:30:54 2006
Subject: IPv6 sendmail problem
Message-ID: <mailman.15864.1137101454.24926.mailscanner@lists.mailscanner.info>

> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> 
> One for you gurus out there...
> 
> I'm using IPv6 with sendmail 8.13.1 on RHEL 4 box.
> 
> Got problems relaying. My access db contains these IPv6 lines:
> 
> IPv6:2001:0630:00d0 RELAY
> IPv6:2001:630:d0 RELAY
> [IPv6:2001:0630:00d0] RELAY
> 
> As you can see I have tried a few variants :-)
> 
> But I still get these errors:
> 
>     ----- Transcript of session follows -----
> ... while talking to relay.ecs.soton.ac.uk.:
> 
> >>> DATA
> >>>
> <<< 550 5.7.1 <user@domain.ac.uk>... Relaying denied. IP name lookup
> failed [IPv6:2001:630:d0:f110:204:23ff:feb3:e42c]

I think the problem is that the IPv6 address
2001:630:d0:f110:204:23ff:feb3:e42c cannot be resolved into an IP name:

# host 2001:630:d0:f110:204:23ff:feb3:e42c
Host
c.2.4.e.3.b.e.f.f.f.3.2.4.0.2.0.0.1.1.f.0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa
not found: 3(NXDOMAIN)

As opposed to:

# host 2001:630:d0:f102:230:48ff:fe11:b6bc
c.b.6.b.1.1.e.f.f.f.8.4.0.3.2.0.2.0.1.f.0.d.0.0.0.3.6.0.1.0.0.2.ip6.arpa
domain name pointer peewit.ecs.soton.ac.uk.

(relay.ecs.soton.ac.uk being an alias for peewit).

I presume that the relay entries in your access.db are therefore not
executed. On the notation, I have the following entry in my access.db:

Connect:IPv6:2002:507f:a412::1	OK

So, IMHO the [] are not necessary. IPv6:2001:630:d0 RELAY should be ok.

> It appears to be ignoring my IPv6 RELAY lines altogether.
> 
> Any ideas?
> - --
> Julian Field

Mike.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Fri Oct  7 15:44:20 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:30:54 2006
Subject: Upgrade uncertainty
Message-ID: <mailman.15865.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

I recently upgraded a MS box from RHEL3 to CentOS4.  I used to run MS 4.37 
and SA 3.0.4 and I would frequently using ClamAV detect the following viruses:

HTML.Phishing.Auction-XX
HTML.Phishing.Bank-XX

With my brand new box running SA 3.1 and MS 4.46-2, I no longer see ClamAV 
detecting these.  I am wondering if they are now flagged as high scoring 
spam and never scanned by ClamAV?

I read down the ChangeLog and did not find anything mentioning this....

Also, on the main site, I see:

1/10/2005  	Released stable version 4.64.2. SpamAssassin 3.1.0 supported 
better, and a few minor features and bug fixes.

I only find 4.46.2-2 for download, so I expect this is a typo?

Thanks,

Chris

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Fri Oct  7 15:45:18 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner on boot
Message-ID: <mailman.15866.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Okay,  I did the 'chkconfig --list MailScanner' and saw the different run
levels turned on.  So yes, I can see that 'mailscanner' is not the way to
go.  I ran 'chkconfig --levels 0123456 MailScanner off' and rebooted. 
Still the same problem.  Denis, I didn't even thought about the
cron.hourly job for check_MailScanner.  I removed this from the
cron.hourly, and rebooted....currently wait for system to
reboot.......okay rebooted now.

Looks like removing the check_MailScanner from the cron.hourly fixed it. 
now when I do a 'service MailScanner status' I get an error for
sendmail.in.pid and sendmail.out.pid.  This would be expected.  now when
I decide to use MailScanner on this system, I just need to remember to
add  check_MailScanner back into cron.hourly.

Nate, thanks for clearing up difference between "MailScanner" and
"mailscanner," this could have continued to haunt me in other situations.

Casey

On 10/7/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
      Information Services wrote:

      > I have a CentOS 4.1 system with MailScanner loaded for the
      possibility
      > of using in one or our remote locations.  I have gone into
      the GUI
      > services and took the check out of MailScanner and Sendmail
      to startup
      > at boot, but that did not seem to keep MailScanner from
      starting on a
      > boot.  I did a chkconfig and turned off all mailscanner
      levels, and I
      > must not understand the purpose of chkconfig, but once
      again
      > Mailscanner has decided to when the system is booted.  What
      can I do
      > to keep MailScanner from running when the system is
      rebooted?**

      Maybe /etc/cron.hourly/check_MailScanner is restarting it?

      OTOH, are you sure MS is completely disabled?  Do "chkconfig
      --list
      MailScanner" and make sure it is off in all run levels.

      Denis

      --
         _
        °v°   Denis Beauchemin, analyste
      /(_)\  Université de Sherbrooke, S.T.I.
        ^ ^   T: 819.821.8000x2252 F: 819.821.8045




------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Fri Oct  7 16:21:44 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:54 2006
Subject: Upgrade uncertainty
Message-ID: <mailman.15867.1137101454.24926.mailscanner@lists.mailscanner.info>

Typo, now fixed.

On 7 Oct 2005, at 15:44, Chris Conn wrote:
> Also, on the main site, I see:
>
> 1/10/2005      Released stable version 4.64.2. SpamAssassin 3.1.0  
> supported better, and a few minor features and bug fixes.
>
> I only find 4.46.2-2 for download, so I expect this is a typo?

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct  7 16:25:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner on boot
Message-ID: <mailman.15868.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It's a bit more intelligent than that.
If you do a "service MailScanner stop" it creates a lockfile in
/var/lock/subsys/MailScanner.off. When the hourly cron job runs, it
detects the presence of this file and doesn't then start up MailScanner.

So all you need to do is a "service MailScanner stop" and it will stay
stopped. No need to mess around with the cron jobs at all.

On 7 Oct 2005, at 15:45, Information Services wrote:

      Okay,  I did the 'chkconfig --list MailScanner' and saw the
      different run levels turned on.  So yes, I can see that
      'mailscanner' is not the way to go.  I ran 'chkconfig
      --levels 0123456 MailScanner off' and rebooted.  Still the
      same problem.  Denis, I didn't even thought about the
      cron.hourly job for check_MailScanner.  I removed this from
      the cron.hourly, and rebooted....currently wait for system to
      reboot.......okay rebooted now.

      Looks like removing the check_MailScanner from the
      cron.hourly fixed it.  now when I do a 'service MailScanner
      status' I get an error for sendmail.in.pid and
      sendmail.out.pid.  This would be expected.  now when I decide
      to use MailScanner on this system, I just need to remember to
      add  check_MailScanner back into cron.hourly.

      Nate, thanks for clearing up difference between "MailScanner"
      and "mailscanner," this could have continued to haunt me in
      other situations.

      Casey

      On 10/7/05, Denis Beauchemin
      <Denis.Beauchemin@usherbrooke.ca> wrote:
            Information Services wrote:

            > I have a CentOS 4.1 system with MailScanner
            loaded for the possibility
            > of using in one or our remote locations.  I
            have gone into the GUI
            > services and took the check out of MailScanner
            and Sendmail to startup
            > at boot, but that did not seem to keep
            MailScanner from starting on a
            > boot.  I did a chkconfig and turned off all
            mailscanner levels, and I
            > must not understand the purpose of chkconfig,
            but once again
            > Mailscanner has decided to when the system is
            booted.  What can I do
            > to keep MailScanner from running when the
            system is rebooted?**

            Maybe /etc/cron.hourly/check_MailScanner is
            restarting it?

            OTOH, are you sure MS is completely disabled?  Do
            "chkconfig --list
            MailScanner" and make sure it is off in all run
            levels.


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From alex at nkpanama.com  Fri Oct  7 16:37:16 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:54 2006
Subject: Still getting spam of the drug nature
Message-ID: <mailman.15869.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Steffan Henke wrote:
> IIRC, this should be somewhere in the list archives. You may want to 
> google for require_rdns.m4 , just add it to sendmail.
>
I found that and a few others... thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at nkpanama.com  Fri Oct  7 16:36:01 2005
From: alex at nkpanama.com (Alex Neuman)
Date: Thu Jan 12 21:30:54 2006
Subject: CentOS 4.1 final w/posix lock still having issues
Message-ID: <mailman.15870.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Richard D Alloway wrote:
> On Thu, 6 Oct 2005, Richard D Alloway wrote:
>
>> On Wed, 5 Oct 2005, Kevin Spicer wrote:
>>
>>> On Wed, 2005-10-05 at 10:17 -0400, Richard D Alloway wrote:
>>>> But, I still get deliveries with the dreaded "Message body 
>>>> disappears" errors.
>>> ...
>>>> What should I look for at this point?
>>>
>>> Wild shot in the dark, from the one time I saw this myself (very long
>>> time ago).  Make sure that sendmail is being started from the
>>> MailScanner startup scripts and that you have the noetrn option on in
>>> that startup script (its there by default so it should be...).  Also
>>> worth grepping the logs for etrn, just in case the command line option
>>> isn't being honoured for some reason.  You don't want to let folks use
>>> etrn!
>>>
>>> Probably not your problem, but doesn't hurt to check.
>>
>> Thanks for the suggestions, but it doesn't look like etrn is the 
>> issue.  We don't have anyone using etrn at all on any of our mail 
>> servers at this point and the noetrn option is in the MailScanner 
>> startup script.  Also, the only reference to etrn in the logs are 
>> lines like:
>>
>> Oct  6 09:59:55 smtp-gateway-5 sendmail[22406]: j96DxtOg022406: 
>> [218.68.xxx.xxx] did not issue MAIL/EXPN/VRFY/ETRN during connection 
>> to MTA
>>
>> So, there's still something going on that I'm not aware of...
>>
>> Any other thoughts? :)
>>
>> -Rich
>
> In addition to any further thoughts anyone has regarding why identical 
> installations fail (No Message Collected error) when the only 
> difference is the one failing is the only CentOS box deployed, can 
> someone tell suggest a way to watch the locking processes for sendmail 
> and MailScanner?
>
> I can do a strace on sendmail and watch sendmail opening the files in 
> mqueue.in with O_EXCL but watching MailScanner with the same options 
> to strace only shows a bunch of temp files in /tmp and some for clamav.
>
> This is regardless of whether it is one of my 5 boxes that is working 
> or the 1 box that isn't.
>
> Thanks!
>
> -Rich
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
I once had a problem on a CentOS box that seemed to be lock-related. 
 From time to time messages would be delivered with extra LF's and 
dovecot would refuse to read them. The problem went away when I set Max 
Child Processes = 1; I don't remember if/how I solved it after that.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ka at PACIFIC.NET  Fri Oct  7 16:48:41 2005
From: ka at PACIFIC.NET (Ken A)
Date: Thu Jan 12 21:30:54 2006
Subject: O.T. mod_perl smtp server
Message-ID: <mailman.15871.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ugo Bellavance wrote:
> Ken A wrote:
>> Anyone played with this?
>> http://search.cpan.org/~mock/Apache-SMTP-0.01/lib/Apache/SMTP.pm
>>
>> It's Apache2, mod_perl, and Net::SMTP to make a simple scalable smtp 
>> server or smtp proxy.
>>
>> Might it be a good fit for mailscanner?
>>
> 
> I don't see exactly why one would use in prod environment a product that 
> seems to be young.  You have a lot of mature alternatives for MTA: 
> Sendmail, Postfix, Exim, Qmail, Zmailer that offer many different ways 
> to be configured.  Apparently, you can throttle connexions with a milter 
> or a config.

You are right about it being immature and not ready for prod 
envirionment. It's not even written yet. There are some developers here 
too though. It's probably not ever going to be wise to dump your mail 
hub MTAs for this.

But, because a MailScanner machines are often setup as a relays out in 
front of other machines, and MailScanner and SA are perl, this could 
reduce the i/o that MailScanner does quite a bit by keeping mail in the 
pipeline. Tt would put MailScanner 'in' a lightweight MTA, but you'd 
lose the benefits of the IN/OUT queuing buckets.

I just thought I'd mention it here, since I feel there may be some 
potential efficiency gains, and when it comes to mail processing, that's 
a big deal.

Thanks,
Ken A
Pacific.Net


> 
>> Looks like it was developed by http://www.mailchannels.com/opensource/
>>
>> I think I'd like being able to use mod_throttle to throttle smtp 
>> connections! It's made my list of 'must tinker with' toys of 2005.
>>
>> Ken A
>> Pacific.Net
>>
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From luca.palazzo at NCE-ICT.IT  Fri Oct  7 16:52:36 2005
From: luca.palazzo at NCE-ICT.IT (Luca Palazzo)
Date: Thu Jan 12 21:30:54 2006
Subject: Postfix queue file
Message-ID: <mailman.15872.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,
When I try to requeue messages i got:
fatal: uid=0: unexpected record type: 67

I'm using mailscanner 4.41 with spam messages stored (Quarantine Whole
Messages As Queue Files = yes)

How can I requeue them?

Thanks
- --

Luca Palazzo
System Engineer

N.C.E.  Network Consulting Engineering s.r.l.
Via Etnea, 52 - 95028 Valverde (CT) - ITALY
Tel/Fax: +39 095 524190
Mobile: +39 340 4608689
web: www.nce-ict.it
mail: luca.palazzo@nce-ict.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDRpnEFU0TB0V8iHsRAniEAJ9gJiqC43VjeF9uiOUwLGyrwV8O5QCfRDTs
fH5iG0adP3JQVnb7Kwu1IXI=
=FZYz
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct  7 16:45:23 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:54 2006
Subject: Spamassassin woes
Message-ID: <mailman.15873.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Martin Hepworth spake the following on 10/7/2005 12:59 AM:
> Scott
> 
> Oh and 
> 
> SpamAssassin Site Rules Dir = /etc/mail/spamassassin
> 
> As well :-)
> 
> --
> Martin Hepworth 
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
> 
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
> Of Scott Silva
> Sent: 06 October 2005 20:36
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Spamassassin woes
> 
> Scott Silva spake the following on 10/6/2005 11:11 AM:
> 
>>Julian Field spake the following on 10/6/2005 10:37 AM:
>>
>>
>>>Scott Silva wrote:
>>>
>>>
>>>
>>>>Scott Silva spake the following on 10/6/2005 9:41 AM:
>>>>
>>>>
>>>>
>>>>
>>>>>>Finally!
>>>>>>After an extended session in CPAN, things seem OK. I still don't know
>>>>>>which module was tanked, but it's fixed!
>>>>>>Thank you to all!
>>>>>>
>>>>>>And greeting from California, USA.
>>>>>>Where any actor can aspire to Governor!
>>>>>>
>>>>>>
>>>>>>   
>>>>>
>>>>>Spoke too soon!
>>>>>Although lint tests all work, MailScanner isn't adding the URIBL scores
>>>>>into messages.
>>>>>If I take the same message and run it through lint, it shows up.
>>>>>I guess I'm going to reinstall MailScanner now.
>>>>>I think I will diff the config files for the two machines again first,
>>>>>just to make sure.
>>>>>
>>>>> 
>>>>
>>>>
>>>>Running MailScanner in debug mode gets entries like this;
>>>>
>>>>rules: failed to run URIBL_BLACK test, skipping:
>>>>      (Can't locate object method "check_uridnsbl" via package
>>>>"Mail::SpamAssassin::PerMsgStatus" at
>>>>/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin/PerMsgStatus.pm line
>>>>2581.
>>>>
>>>>But if I pipe the same message into a lint, it works fine.
>>>>
>>>>
>>>
>>>You don't have 2 Perl installations do you?
>>>You will need to have added
>>>loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>>>
>>>to your init.pre file in /etc/mail/spamassassin, or else the SURBL stuff
>>>won't work at all.
>>>
>>
>>One perl, and I have the line to load the plugin.
>>Can't figure out why I can lint a message as root, and get different
>>results than MailScanner running as root.
>>That should eliminate any path or permission problems.
>>
>>
> 
> I have found the problem.
> For some reason, the local rules directory is getting ignored and either
> MailScanner or spamassassin is looking in /usr/etc/mail/spamassassin
> instead of /etc/mail/spamassassin
> The working system had that directory, and the non working system didn't.
> Making a symlink seems to have cured the non-working system, but now I
> need to find out why this happened.
> All my config files have the proper paths in them, so I do not know
> where this /usr/etc/mail/spamassassin came from.
> 
> 
This was blank as the default seemed to be the proper directory, but I
guess time changes all.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Fri Oct  7 17:01:40 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:54 2006
Subject: Postfix queue file
Message-ID: <mailman.15874.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Luca Palazzo wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi all,
> When I try to requeue messages i got:
> fatal: uid=0: unexpected record type: 67
> 
> I'm using mailscanner 4.41 with spam messages stored (Quarantine Whole
> Messages As Queue Files = yes)
> 
> How can I requeue them?
> 
> Thanks
> - --
> 
> Luca Palazzo

See if this helps.. [all on one line]
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Fri Oct  7 17:32:30 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner on boot
Message-ID: <mailman.15875.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian,

I see what you are saying, and I gave it a try, and for some reason
MailScanner starts on it's own.  Thinking about what I have running on my
system:

MailWatch
RDJ
Spamassassin
sendmail
 
I realized that I had made a config change in /etc/rulesdujour/config and
added
SA_RESTART="/etc/init.d/MailScanner restart";

I changed this line to "/root/do_nothing.sh";  and then turned off
MailScanner with 'service MailScanner stop'....rebooted, I have looked
into all my cron jobs, and there is nothing that I can see in cron that
would specify MailScanner.  I am not sure what else to check.   About one
minute after a reboot MailScanner starts automatically.  What am I
missing here?

On 10/7/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
      It's a bit more intelligent than that.
      If you do a "service MailScanner stop" it creates a lockfile
      in /var/lock/subsys/MailScanner.off. When the hourly cron job
      runs, it detects the presence of this file and doesn't then
      start up MailScanner.

So all you need to do is a "service MailScanner stop" and it will
stay stopped. No need to mess around with the cron jobs at all.

On 7 Oct 2005, at 15:45, Information Services wrote:

      Okay,  I did the 'chkconfig --list MailScanner' and saw
      the different run levels turned on.  So yes, I can see
      that 'mailscanner' is not the way to go.  I ran
      'chkconfig --levels 0123456 MailScanner off' and
      rebooted.  Still the same problem.  Denis, I didn't
      even thought about the cron.hourly job for
      check_MailScanner.  I removed this from the
      cron.hourly, and rebooted....currently wait for system
      to reboot.......okay rebooted now.

      Looks like removing the check_MailScanner from the
      cron.hourly fixed it.  now when I do a 'service
      MailScanner status' I get an error for sendmail.in.pid
      and sendmail.out.pid.  This would be expected.  now
      when I decide to use MailScanner on this system, I just
      need to remember to add  check_MailScanner back into
      cron.hourly.

      Nate, thanks for clearing up difference between
      "MailScanner" and "mailscanner," this could have
      continued to haunt me in other situations.

      Casey

      On 10/7/05, Denis Beauchemin <
      Denis.Beauchemin@usherbrooke.ca> wrote:
            Information Services wrote:

            > I have a CentOS 4.1 system with
            MailScanner loaded for the possibility
            > of using in one or our remote
            locations.  I have gone into the GUI
            > services and took the check out of
            MailScanner and Sendmail to startup
            > at boot, but that did not seem to keep
            MailScanner from starting on a
            > boot.  I did a chkconfig and turned off
            all mailscanner levels, and I
            > must not understand the purpose of
            chkconfig, but once again
            > Mailscanner has decided to when the
            system is booted.  What can I do
            > to keep MailScanner from running when the
            system is rebooted?**

            Maybe /etc/cron.hourly/check_MailScanner is
            restarting it?

            OTOH, are you sure MS is completely
            disabled?  Do "chkconfig --list
            MailScanner" and make sure it is off in all
            run levels.


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From phachey at CITY.CORNWALL.ON.CA  Fri Oct  7 17:48:31 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:30:54 2006
Subject: 4.46.2: updates to perl modules
Message-ID: <mailman.15876.1137101454.24926.mailscanner@lists.mailscanner.info>

I'm running Perl 5.8.7 on WhiteBox 3 Linux, and module versions similar to
yours with these differences:
Files::Spec 3.11 (PathTools)
IO::Stringy 2.108 (hmm.. I should upgrade this one)

Outside of a bit of workaround during installation (two Perls), everything's
working great.  In fact, I'd say my system load is noiticeably reduced
(although that may also be related to the recent SpamAssassin upgrade).

Philip Hachey

On Thu, 6 Oct 2005 08:41:08 -0400, Jeff A. Earickson <jaearick@COLBY.EDU> wrote:

>Julian,
>
>In my monthly review of current perl modules used by MailScanner,
>I found on CPAN:
>
>                  your    latest
>module          version  version
>---------------------------------
>Compress-zlib    1.34      1.40
>Archive-Zip      1.14      1.16
>File-Spec        0.82      0.90
>HTML-Tagset      3.03      3.04
>IO-stringy       2.108     2.110
>MailTools        1.50      1.67
>Mime-tools       5.417     5.418
>Net-CIDR         0.10      0.11
>TimeDate         1.1301    1.16
>
>I am running the latest versions with MS 4.46.2 on Solaris
>9 with no problems.
>
>Jeff Earickson
>Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Fri Oct  7 18:01:48 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner on boot
Message-ID: <mailman.15877.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You don't happen to run Webmin do you? There's a feature to restart services if they die.

Information Services wrote:
> Julian,
> 
> I see what you are saying, and I gave it a try, and for some reason 
> MailScanner starts on it's own.  Thinking about what I have running on 
> my system:
> 
> MailWatch
> RDJ
> Spamassassin
> sendmail
>  
> I realized that I had made a config change in /etc/rulesdujour/config 
> and added
> SA_RESTART="/etc/init.d/MailScanner restart";
> 
> I changed this line to "/root/do_nothing.sh";  and then turned off 
> MailScanner with 'service MailScanner stop'....rebooted, I have looked 
> into all my cron jobs, and there is nothing that I can see in cron that 
> would specify MailScanner.  I am not sure what else to check.   About 
> one minute after a reboot MailScanner starts automatically.  What am I 
> missing here?
> 
> On 10/7/05, *Julian Field* <MailScanner@ecs.soton.ac.uk 
> <mailto:MailScanner@ecs.soton.ac.uk>> wrote:
> 
>     It's a bit more intelligent than that.
> 
>     If you do a "service MailScanner stop" it creates a lockfile in
>     /var/lock/subsys/MailScanner.off. When the hourly cron job runs, it
>     detects the presence of this file and doesn't then start up
>     MailScanner.
> 
>     So all you need to do is a "service MailScanner stop" and it will
>     stay stopped. No need to mess around with the cron jobs at all.
> 
>     On 7 Oct 2005, at 15:45, Information Services wrote:
> 
>>     Okay,  I did the 'chkconfig --list MailScanner' and saw the
>>     different run levels turned on.  So yes, I can see that
>>     'mailscanner' is not the way to go.  I ran 'chkconfig --levels
>>     0123456 MailScanner off' and rebooted.  Still the same problem. 
>>     Denis, I didn't even thought about the cron.hourly job for
>>     check_MailScanner.  I removed this from the cron.hourly, and
>>     rebooted....currently wait for system to reboot.......okay
>>     rebooted now.
>>
>>     Looks like removing the check_MailScanner from the cron.hourly
>>     fixed it.  now when I do a 'service MailScanner status' I get an
>>     error for sendmail.in.pid and sendmail.out.pid.  This would be
>>     expected.  now when I decide to use MailScanner on this system, I
>>     just need to remember to add  check_MailScanner back into cron.hourly.
>>
>>     Nate, thanks for clearing up difference between "MailScanner" and
>>     "mailscanner," this could have continued to haunt me in other
>>     situations.
>>
>>     Casey
>>
>>     On 10/7/05, *Denis Beauchemin* < Denis.Beauchemin@usherbrooke.ca
>>     <mailto:Denis.Beauchemin@usherbrooke.ca>> wrote:
>>
>>         Information Services wrote:
>>
>>> I have a CentOS 4.1 system with MailScanner loaded for the
>>         possibility
>>> of using in one or our remote locations.  I have gone into
>>         the GUI
>>> services and took the check out of MailScanner and Sendmail
>>         to startup
>>> at boot, but that did not seem to keep MailScanner from
>>         starting on a
>>> boot.  I did a chkconfig and turned off all mailscanner
>>         levels, and I
>>> must not understand the purpose of chkconfig, but once again
>>> Mailscanner has decided to when the system is booted.  What
>>         can I do
>>> to keep MailScanner from running when the system is rebooted?**
>>
>>         Maybe /etc/cron.hourly/check_MailScanner is restarting it?
>>
>>         OTOH, are you sure MS is completely disabled?  Do "chkconfig
>>         --list
>>         MailScanner" and make sure it is off in all run levels.
> 
> 
>     -- 
>     Julian Field
>     www.MailScanner.info <http://www.MailScanner.info>
>     Buy the MailScanner book at www.MailScanner.info/store
>     <http://www.MailScanner.info/store>
>     PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
>     -- 
>     This message has been scanned for viruses and
>     dangerous content by *MailScanner* <http://www.mailscanner.info/>,
>     and is
>     believed to be clean. 
> 
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct  7 18:24:47 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:54 2006
Subject: MailScanner on boot
Message-ID: <mailman.15878.1137101454.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Information Services spake the following on 10/7/2005 9:32 AM:
> Julian,
> 
> I see what you are saying, and I gave it a try, and for some reason
> MailScanner starts on it's own.  Thinking about what I have running on
> my system:
> 
> MailWatch
> RDJ
> Spamassassin
> sendmail
>  
> I realized that I had made a config change in /etc/rulesdujour/config
> and added
> SA_RESTART="/etc/init.d/MailScanner restart";
> 
> I changed this line to "/root/do_nothing.sh";  and then turned off
> MailScanner with 'service MailScanner stop'....rebooted, I have looked
> into all my cron jobs, and there is nothing that I can see in cron that
> would specify MailScanner.  I am not sure what else to check.   About
> one minute after a reboot MailScanner starts automatically.  What am I
> missing here?
> 
> On 10/7/05, *Julian Field* <MailScanner@ecs.soton.ac.uk
> <mailto:MailScanner@ecs.soton.ac.uk>> wrote:
> 
>     It's a bit more intelligent than that.
> 
>     If you do a "service MailScanner stop" it creates a lockfile in
>     /var/lock/subsys/MailScanner.off. When the hourly cron job runs, it
>     detects the presence of this file and doesn't then start up
>     MailScanner.
> 
>     So all you need to do is a "service MailScanner stop" and it will
>     stay stopped. No need to mess around with the cron jobs at all.
> 
>     On 7 Oct 2005, at 15:45, Information Services wrote:
> 
>>     Okay,  I did the 'chkconfig --list MailScanner' and saw the
>>     different run levels turned on.  So yes, I can see that
>>     'mailscanner' is not the way to go.  I ran 'chkconfig --levels
>>     0123456 MailScanner off' and rebooted.  Still the same problem. 
>>     Denis, I didn't even thought about the cron.hourly job for
>>     check_MailScanner.  I removed this from the cron.hourly, and
>>     rebooted....currently wait for system to reboot.......okay
>>     rebooted now.
>>
>>     Looks like removing the check_MailScanner from the cron.hourly
>>     fixed it.  now when I do a 'service MailScanner status' I get an
>>     error for sendmail.in.pid and sendmail.out.pid.  This would be
>>     expected.  now when I decide to use MailScanner on this system, I
>>     just need to remember to add  check_MailScanner back into cron.hourly.
>>
>>     Nate, thanks for clearing up difference between "MailScanner" and
>>     "mailscanner," this could have continued to haunt me in other
>>     situations.
>>
>>     Casey
>>
>>     On 10/7/05, *Denis Beauchemin* < Denis.Beauchemin@usherbrooke.ca
>>     <mailto:Denis.Beauchemin@usherbrooke.ca>> wrote:
>>
>>         Information Services wrote:
>>
>>> I have a CentOS 4.1 system with MailScanner loaded for the
>>         possibility
>>> of using in one or our remote locations.  I have gone into
>>         the GUI
>>> services and took the check out of MailScanner and Sendmail
>>         to startup
>>> at boot, but that did not seem to keep MailScanner from
>>         starting on a
>>> boot.  I did a chkconfig and turned off all mailscanner
>>         levels, and I
>>> must not understand the purpose of chkconfig, but once again
>>> Mailscanner has decided to when the system is booted.  What
>>         can I do
>>> to keep MailScanner from running when the system is rebooted?**
>>
>>         Maybe /etc/cron.hourly/check_MailScanner is restarting it?
>>
>>         OTOH, are you sure MS is completely disabled?  Do "chkconfig
>>         --list
>>         MailScanner" and make sure it is off in all run levels.
Are you running Mailscanner-mrtg?
The older version had a problem with re-starting mailscanner.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ewallig at AEROCONTRACTORS.COM  Fri Oct  7 19:14:29 2005
From: ewallig at AEROCONTRACTORS.COM (Ed Wallig)
Date: Thu Jan 12 21:30:55 2006
Subject: Determine version and other ??
Message-ID: <mailman.15879.1137101454.24926.mailscanner@lists.mailscanner.info>

Hi, running a version of MS from earlier this year on CentOS4 and have
a few questions:
 *  How do I determine what version is running?
 *  What is the "best practice" for upgrading a live system?
 *  If we choose not to upgrade MS at this time, can newer versions of
    ClamAV be used (currently using 85.1 - want to upgrade to 87.1)?
 
Thanks,
 
Ed Wallig
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/X-PKCS7-SIGNATURE  6.1KB. ]
    [ Unable to print this part. ]


From jfagan at FIRSTLIGHTNETWORKS.COM  Fri Oct  7 19:15:14 2005
From: jfagan at FIRSTLIGHTNETWORKS.COM (James Fagan)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15880.1137101455.24926.mailscanner@lists.mailscanner.info>

> Information Services spake the following on 10/7/2005 9:32 AM:
> > Julian,
> > 
> > I see what you are saying, and I gave it a try, and for some reason 
> > MailScanner starts on it's own.  Thinking about what I have 
> running on 
> > my system:
> > 
> > MailWatch
> > RDJ
> > Spamassassin
> > sendmail
> >  
> > I realized that I had made a config change in 
> /etc/rulesdujour/config 
> > and added SA_RESTART="/etc/init.d/MailScanner restart";
> > 
> > I changed this line to "/root/do_nothing.sh";  and then turned off 
> > MailScanner with 'service MailScanner stop'....rebooted, I 
> have looked 
> > into all my cron jobs, and there is nothing that I can see 
> in cron that
> > would specify MailScanner.  I am not sure what else to 
> check.   About
> > one minute after a reboot MailScanner starts automatically. 
>  What am I 
> > missing here?
> > 
> > On 10/7/05, *Julian Field* <MailScanner@ecs.soton.ac.uk 
> > <mailto:MailScanner@ecs.soton.ac.uk>> wrote:
> > 
> >     It's a bit more intelligent than that.
> > 
> >     If you do a "service MailScanner stop" it creates a lockfile in
> >     /var/lock/subsys/MailScanner.off. When the hourly cron 
> job runs, it
> >     detects the presence of this file and doesn't then start up
> >     MailScanner.
> > 
> >     So all you need to do is a "service MailScanner stop" 
> and it will
> >     stay stopped. No need to mess around with the cron jobs at all.
> > 
> >     On 7 Oct 2005, at 15:45, Information Services wrote:
> > 
> >>     Okay,  I did the 'chkconfig --list MailScanner' and saw the
> >>     different run levels turned on.  So yes, I can see that
> >>     'mailscanner' is not the way to go.  I ran 'chkconfig --levels
> >>     0123456 MailScanner off' and rebooted.  Still the same 
> problem. 
> >>     Denis, I didn't even thought about the cron.hourly job for
> >>     check_MailScanner.  I removed this from the cron.hourly, and
> >>     rebooted....currently wait for system to reboot.......okay
> >>     rebooted now.
> >>
> >>     Looks like removing the check_MailScanner from the cron.hourly
> >>     fixed it.  now when I do a 'service MailScanner 
> status' I get an
> >>     error for sendmail.in.pid and sendmail.out.pid.  This would be
> >>     expected.  now when I decide to use MailScanner on 
> this system, I
> >>     just need to remember to add  check_MailScanner back 
> into cron.hourly.
> >>
> >>     Nate, thanks for clearing up difference between 
> "MailScanner" and
> >>     "mailscanner," this could have continued to haunt me in other
> >>     situations.
> >>
> >>     Casey
> >>
> >>     On 10/7/05, *Denis Beauchemin* < 
> Denis.Beauchemin@usherbrooke.ca
> >>     <mailto:Denis.Beauchemin@usherbrooke.ca>> wrote:
> >>
> >>         Information Services wrote:
> >>
> >>> I have a CentOS 4.1 system with MailScanner loaded for the
> >>         possibility
> >>> of using in one or our remote locations.  I have gone into
> >>         the GUI
> >>> services and took the check out of MailScanner and Sendmail
> >>         to startup
> >>> at boot, but that did not seem to keep MailScanner from
> >>         starting on a
> >>> boot.  I did a chkconfig and turned off all mailscanner
> >>         levels, and I
> >>> must not understand the purpose of chkconfig, but once again 
> >>> Mailscanner has decided to when the system is booted.  What
> >>         can I do
> >>> to keep MailScanner from running when the system is rebooted?**
> >>
> >>         Maybe /etc/cron.hourly/check_MailScanner is restarting it?
> >>
> >>         OTOH, are you sure MS is completely disabled?  Do 
> "chkconfig
> >>         --list
> >>         MailScanner" and make sure it is off in all run levels.
> Are you running Mailscanner-mrtg?
> The older version had a problem with re-starting mailscanner.
> 
> -- 
>

Maybe try and move temporarily the MailScanner to another dir, then
reboot and then
check your system error logs and see what complains if anything.
Hopefully something will. 

James 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Fri Oct  7 19:34:41 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:30:55 2006
Subject: Determine version and other ??
Message-ID: <mailman.15881.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Wallig <ewallig@AEROCONTRACTORS.COM> said on 07 October 2005 7:14:

> Hi, running a version of MS from earlier this year on CentOS4 and
> have a few questions: 
> 
> 	^Õ How do I determine what version is running?

Mailscanner -v




Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct  7 19:34:08 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:55 2006
Subject: Determine version and other ??
Message-ID: <mailman.15882.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Wallig spake the following on 10/7/2005 11:14 AM:
> Hi, running a version of MS from earlier this year on CentOS4 and have
> a few questions:
> 
>     * How do I determine what version is running?
>     * What is the "best practice" for upgrading a live system?
>     * If we choose not to upgrade MS at this time, can newer versions of
>       ClamAV be used (currently using 85.1 - want to upgrade to 87.1)?
> 
>  
> Thanks,
>  
> Ed Wallig
>  
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

http://wiki.mailscanner.info/doku.php?id=maq:index


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From PHachey at CITY.CORNWALL.ON.CA  Fri Oct  7 20:12:31 2005
From: PHachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:30:55 2006
Subject: OT: Using DCC for greylisting
Message-ID: <mailman.15883.1137101455.24926.mailscanner@lists.mailscanner.info>

I'm about to go ahead and reconfigure DCC so that 1) it runs at the MTA 
level and 2) acts as greylist milter for Sendmail. 

Running DCC at the MTA level (as a daemon) should be more efficient than 
having SpamAssassin call dccifd -- and I still plan on SpamAssassin using 
DCC in it's scoring which is fine, since SA looks for the presence of  a 
DCC added header (basing it's scores on that) and only queries dccifd if 
there isn't one (or for reporting).

My main motivation for running DCC at MTA is to use it's greylisting.  If 
there's anyone here who has some experience with DCC greylist features, 
would you be so kind as to share your experience?  Were there any issues 
with SpamAssassin or MailScanner?  How does it compare with other greylist 
implementations?

Thanks,
----------------------------------
Philip J. Hachey, BCS(High Hons)
Programmer-Analyst
City of Cornwall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Fri Oct  7 20:16:04 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15884.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes I do run webmin....I guess I didn't add that to the list of programs
loaded.  You will need to educate me on what I should be looking for
here.

On 10/7/05, Dennis Willson <taz@taz-mania.com> wrote:
      You don't happen to run Webmin do you? There's a feature to
      restart services if they die.

      Information Services wrote:
      > Julian,
      >
      > I see what you are saying, and I gave it a try, and for
      some reason
      > MailScanner starts on it's own.  Thinking about what I have
      running on
      > my system:
      >
      > MailWatch
      > RDJ
      > Spamassassin
      > sendmail
      >
      > I realized that I had made a config change in
      /etc/rulesdujour/config
      > and added
      > SA_RESTART="/etc/init.d/MailScanner restart";
      >
      > I changed this line to "/root/do_nothing.sh";  and then
      turned off
      > MailScanner with 'service MailScanner stop'....rebooted, I
      have looked
      > into all my cron jobs, and there is nothing that I can see
      in cron that
      > would specify MailScanner.  I am not sure what else to
      check.   About
      > one minute after a reboot MailScanner starts
      automatically.  What am I
      > missing here?
      >
      > On 10/7/05, *Julian Field* <MailScanner@ecs.soton.ac.uk
      > <mailto:MailScanner@ecs.soton.ac.uk >> wrote:
      >
      >     It's a bit more intelligent than that.
      >
      >     If you do a "service MailScanner stop" it creates a
      lockfile in
      >     /var/lock/subsys/MailScanner.off. When the hourly cron
      job runs, it
      >     detects the presence of this file and doesn't then
      start up
      >     MailScanner.
      >
      >     So all you need to do is a "service MailScanner stop"
      and it will
      >     stay stopped. No need to mess around with the cron jobs
      at all.
      >
      >     On 7 Oct 2005, at 15:45, Information Services wrote:
      >
      >>     Okay,  I did the 'chkconfig --list MailScanner' and
      saw the
      >>     different run levels turned on.  So yes, I can see
      that
      >>     'mailscanner' is not the way to go.  I ran 'chkconfig
      --levels
      >>     0123456 MailScanner off' and rebooted.  Still the same
      problem.
      >>     Denis, I didn't even thought about the cron.hourly job
      for
      >>     check_MailScanner.  I removed this from the
      cron.hourly, and
      >>     rebooted....currently wait for system to
      reboot.......okay
      >>     rebooted now.
      >>
      >>     Looks like removing the check_MailScanner from the
      cron.hourly
      >>     fixed it.  now when I do a 'service MailScanner
      status' I get an
      >>     error for sendmail.in.pid and sendmail.out.pid.  This
      would be
      >>     expected.  now when I decide to use MailScanner on
      this system, I
      >>     just need to remember to add  check_MailScanner back
      into cron.hourly.
      >>
      >>     Nate, thanks for clearing up difference between
      "MailScanner" and
      >>     "mailscanner," this could have continued to haunt me
      in other
      >>     situations.
      >>
      >>     Casey
      >>
      >>     On 10/7/05, *Denis Beauchemin* <
      Denis.Beauchemin@usherbrooke.ca
      >>     <mailto: Denis.Beauchemin@usherbrooke.ca>> wrote:
      >>
      >>         Information Services wrote:
      >>
      >>> I have a CentOS 4.1 system with MailScanner loaded for
      the
      >>         possibility
      >>> of using in one or our remote locations.  I have gone
      into
      >>         the GUI
      >>> services and took the check out of MailScanner and
      Sendmail
      >>         to startup
      >>> at boot, but that did not seem to keep MailScanner from
      >>         starting on a
      >>> boot.  I did a chkconfig and turned off all mailscanner
      >>         levels, and I
      >>> must not understand the purpose of chkconfig, but once
      again
      >>> Mailscanner has decided to when the system is
      booted.  What
      >>         can I do
      >>> to keep MailScanner from running when the system is
      rebooted?**
      >>
      >>         Maybe /etc/cron.hourly/check_MailScanner is
      restarting it?
      >>
      >>         OTOH, are you sure MS is completely disabled?  Do
      "chkconfig
      >>         --list
      >>         MailScanner" and make sure it is off in all run
      levels.
      >
      >
      >     --
      >     Julian Field
      >     www.MailScanner.info <http://www.MailScanner.info>
      >     Buy the MailScanner book at www.MailScanner.info/store
      >     <http://www.MailScanner.info/store>
      >     PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947
      1415 B654
      >
      >
      >     --
      >     This message has been scanned for viruses and
      >     dangerous content by *MailScanner*
      <http://www.mailscanner.info/>,
      >     and is
      >     believed to be clean.
      >
      >
      >
      > ------------------------ MailScanner list
      ------------------------
      > To unsubscribe, email jiscmail@jiscmail.ac.uk with the
      words:
      > 'leave mailscanner' in the body of the email.
      > Before posting, read the Wiki
      (http://wiki.mailscanner.info/)
      > and the archives (
      http://www.jiscmail.ac.uk/lists/mailscanner.html).
      >
      > *Support MailScanner development - buy the book off the
      website!*

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/
      ) and
      the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From lbcadmin at gmail.com  Fri Oct  7 20:25:27 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15885.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I am running MailScanner-mrtg v. 0.10.00-1
I have gone into /etc/cron.d where MailScanner-mrtg located and commented
out lines in mrtg, and mailscanner-mrtg.crond but that didn't help.

I will see if moving MailScanner to a different directory and see what
happens

On 10/7/05, Scott Silva <ssilva@sgvwater.com > wrote:
      Information Services spake the following on 10/7/2005 9:32
      AM:
      > Julian,
      >
      > I see what you are saying, and I gave it a try, and for
      some reason
      > MailScanner starts on it's own.  Thinking about what I have
      running on
      > my system:
      >
      > MailWatch
      > RDJ
      > Spamassassin
      > sendmail
      >
      > I realized that I had made a config change in
      /etc/rulesdujour/config
      > and added
      > SA_RESTART="/etc/init.d/MailScanner restart";
      >
      > I changed this line to "/root/do_nothing.sh";  and then
      turned off
      > MailScanner with 'service MailScanner stop'....rebooted, I
      have looked
      > into all my cron jobs, and there is nothing that I can see
      in cron that
      > would specify MailScanner.  I am not sure what else to
      check.   About
      > one minute after a reboot MailScanner starts
      automatically.  What am I
      > missing here?
      >
      > On 10/7/05, *Julian Field* <MailScanner@ecs.soton.ac.uk
      > <mailto:MailScanner@ecs.soton.ac.uk>> wrote:
      >
      >     It's a bit more intelligent than that.
      >
      >     If you do a "service MailScanner stop" it creates a
      lockfile in
      >     /var/lock/subsys/MailScanner.off. When the hourly cron
      job runs, it
      >     detects the presence of this file and doesn't then
      start up
      >     MailScanner.
      >
      >     So all you need to do is a "service MailScanner stop"
      and it will
      >     stay stopped. No need to mess around with the cron jobs
      at all.
      >
      >     On 7 Oct 2005, at 15:45, Information Services wrote:
      >
      >>     Okay,  I did the 'chkconfig --list MailScanner' and
      saw the
      >>     different run levels turned on.  So yes, I can see
      that
      >>     'mailscanner' is not the way to go.  I ran 'chkconfig
      --levels
      >>     0123456 MailScanner off' and rebooted.  Still the same
      problem.
      >>     Denis, I didn't even thought about the cron.hourly job
      for
      >>     check_MailScanner.  I removed this from the
      cron.hourly, and
      >>     rebooted....currently wait for system to
      reboot.......okay
      >>     rebooted now.
      >>
      >>     Looks like removing the check_MailScanner from the
      cron.hourly
      >>     fixed it.  now when I do a 'service MailScanner
      status' I get an
      >>     error for sendmail.in.pid and sendmail.out.pid.  This
      would be
      >>     expected.  now when I decide to use MailScanner on
      this system, I
      >>     just need to remember to add  check_MailScanner back
      into cron.hourly.
      >>
      >>     Nate, thanks for clearing up difference between
      "MailScanner" and
      >>     "mailscanner," this could have continued to haunt me
      in other
      >>     situations.
      >>
      >>     Casey
      >>
      >>     On 10/7/05, *Denis Beauchemin* <
      Denis.Beauchemin@usherbrooke.ca
      >>     <mailto: Denis.Beauchemin@usherbrooke.ca>> wrote:
      >>
      >>         Information Services wrote:
      >>
      >>> I have a CentOS 4.1 system with MailScanner loaded for
      the
      >>         possibility
      >>> of using in one or our remote locations.  I have gone
      into
      >>         the GUI
      >>> services and took the check out of MailScanner and
      Sendmail
      >>         to startup
      >>> at boot, but that did not seem to keep MailScanner from
      >>         starting on a
      >>> boot.  I did a chkconfig and turned off all mailscanner
      >>         levels, and I
      >>> must not understand the purpose of chkconfig, but once
      again
      >>> Mailscanner has decided to when the system is
      booted.  What
      >>         can I do
      >>> to keep MailScanner from running when the system is
      rebooted?**
      >>
      >>         Maybe /etc/cron.hourly/check_MailScanner is
      restarting it?
      >>
      >>         OTOH, are you sure MS is completely disabled?  Do
      "chkconfig
      >>         --list
      >>         MailScanner" and make sure it is off in all run
      levels.
      Are you running Mailscanner-mrtg?
      The older version had a problem with re-starting mailscanner.

      --

      /-----------------------\           |~~\_____/~~\__  |
      | MailScanner; The best |___________ \N1____====== )-+
      | protection on the net!|                   ~~~|/~~  |
      \-----------------------/                      ()

      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and
      the archives (
      http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From lbcadmin at gmail.com  Fri Oct  7 20:52:21 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15886.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

You were right...MailScanner-mrtg looks like it is causing the
problem...here is what I just got from my log

Oct  7 14:45:03 wks-lin8 MailScanner-MRTG[2873]: Number of MailScanner
processes below threshold, restarting MailScanner

I guess I don't understand how MailScanner-MRTG is restarting when I
commented out all the lines in cron.d files.





On 10/7/05, Information Services <lbcadmin@gmail.com> wrote:
> I am running MailScanner-mrtg v. 0.10.00-1
>  I have gone into /etc/cron.d where MailScanner-mrtg located and commented out lines in mrtg, and mailscanner-mrtg.crond but that didn't help.
>
>  I will see if moving MailScanner to a different directory and see what happens
>
>
>
> On 10/7/05, Scott Silva <ssilva@sgvwater.com > wrote:
> > Information Services spake the following on 10/7/2005 9:32 AM:
> > > Julian,
> > >
> > > I see what you are saying, and I gave it a try, and for some reason
> > > MailScanner starts on it's own.  Thinking about what I have running on
> > > my system:
> > >
> > > MailWatch
> > > RDJ
> >  > Spamassassin
> > > sendmail
> > >
> > > I realized that I had made a config change in /etc/rulesdujour/config
> > > and added
> > > SA_RESTART="/etc/init.d/MailScanner restart";
> > >
> > > I changed this line to "/root/do_nothing.sh";  and then turned off
> > > MailScanner with 'service MailScanner stop'....rebooted, I have looked
> > > into all my cron jobs, and there is nothing that I can see in cron that
> > > would specify MailScanner.  I am not sure what else to check.   About
> > > one minute after a reboot MailScanner starts automatically.  What am I
> > > missing here?
> > >
> > > On 10/7/05, *Julian Field* <MailScanner@ecs.soton.ac.uk
> > > <mailto:MailScanner@ecs.soton.ac.uk>> wrote:
> > >
> > >     It's a bit more intelligent than that.
> > >
> > >     If you do a "service MailScanner stop" it creates a lockfile in
> > >     /var/lock/subsys/MailScanner.off. When the hourly cron job runs, it
> > >     detects the presence of this file and doesn't then start up
> > >     MailScanner.
> > >
> > >     So all you need to do is a "service MailScanner stop" and it will
> > >     stay stopped. No need to mess around with the cron jobs at all.
> > >
> > >     On 7 Oct 2005, at 15:45, Information Services wrote:
> > >
> > >>     Okay,  I did the 'chkconfig --list MailScanner' and saw the
> > >>     different run levels turned on.  So yes, I can see that
> > >>     'mailscanner' is not the way to go.  I ran 'chkconfig --levels
> > >>     0123456 MailScanner off' and rebooted.  Still the same problem.
> > >>     Denis, I didn't even thought about the cron.hourly job for
> > >>     check_MailScanner.  I removed this from the cron.hourly, and
> > >>     rebooted....currently wait for system to reboot.......okay
> > >>     rebooted now.
> > >>
> > >>     Looks like removing the check_MailScanner from the cron.hourly
> > >>     fixed it.  now when I do a 'service MailScanner status' I get an
> > >>     error for  sendmail.in.pid and sendmail.out.pid.  This would be
> > >>     expected.  now when I decide to use MailScanner on this system, I
> > >>     just need to remember to add  check_MailScanner back into cron.hourly.
> > >>
> > >>     Nate, thanks for clearing up difference between "MailScanner" and
> > >>     "mailscanner," this could have continued to haunt me in other
> > >>     situations.
> >  >>
> > >>     Casey
> > >>
> > >>     On 10/7/05, *Denis Beauchemin* < Denis.Beauchemin@usherbrooke.ca
> > >>     <mailto: Denis.Beauchemin@usherbrooke.ca>> wrote:
> > >>
> > >>         Information Services wrote:
> > >>
> > >>> I have a CentOS 4.1 system with MailScanner loaded for the
> > >>         possibility
> > >>> of using in one or our remote locations.  I have gone into
> > >>         the GUI
> > >>> services and took the check out of MailScanner and Sendmail
> > >>         to startup
> > >>> at boot, but that did not seem to keep MailScanner from
> > >>         starting on a
> > >>> boot.  I did a chkconfig and turned off all mailscanner
> > >>         levels, and I
> > >>> must not understand the purpose of chkconfig, but once again
> >  >>> Mailscanner has decided to when the system is booted.  What
> > >>         can I do
> > >>> to keep MailScanner from running when the system is rebooted?**
> > >>
> > >>         Maybe /etc/cron.hourly/check_MailScanner is restarting it?
> > >>
> > >>         OTOH, are you sure MS is completely disabled?  Do "chkconfig
> > >>         --list
> > >>         MailScanner" and make sure it is off in all run levels.
> > Are you running Mailscanner-mrtg?
> > The older version had a problem with re-starting mailscanner.
> >
> > --
> >
> > /-----------------------\           |~~\_____/~~\__  |
> > | MailScanner; The best |___________ \N1____====== )-+
> > | protection on the net!|                   ~~~|/~~  |
> > \-----------------------/                      ()
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk  with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives ( http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
>
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct  7 21:47:26 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15887.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Information Services spake the following on 10/7/2005 12:52 PM:
> You were right...MailScanner-mrtg looks like it is causing the
> problem...here is what I just got from my log
> 
> Oct  7 14:45:03 wks-lin8 MailScanner-MRTG[2873]: Number of MailScanner
> processes below threshold, restarting MailScanner
> 
> I guess I don't understand how MailScanner-MRTG is restarting when I
> commented out all the lines in cron.d files.
> 
> 

That was supposed to be fixed in 0.10.00-1.
I think it looks for the same file that MailScanner generates when you
run service MailScanner stop.
/var/lock/subsys/MailScanner.off
To quote the changelog "Now will not restart MailScanner if MailScanner
was shut down using its init script."
So if you stop MailScanner from it's init script, and then reboot, does
it still restart?
You might need to restore some of the changes you have made.
-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From garry at GLENDOWN.DE  Fri Oct  7 22:06:27 2005
From: garry at GLENDOWN.DE (Garry Glendown)
Date: Thu Jan 12 21:30:55 2006
Subject: OT: Sophisticated size limiting ...
Message-ID: <mailman.15888.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Possibly/Most likely not really a MS question, but maybe somebody has an
idea ...

A customer of ours is running a Linux system, having switched from a
Novell/Tobit server ... Before, they had the possibility of
"quarantining" specific mails, like, too large, unwanted attachment or
too many recipients. Just a couple days ago, something happened that
would have been avoided with the old system - some "intelligent" user
sent a mail to 400+ local users with an 13MB word attachment (MIME
encoded 18mb mail) ...

Question: Does anybody know of a way to do some more granularly
defineable mail handling, as mentioned above? I know I can set the
maximum message size, which would be a starter, but then the message
should be forwarded to the admin account, not rejected ...

Tnx, -garry

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lhaig at HAIGMAIL.COM  Fri Oct  7 22:52:22 2005
From: lhaig at HAIGMAIL.COM (Lance Haig)
Date: Thu Jan 12 21:30:55 2006
Subject: why is my mail not being deliverd to the smart host?
Message-ID: <mailman.15889.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Guys,

I am sure I am missing something small here.

I have a ms box that is currently supporting  domains.

I added a new domain to my MS box and have setup a mail server inside 
the network to receive mail for this domain.

the mail server side works as I have successfully sent an email to the 
users connecting directly to the smtp agent on the mail server.

I am running ms on suse 9.2  with sendmail.

i have added the the domain and destination to the mailertable file.
domain.com           esmtp:[10.1.1.1]

I have added it to the relayed domains file.

And restarted the server. but when I send an email with telnet to the ms 
box it gets sent to the internet to the customers current mail system 
and not to the new server.
i want to test this situation before I change the customers mx records 
to make sure it works ok.

What have I done wrong?

please let me know what other info is needed to help diagnose this issue.

Thanks

Lance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Fri Oct  7 23:11:14 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:55 2006
Subject: why is my mail not being deliverd to the smart host?
Message-ID: <mailman.15890.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This may sound overly simple...

Do you have FEATURE(`mailertable') in your sendmail.mc file?

Lance Haig wrote:
> Hi Guys,
> 
> I am sure I am missing something small here.
> 
> I have a ms box that is currently supporting  domains.
> 
> I added a new domain to my MS box and have setup a mail server inside 
> the network to receive mail for this domain.
> 
> the mail server side works as I have successfully sent an email to the 
> users connecting directly to the smtp agent on the mail server.
> 
> I am running ms on suse 9.2  with sendmail.
> 
> i have added the the domain and destination to the mailertable file.
> domain.com           esmtp:[10.1.1.1]
> 
> I have added it to the relayed domains file.
> 
> And restarted the server. but when I send an email with telnet to the ms 
> box it gets sent to the internet to the customers current mail system 
> and not to the new server.
> i want to test this situation before I change the customers mx records 
> to make sure it works ok.
> 
> What have I done wrong?
> 
> please let me know what other info is needed to help diagnose this issue.
> 
> Thanks
> 
> Lance
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Fri Oct  7 23:13:37 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:55 2006
Subject: why is my mail not being deliverd to the smart host?
Message-ID: <mailman.15891.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Oh, yeah on thing I forgot... I also assume you ran makemap on the mailertable file.

Lance Haig wrote:
> Hi Guys,
> 
> I am sure I am missing something small here.
> 
> I have a ms box that is currently supporting  domains.
> 
> I added a new domain to my MS box and have setup a mail server inside 
> the network to receive mail for this domain.
> 
> the mail server side works as I have successfully sent an email to the 
> users connecting directly to the smtp agent on the mail server.
> 
> I am running ms on suse 9.2  with sendmail.
> 
> i have added the the domain and destination to the mailertable file.
> domain.com           esmtp:[10.1.1.1]
> 
> I have added it to the relayed domains file.
> 
> And restarted the server. but when I send an email with telnet to the ms 
> box it gets sent to the internet to the customers current mail system 
> and not to the new server.
> i want to test this situation before I change the customers mx records 
> to make sure it works ok.
> 
> What have I done wrong?
> 
> please let me know what other info is needed to help diagnose this issue.
> 
> Thanks
> 
> Lance
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sat Oct  8 00:18:43 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:55 2006
Subject: why is my mail not being deliverd to the smart host?
Message-ID: <mailman.15892.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis Willson wrote:

> Oh, yeah on thing I forgot... I also assume you ran makemap on the 
> mailertable file.
>
> Lance Haig wrote:
>
>> Hi Guys,
>>
>> I am sure I am missing something small here.
>>
>> I have a ms box that is currently supporting  domains.
>>
>> I added a new domain to my MS box and have setup a mail server inside 
>> the network to receive mail for this domain.
>>
>> the mail server side works as I have successfully sent an email to 
>> the users connecting directly to the smtp agent on the mail server.
>>
>> I am running ms on suse 9.2  with sendmail.
>>
>> i have added the the domain and destination to the mailertable file.
>> domain.com           esmtp:[10.1.1.1]
>>
>> I have added it to the relayed domains file.
>>
>> And restarted the server. but when I send an email with telnet to the 
>> ms box it gets sent to the internet to the customers current mail 
>> system and not to the new server.
>> i want to test this situation before I change the customers mx 
>> records to make sure it works ok.
>>
>> What have I done wrong?
>>
>> please let me know what other info is needed to help diagnose this 
>> issue.
>>
>> Thanks
>>
>> Lance
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

I usually run "make -C /etc/mail" whenever I do any change to files in 
that folder.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sat Oct  8 00:17:22 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:55 2006
Subject: OT: Sophisticated size limiting ...
Message-ID: <mailman.15893.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Garry Glendown wrote:

>Possibly/Most likely not really a MS question, but maybe somebody has an
>idea ...
>
>A customer of ours is running a Linux system, having switched from a
>Novell/Tobit server ... Before, they had the possibility of
>"quarantining" specific mails, like, too large, unwanted attachment or
>too many recipients. Just a couple days ago, something happened that
>would have been avoided with the old system - some "intelligent" user
>sent a mail to 400+ local users with an 13MB word attachment (MIME
>encoded 18mb mail) ...
>
>Question: Does anybody know of a way to do some more granularly
>defineable mail handling, as mentioned above? I know I can set the
>maximum message size, which would be a starter, but then the message
>should be forwarded to the admin account, not rejected ...
>
>Tnx, -garry
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>
Perhaps this is something that could be implemented using MCP, although 
I don't know if SA supports creating a rule based on message size.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sat Oct  8 00:18:18 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:55 2006
Subject: why is my mail not being deliverd to the smart host?
Message-ID: <mailman.15894.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Lance Haig wrote:

> Hi Guys,
>
> I am sure I am missing something small here.
>
> I have a ms box that is currently supporting  domains.
>
> I added a new domain to my MS box and have setup a mail server inside 
> the network to receive mail for this domain.
>
> the mail server side works as I have successfully sent an email to the 
> users connecting directly to the smtp agent on the mail server.
>
> I am running ms on suse 9.2  with sendmail.
>
> i have added the the domain and destination to the mailertable file.
> domain.com           esmtp:[10.1.1.1]
>
> I have added it to the relayed domains file.
>
> And restarted the server. but when I send an email with telnet to the 
> ms box it gets sent to the internet to the customers current mail 
> system and not to the new server.
> i want to test this situation before I change the customers mx records 
> to make sure it works ok.
>
> What have I done wrong?
>
> please let me know what other info is needed to help diagnose this issue.
>
> Thanks
>
> Lance
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

Perhaps you need to add .domain.com as well as domain.com so that e-mail 
to domain.com *and anything in that domain* gets sent there.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lhaig at HAIGMAIL.COM  Sat Oct  8 08:33:35 2005
From: lhaig at HAIGMAIL.COM (Lance Haig)
Date: Thu Jan 12 21:30:55 2006
Subject: why is my mail not being deliverd to the smart host?
Message-ID: <mailman.15895.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Tis is why I love this malling list

Dennis and Alex

Thank you for the help I did not run the make on the mailertable and 
will do it right away and then test again.

Thanks again

Lance


Lance Haig wrote:
> Hi Guys,
>
> I am sure I am missing something small here.
>
> I have a ms box that is currently supporting  domains.
>
> I added a new domain to my MS box and have setup a mail server inside 
> the network to receive mail for this domain.
>
> the mail server side works as I have successfully sent an email to the 
> users connecting directly to the smtp agent on the mail server.
>
> I am running ms on suse 9.2  with sendmail.
>
> i have added the the domain and destination to the mailertable file.
> domain.com           esmtp:[10.1.1.1]
>
> I have added it to the relayed domains file.
>
> And restarted the server. but when I send an email with telnet to the 
> ms box it gets sent to the internet to the customers current mail 
> system and not to the new server.
> i want to test this situation before I change the customers mx records 
> to make sure it works ok.
>
> What have I done wrong?
>
> please let me know what other info is needed to help diagnose this issue.
>
> Thanks
>
> Lance
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct  8 17:42:22 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: OT: Sophisticated size limiting ...
Message-ID: <mailman.15896.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman van der Hans wrote:

> Garry Glendown wrote:
>
>> Possibly/Most likely not really a MS question, but maybe somebody has an
>> idea ...
>>
>> A customer of ours is running a Linux system, having switched from a
>> Novell/Tobit server ... Before, they had the possibility of
>> "quarantining" specific mails, like, too large, unwanted attachment or
>> too many recipients. Just a couple days ago, something happened that
>> would have been avoided with the old system - some "intelligent" user
>> sent a mail to 400+ local users with an 13MB word attachment (MIME
>> encoded 18mb mail) ...
>>
>> Question: Does anybody know of a way to do some more granularly
>> defineable mail handling, as mentioned above? I know I can set the
>> maximum message size, which would be a starter, but then the message
>> should be forwarded to the admin account, not rejected ...
>
> Perhaps this is something that could be implemented using MCP, 
> although I don't know if SA supports creating a rule based on message 
> size.


Do it using a Custom Function "plugin".

I am reluctant to add this to the core functionality, as it makes it yet 
more complicated, when the behaviour is easy to add as a Custom 
Function. I could add the Custom Function to CustomConfig.pm so everyone 
can use it if they want to. As long as you are happy with me doing that 
of course.

You could implement a Custom Function attached to "Maximum Message 
Size". Test the $message->{size} property against the size you want the 
limit set to. If it's too big then

$global::MS->{mta}->DeleteRecipients($message);
push @{$message->{archiveplaces}}, "admin.account@yourdomain.com";

and return the limit size 1 to force it to produce the correct warning 
messages. Or produce 0 to not generate any warning messages at all.

If you know enough Perl, that will get you going. If you don't, then 
contact me and I'll write it for you (for some suitable donation/payment 
if possible).

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sun Oct  9 03:36:20 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:55 2006
Subject: Clustering MS
Message-ID: <mailman.15897.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

INorbert Schmidt wrote:
> 
> Hi everybody,
> 
> we are running two datacenters with each using it's own 
> internetconnection. We would like to have one MailScanner Gateway in 
> each location, so in case of a failure the other Gateway will still 
> work. We will register both MailScanner Gateways with the same priority 
> into the DNS, so they will equally receive mail.
> Now how can I cluster Mailwatch, the spamassassin bayesian db (stored 
> within mysql) and how do I syncronise the configuration???
> Is there any documentation on this?

I recommend asking FSL.  They did that + centralized customized 
MailWatch for one of my clients and their price was really cheap.  Maybe 
they'll give the instructions for a small fee, I don't know.  Better ask 
them: www.fsl.com steve@fsl.com

They can do the task remotely.

Regards,

Ugo

> 
> Thanks in advance
> 
> Norbert Schmidt
> 
> --------------------------------------
> IS-Teledata AG
> Cologne
> Germany

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sun Oct  9 03:41:14 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:55 2006
Subject: Clustering MS
Message-ID: <mailman.15898.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Information Services wrote:
> I did a search on MailScanner wiki for rsync and did not find Glenn's 
> 5ki15 script.  Was wondering if the script was done, and posted 
> somewhere that I am not aware of?

I don't think glenn wrote the script.  It is james gray, but I don't 
think it is ready.  "5ki15"  is just a geeky way (sorry james ;)) to say 
"skills" and not the name of the script itself.

I think you'd probably better of thinking about your setup, readying the 
man page for rsync and create a cronjob that will rsync every x minutes. 
  Or find a way to tell the script that it has to sync something...

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Oct  9 15:54:02 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: Beta release 4.47.1 - auto-update phishing sites list
Message-ID: <mailman.15899.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just released the first beta release of 4.47.

The main new feature here is to automatically update the 
phishing.safe.sites.conf file every day.
All your local changes will be kept, so there is no need to change how 
you use the file at all.

But if you post me details of new additions to the file, I will add them 
to the master list, and they will appear in everyone's list within a day.

If sites are added to the master list which turn out to be false, then I 
can just add a "REMOVE site.com" line to the master file and that will 
be removed from everyone's whitelist. So if you don't approve of one of 
my additions, you can add your own "REMOVE site.com" line so you don't 
use my listing for that site.com.

So it's all pretty safe, and it should be impossible to subvert it. I 
personally vet every application to add a host to the list. But if I 
list one I shouldn't, then it is very easy for me (or you) to undo this 
with the "REMOVE" syntax.

I hope you all find this useful and will upgrade to the new release at 
the start of November.

In the mean time, I would be eternally grateful if you could test this 
new feature for me.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0kvCxH2WUcUFbZUEQLvGgCg1IspN/sNwIq0mFDy1UhNNU7YjucAoLag
vdiHXNMXB4W3BMpNPQ3TKrfS
=HM+x
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Sun Oct  9 15:58:56 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie)
Date: Thu Jan 12 21:30:55 2006
Subject: Beta release 4.47.1 - auto-update phishing sites list
Message-ID: <mailman.15900.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> I have just released the first beta release of 4.47.
> 
> The main new feature here is to automatically update the 
> phishing.safe.sites.conf file every day.
> All your local changes will be kept, so there is no need to change how 
> you use the file at all.

This sounds like an excellent idea



-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sun Oct  9 18:59:32 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:55 2006
Subject: Beta release 4.47.1 - auto-update phishing sites list
Message-ID: <mailman.15901.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight.ie wrote:

>Julian Field wrote:
>  
>
>>I have just released the first beta release of 4.47.
>>
>>The main new feature here is to automatically update the 
>>phishing.safe.sites.conf file every day.
>>All your local changes will be kept, so there is no need to change how 
>>you use the file at all.
>>    
>>
>
>This sounds like an excellent idea
>
>
>
>  
>
Will try it out ASAP.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From james at GRAYONLINE.ID.AU  Sun Oct  9 22:47:01 2005
From: james at GRAYONLINE.ID.AU (James Gray)
Date: Thu Jan 12 21:30:55 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15902.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Wednesday 05 October 2005 20:56, Stef Morrell wrote:
> James Gray [james@GRAYONLINE.ID.AU] wrote:
> Postgrey works somewhat differently. Rather than auto-whitelisting by
> recipient, it auto-whitelists by server, which IMHO is more sensible. In
> the scenario above, after the first email from Jenny, fubar.bar's
> incoming mail server would trust mail from snafu.foo's outgoing server
> and thus accept mail for both Barry and Fred.
>
> > Education is the key I think, but we all know how reluctant
> > lusers are to have $CLUE imparted.
>
> I find that the general response... "Your email has been delayed, it
> will come through soon, it's to help reduce your spam." ...works pretty
> well. Anything which gives users less crap tends to be well received,
> even if there is a slight inconvenience.

Wow - can I have your users please? ;)  Our users seem to behave more like my 
2 year old daughter; they don't know what's best for them, even after you 
tell them why $FOO is a good thing.

Still, I /think/ milter-greylist can be configured as you describe postgrey.  
Either way we have implemented the same sort of function by whitelisting our 
main customers' SMTP machines.  The sendmail milter doesn't arbitrarily 
whitelist due to the domain in the envelope or From header, it uses a DNS 
lookup to figure out if the originating IP (remote SMTP host) is part of the 
whitelisted domains and if so there's no delay.  The drawback is that some 
big customers have broken DNS too - in which case they deserve all the delays 
they get IMHO.

Even though the same functionality has been achieved, it's not automatic so in 
some ways I think the Postfix greylist is probably a better "fit" for us.  
Pity we sendmail in this case :(

Thanks for the insights.

Cheers,

James
-- 
Can anyone remember when the times were not hard, and money not scarce?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From SJCJonker at SJC.NL  Mon Oct 10 04:38:30 2005
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:30:55 2006
Subject: Question about custom functions / generic spam plugin: Can they
    add headers?
Message-ID: <mailman.15903.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello all,

There is currently a requirement popping up to add to headers for all
email towards an domain:
X-SMTP-From: <containing sender email>
X-SMTP-To: <containing recipient(s) email>

Before diving in writing my own libmilter function/program I was
thinking of the custom function and/or the generic spam plugin.

Whilst reading the book it didn't become really clear whether either of
them can do it. I checked the source and although some experience at
perl I'm unsure if i can call the functions AddHeader/ChangeHeader from
the various mailer pm's suchs as Sendmail.pm.

Therefore my question, is this possible?

Thanks in advance,
Stijn
-- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 10 09:04:54 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: Question about custom functions / generic spam plugin: Can
    they add headers?
Message-ID: <mailman.15904.1137101455.24926.mailscanner@lists.mailscanner.info>

Beat you to it by miles on that one. What you want is this:

# Do you want to add the Envelope-From: header?
# This is very useful for tracking where spam came from as it
# contains the envelope sender address.
# This can also be the filename of a ruleset.
Add Envelope From Header = yes

# Do you want to add the Envelope-To: header?
# This can be useful for tracking spam destinations, but should be
# used with care due to possible privacy concerns with the use of
# Bcc: headers by users.
# This can also be the filename of a ruleset.
Add Envelope To Header = no

# This is the name of the Envelope From header
# controlled by the option above.
# This can also be the filename of a ruleset.
Envelope From Header = X-MailScanner-From:

# This is the name of the Envelope To header
# controlled by the option above.
# This can also be the filename of a ruleset.
Envelope To Header = X-MailScanner-To:

On 10 Oct 2005, at 04:38, Stijn Jonker wrote:







> Hello all,
>
> There is currently a requirement popping up to add to headers for all
> email towards an domain:
> X-SMTP-From: <containing sender email>
> X-SMTP-To: <containing recipient(s) email>
>
> Before diving in writing my own libmilter function/program I was
> thinking of the custom function and/or the generic spam plugin.
>
> Whilst reading the book it didn't become really clear whether  
> either of
> them can do it. I checked the source and although some experience at
> perl I'm unsure if i can call the functions AddHeader/ChangeHeader  
> from
> the various mailer pm's suchs as Sendmail.pm.
>
> Therefore my question, is this possible?
>
> Thanks in advance,
> Stijn
> -- 
> Met Vriendelijke groet/Yours Sincerely
> Stijn Jonker <SJCJonker@sjc.nl>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
>
>
>
>
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654








-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Oct 10 10:26:43 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:55 2006
Subject: Clustering MS
Message-ID: <mailman.15905.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 07/10/05, Information Services <lbcadmin@gmail.com> wrote:
> I did a search on MailScanner wiki for rsync and did not find Glenn's 5ki15
> script.

James' (Grays), not mine.

> Was wondering if the script was done, and posted somewhere that I
> am not aware of?

Haven't seen it (yet, I'm still catching up this thread:-). Perhaps
James will (remember to) share it, once he sees this.

(snip)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From SJCJonker at SJC.NL  Mon Oct 10 14:38:16 2005
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:30:55 2006
Subject: Question about custom functions / generic spam plugin: Can
    they add headers?
Message-ID: <mailman.15906.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian,

Once again a wonderfull product, and I should learn to look at the easy
wins first before thinking about starting a program job ;-)

Stijn

Julian Field said the following on 10/10/2005 10:04:
> Beat you to it by miles on that one. What you want is this:
> 
> # Do you want to add the Envelope-From: header?
> # This is very useful for tracking where spam came from as it


> On 10 Oct 2005, at 04:38, Stijn Jonker wrote:
> 
> 
>> Hello all,
>>
>> There is currently a requirement popping up to add to headers for all
>> email towards an domain:
>> X-SMTP-From: <containing sender email>
>> X-SMTP-To: <containing recipient(s) email>
>>

-- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Mon Oct 10 14:41:21 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15907.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I ran service MailScanner stop, and made sure the MailScanner.off was
in /var/lock/subsys/, and then rebooted.  Upon rebooting, and checking
the /var/lock/subsys/ directory, the MailScanner.off was no longer
there.  And then checking the /var/log/maillog I see this:

Oct 10 08:35:03 wks-lin8 MailScanner-MRTG[3015]: Number of MailScanner
processes below threshold, restarting MailScanner

My question now is....is the MailScanner.off supposed to be there upon a reboot?

On 10/7/05, Scott Silva <ssilva@sgvwater.com> wrote:
> Information Services spake the following on 10/7/2005 12:52 PM:
> > You were right...MailScanner-mrtg looks like it is causing the
> > problem...here is what I just got from my log
> >
> > Oct  7 14:45:03 wks-lin8 MailScanner-MRTG[2873]: Number of MailScanner
> > processes below threshold, restarting MailScanner
> >
> > I guess I don't understand how MailScanner-MRTG is restarting when I
> > commented out all the lines in cron.d files.
> >
> >
>
> That was supposed to be fixed in 0.10.00-1.
> I think it looks for the same file that MailScanner generates when you
> run service MailScanner stop.
> /var/lock/subsys/MailScanner.off
> To quote the changelog "Now will not restart MailScanner if MailScanner
> was shut down using its init script."
> So if you stop MailScanner from it's init script, and then reboot, does
> it still restart?
> You might need to restore some of the changes you have made.
> --
>
> /-----------------------\           |~~\_____/~~\__  |
> | MailScanner; The best |___________ \N1____====== )-+
> | protection on the net!|                   ~~~|/~~  |
> \-----------------------/                      ()
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From William.Burns at AEROFLEX.COM  Mon Oct 10 15:02:53 2005
From: William.Burns at AEROFLEX.COM (William Burns)
Date: Thu Jan 12 21:30:55 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15908.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

James Gray wrote:

>Once these little niggles were sorted, we've been very impressed with the 
>results.  The two mail gateways synchronise their autowhite-lists etc too.  
>So if a sender gets auto-learned on the primary MX, then tries the secondary, 
>they get through without delay there too.  Same rules apply for all 
>auto-entries.  So if they try on the primary and get a 451-temporarily 
>unavailable, then come back after the set time interval but on the secondary, 
>they will still get through on the secondary (even though they originally hit 
>the primary).
>  
>

James:

How did you do the synchronization?

-Bill

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Mon Oct 10 15:49:59 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:55 2006
Subject: Question about custom functions / generic spam plugin: Can
    they add headers?
Message-ID: <mailman.15909.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

> Beat you to it by miles on that one. What you want is this:
>
> # Do you want to add the Envelope-From: header?
> # This is very useful for tracking where spam came from as it
> # contains the envelope sender address.
> # This can also be the filename of a ruleset.
> Add Envelope From Header = yes
>
> # Do you want to add the Envelope-To: header?
> # This can be useful for tracking spam destinations, but should be
> # used with care due to possible privacy concerns with the use of
> # Bcc: headers by users.
> # This can also be the filename of a ruleset.
> Add Envelope To Header = no
>
> # This is the name of the Envelope From header
> # controlled by the option above.
> # This can also be the filename of a ruleset.
> Envelope From Header = X-MailScanner-From:
>
> # This is the name of the Envelope To header
> # controlled by the option above.
> # This can also be the filename of a ruleset.
> Envelope To Header = X-MailScanner-To:
>
> On 10 Oct 2005, at 04:38, Stijn Jonker wrote:
>
>
>
>
>
>
>
>> Hello all,
>>
>> There is currently a requirement popping up to add to headers for all
>> email towards an domain:
>> X-SMTP-From: <containing sender email>
>> X-SMTP-To: <containing recipient(s) email>
>>
>> Before diving in writing my own libmilter function/program I was
>> thinking of the custom function and/or the generic spam plugin.
>>
>> Whilst reading the book it didn't become really clear whether  either of
>> them can do it. I checked the source and although some experience at
>> perl I'm unsure if i can call the functions AddHeader/ChangeHeader  from
>> the various mailer pm's suchs as Sendmail.pm.
>>
>> Therefore my question, is this possible?
>>
>> Thanks in advance,
>> Stijn
>> -- 
>> Met Vriendelijke groet/Yours Sincerely
>> Stijn Jonker <SJCJonker@sjc.nl>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>>
>>
>>
>>
>
You might want to consider letting your users know that even if they 
send e-mail out with BCC: the header will be included, so anyone who 
looks at the message source will see who the recipients were. This way, 
either they must send each message individually (some MUA's will let you 
do this) or risk others knowing who they BCC:'d the message to.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Mon Oct 10 17:17:11 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:30:55 2006
Subject: Too much uptime !
Message-ID: <mailman.15910.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dear list,
 i'm getting an high uptime on my mailscanner box, and this is a new 
behaviour for me.

The load average persist over 3.00 and my mail traffic is not so high.
My actual config is

MailScanner Rel4.45.4 - McAfee VirusScan - ClamAV cmd line - SA 3.0.4
Max Children = 5
Queue Scan Interval = 40

I've changed The Scan Interval from 5 seconds to 40 and the max children 
from 10 to 5, but without any significant change in the load.
My Solaris 9 box is an V440 with 4GB of ram and 4 ultrasparc CPU.

Where I need to investigate ? From a simple check, seems that 2 
MailScanner processes are statically  in O-state and three are in either 
R/S state: it's normal ?

-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Mon Oct 10 17:26:54 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:55 2006
Subject: Too much uptime !
Message-ID: <mailman.15911.1137101455.24926.mailscanner@lists.mailscanner.info>

Hi

What rules are you running on the SA config.

If you are using RBL's or URI-RBL's have you defined a caching nameserver on
the machine?

Have you read the tuning info on the wiki?

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Rabellino Sergio
Sent: 10 October 2005 17:17
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [MAILSCANNER] Too much uptime !

Dear list,
 i'm getting an high uptime on my mailscanner box, and this is a new 
behaviour for me.

The load average persist over 3.00 and my mail traffic is not so high.
My actual config is

MailScanner Rel4.45.4 - McAfee VirusScan - ClamAV cmd line - SA 3.0.4
Max Children = 5
Queue Scan Interval = 40

I've changed The Scan Interval from 5 seconds to 40 and the max children 
from 10 to 5, but without any significant change in the load.
My Solaris 9 box is an V440 with 4GB of ram and 4 ultrasparc CPU.

Where I need to investigate ? From a simple check, seems that 2 
MailScanner processes are statically  in O-state and three are in either 
R/S state: it's normal ?

-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Cleveland at WINNEFOX.ORG  Mon Oct 10 17:31:42 2005
From: Cleveland at WINNEFOX.ORG (Jody Cleveland)
Date: Thu Jan 12 21:30:55 2006
Subject: Errors when running --lint
Message-ID: <mailman.15912.1137101455.24926.mailscanner@lists.mailscanner.info>

Hello,

I recently upgraded spamassassin to 3.1 and  MailScanner to 4.46.2 and
it's all running on a redhat 3AS server.

When I run:
# /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf
--lint

I get this:
[10005] warn: config: failed to parse line, skipping: dcc_path
/usr/local/bin/dccproc
[10005] warn: config: failed to parse line, skipping: razor_timeout 10
[10005] warn: config: warning: score set for non-existent rule
RCVD_IN_RSL
[10005] warn: lint: 3 issues detected, please rerun with debug enabled
for more information

Before those upgrades, lint ran fine without errors. Did something
change with how dcc and razor run that needs to be reconvigured?

--
Jody Cleveland
Computer Support Specialist
cleveland@winnefox.org

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Mon Oct 10 17:34:53 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:55 2006
Subject: LDAP script for Active Directory (also, Wiki)
Message-ID: <mailman.15913.1137101455.24926.mailscanner@lists.mailscanner.info>

Hello,

I was just reading through
http://wiki.mailscanner.info/doku.php?id=maq:index#using_with_exchange_d
omino_etc and to my dismay found out that there is no link to the
appropriate article where Exchange is concerned.

However, on
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
:postfix:how_to:reject_non_existent_users#ms_exchange there is a link to
some documentation for Postfix and Exchange that can be applied to
sendmail too.

For anyone out there that is using MailScanner as a gateway with
sendmail in front of Exchange I would be very appreciative of a working
script to query valid user email addresses.


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Mon Oct 10 17:34:40 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:55 2006
Subject: Errors when running --lint
Message-ID: <mailman.15914.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jody Cleveland wrote:
> Hello,
> 
> I recently upgraded spamassassin to 3.1 and  MailScanner to 4.46.2 and
> it's all running on a redhat 3AS server.
> 
> When I run:
> # /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf
> --lint
> 
> I get this:
> [10005] warn: config: failed to parse line, skipping: dcc_path
> /usr/local/bin/dccproc
> [10005] warn: config: failed to parse line, skipping: razor_timeout 10
> [10005] warn: config: warning: score set for non-existent rule
> RCVD_IN_RSL
> [10005] warn: lint: 3 issues detected, please rerun with debug enabled
> for more information
> 
> Before those upgrades, lint ran fine without errors. Did something
> change with how dcc and razor run that needs to be reconvigured?
> 
> --
> Jody Cleveland

DCC and Razor are no more free, razor hasn't been so for the past 2 
years and dcc for about 4 months..

Heres what you need to do:
Enable the DCC / RAZOR plugins in /etc/mail/spamassassin/v310.pre if you 
qualify for their free usage policy OR comment out the erroneous lines 
in spam.assassin.prefs.conf if you don't qualify.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at TC3NET.COM  Mon Oct 10 17:56:52 2005
From: mike at TC3NET.COM (Michael Baird)
Date: Thu Jan 12 21:30:55 2006
Subject: Too much uptime !
Message-ID: <mailman.15915.1137101455.24926.mailscanner@lists.mailscanner.info>

You mean high load average I think. High uptime is a good thing.

Regards
Michael Biard

> Dear list,
>  i'm getting an high uptime on my mailscanner box, and this is a new 
> behaviour for me.
> 
> The load average persist over 3.00 and my mail traffic is not so high.
> My actual config is
> 
> MailScanner Rel4.45.4 - McAfee VirusScan - ClamAV cmd line - SA 3.0.4
> Max Children = 5
> Queue Scan Interval = 40
> 
> I've changed The Scan Interval from 5 seconds to 40 and the max children 
> from 10 to 5, but without any significant change in the load.
> My Solaris 9 box is an V440 with 4GB of ram and 4 ultrasparc CPU.
> 
> Where I need to investigate ? From a simple check, seems that 2 
> MailScanner processes are statically  in O-state and three are in either 
> R/S state: it's normal ?
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Mon Oct 10 18:00:49 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:30:55 2006
Subject: LDAP script for Active Directory (also, Wiki)
Message-ID: <mailman.15916.1137101455.24926.mailscanner@lists.mailscanner.info>

Hi Chris,

On Mon, 2005-10-10 at 09:34 -0700, Chris W. Parker wrote:
> Hello,
> 
> I was just reading through
> http://wiki.mailscanner.info/doku.php?id=maq:index#using_with_exchange_d
> omino_etc and to my dismay found out that there is no link to the
> appropriate article where Exchange is concerned.
> 
> However, on
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
> :postfix:how_to:reject_non_existent_users#ms_exchange there is a link to
> some documentation for Postfix and Exchange that can be applied to
> sendmail too.
> 
> For anyone out there that is using MailScanner as a gateway with
> sendmail in front of Exchange I would be very appreciative of a working
> script to query valid user email addresses.
> 

If you are using Exchange 2003 - then I can thoroughly recommend
milter-ahead instead of directly querying Active Directory.

This is a call-ahead type milter that you can implement on the gateway
which then keeps a cache of the lookups for a configurable number of
days.  I prefer this as it's really easy to set-up and has no chance of
bogging down your domain controllers or slowing mail delivery if AD is
busy etc.

See http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf for
details on setting this up.

Hope this helps.

Cheers,
Steve.

--
Steve Freegard
Fort Systems

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Mon Oct 10 17:14:02 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:55 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15917.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If you use Milter-Greylist, it's part of the configuration. I use it and 
it works really cool.

William Burns wrote:

> James Gray wrote:
>
>> Once these little niggles were sorted, we've been very impressed with 
>> the results.  The two mail gateways synchronise their autowhite-lists 
>> etc too.  So if a sender gets auto-learned on the primary MX, then 
>> tries the secondary, they get through without delay there too.  Same 
>> rules apply for all auto-entries.  So if they try on the primary and 
>> get a 451-temporarily unavailable, then come back after the set time 
>> interval but on the secondary, they will still get through on the 
>> secondary (even though they originally hit the primary).
>>  
>>
>
> James:
>
> How did you do the synchronization?
>
> -Bill
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Mon Oct 10 18:02:00 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:55 2006
Subject: LDAP script for Active Directory (also, Wiki)
Message-ID: <mailman.15918.1137101455.24926.mailscanner@lists.mailscanner.info>

Steve Freegard <mailto:smf@F2S.COM>
    on Monday, October 10, 2005 10:01 AM said:

> If you are using Exchange 2003 - then I can thoroughly recommend
> milter-ahead instead of directly querying Active Directory.

Unfortunately no, I'm still at 2000. Sounds convenient though! :)



Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Mon Oct 10 18:14:15 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:30:55 2006
Subject: LDAP script for Active Directory (also, Wiki)
Message-ID: <mailman.15919.1137101455.24926.mailscanner@lists.mailscanner.info>

Are you looking for this ?

http://www.sng.ecs.soton.ac.uk/mailscanner/serve/cache/270.html

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter at UCGBOOK.COM  Mon Oct 10 18:32:20 2005
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:30:55 2006
Subject: Too much uptime !
Message-ID: <mailman.15920.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rabellino Sergio wrote:
> The load average persist over 3.00 and my mail traffic is not so high.

The only times I've had high load averages continously without high 
traffic is when some process got stuck. Could be SA, DCC or Clam. 
Easiest way to find it is to shut down MS and see what's left, kill it 
and restart MS.

-- 
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 10 18:56:20 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: Question about custom functions / generic spam plugin: Can
    they add headers?
Message-ID: <mailman.15921.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Alex Neuman van der Hans wrote:

> Julian Field wrote:
>
>> Beat you to it by miles on that one. What you want is this:
>>
>> # Do you want to add the Envelope-From: header?
>> # This is very useful for tracking where spam came from as it
>> # contains the envelope sender address.
>> # This can also be the filename of a ruleset.
>> Add Envelope From Header = yes
>>
>> # Do you want to add the Envelope-To: header?
>> # This can be useful for tracking spam destinations, but should be
>> # used with care due to possible privacy concerns with the use of
>> # Bcc: headers by users.
>> # This can also be the filename of a ruleset.
>> Add Envelope To Header = no
>>
>> # This is the name of the Envelope From header
>> # controlled by the option above.
>> # This can also be the filename of a ruleset.
>> Envelope From Header = X-MailScanner-From:
>>
>> # This is the name of the Envelope To header
>> # controlled by the option above.
>> # This can also be the filename of a ruleset.
>> Envelope To Header = X-MailScanner-To:
>>
>> On 10 Oct 2005, at 04:38, Stijn Jonker wrote:
>>
>>
>>
>>
>>
>>
>>
>>> Hello all,
>>>
>>> There is currently a requirement popping up to add to headers for all
>>> email towards an domain:
>>> X-SMTP-From: <containing sender email>
>>> X-SMTP-To: <containing recipient(s) email>
>>>
>>> Before diving in writing my own libmilter function/program I was
>>> thinking of the custom function and/or the generic spam plugin.
>>>
>>> Whilst reading the book it didn't become really clear whether  
>>> either of
>>> them can do it. I checked the source and although some experience at
>>> perl I'm unsure if i can call the functions AddHeader/ChangeHeader  
>>> from
>>> the various mailer pm's suchs as Sendmail.pm.
>>>
>>> Therefore my question, is this possible?
>>>
>>> Thanks in advance,
>>> Stijn
>>>
>>
> You might want to consider letting your users know that even if they 
> send e-mail out with BCC: the header will be included, so anyone who 
> looks at the message source will see who the recipients were. This 
> way, either they must send each message individually (some MUA's will 
> let you do this) or risk others knowing who they BCC:'d the message to.

This is precisely why I leave the Envelope-To header switched off by 
default. I thoroughly disapprove of switching this on, but people can 
find it useful when diagnosing mail routing problems.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0qrRRH2WUcUFbZUEQIavwCgnOiDJIPlW76bA9JUVeMqvLlgZFgAoMSd
6BgqQsXphmqHpF8BWuUiVDbL
=3Zmc
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 10 18:54:12 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15922.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you got MailScanner-MRTG installed? I think that is what generates 
this log message. It isn't created by MailScanner itself. I think new 
versions of MailScanner-MRTG are better behaved in this respect.

Information Services wrote:

>I ran service MailScanner stop, and made sure the MailScanner.off was
>in /var/lock/subsys/, and then rebooted.  Upon rebooting, and checking
>the /var/lock/subsys/ directory, the MailScanner.off was no longer
>there.  And then checking the /var/log/maillog I see this:
>
>Oct 10 08:35:03 wks-lin8 MailScanner-MRTG[3015]: Number of MailScanner
>processes below threshold, restarting MailScanner
>
>My question now is....is the MailScanner.off supposed to be there upon a reboot?
>
>On 10/7/05, Scott Silva <ssilva@sgvwater.com> wrote:
>  
>
>>Information Services spake the following on 10/7/2005 12:52 PM:
>>    
>>
>>>You were right...MailScanner-mrtg looks like it is causing the
>>>problem...here is what I just got from my log
>>>
>>>Oct  7 14:45:03 wks-lin8 MailScanner-MRTG[2873]: Number of MailScanner
>>>processes below threshold, restarting MailScanner
>>>
>>>I guess I don't understand how MailScanner-MRTG is restarting when I
>>>commented out all the lines in cron.d files.
>>>
>>>
>>>      
>>>
>>That was supposed to be fixed in 0.10.00-1.
>>I think it looks for the same file that MailScanner generates when you
>>run service MailScanner stop.
>>/var/lock/subsys/MailScanner.off
>>To quote the changelog "Now will not restart MailScanner if MailScanner
>>was shut down using its init script."
>>So if you stop MailScanner from it's init script, and then reboot, does
>>it still restart?
>>You might need to restore some of the changes you have made.
>>--
>>
>>/-----------------------\           |~~\_____/~~\__  |
>>| MailScanner; The best |___________ \N1____====== )-+
>>| protection on the net!|                   ~~~|/~~  |
>>\-----------------------/                      ()
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>    
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0qqxRH2WUcUFbZUEQKKMwCg/b06jRR0EMpAADyrwCbytzUV3pcAoJXm
6Kbijo/E4uWadjBZqxPzYEIw
=cGU+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 10 19:05:18 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: Too much uptime !
Message-ID: <mailman.15923.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

High load average figures from "uptime" are not an indication at all 
that your system is overloaded. It gives the average number of processes 
in the run queue. If a process is waiting for disk, it adds 1. If a 
process is waiting for network response, it adds 1. It doesn't mean 
anything is overloaded at all.

A load average of 3 means there are an average of 3 processes waiting 
for cpu, disk or network. Since you have 4 CPUs then 1 of them is idle. 
A load of 12 to 15 on a hard-working single cpu system is perfectly 
common, it just means that all your system resources are being 
thoroughly used.

I usually recommend 5 children per CPU. So you should start by setting 
it to 20.

The Queue Scan Interval won't make any difference, I might remove it 
some time. It only affects the behaviour of the system when there are 
very few incoming messages. In all other situations it will process as 
many messages as it can without waiting for anything. It doesn't mean 
that MailScanner always waits 40 seconds to collect messages. If there 
are any messages waiting at all, then they are immediately processed. 
Leave it at 6.

With a load average of 3 on a box with 4 cpu's, you've wasted your money 
as at least 1 cpu isn't even doing anything. A load average of 30 or 40 
would mean your machine is working for its dinner.

Rabellino Sergio wrote:

> Dear list,
> i'm getting an high uptime on my mailscanner box, and this is a new 
> behaviour for me.
>
> The load average persist over 3.00 and my mail traffic is not so high.
> My actual config is
>
> MailScanner Rel4.45.4 - McAfee VirusScan - ClamAV cmd line - SA 3.0.4
> Max Children = 5
> Queue Scan Interval = 40
>
> I've changed The Scan Interval from 5 seconds to 40 and the max 
> children from 10 to 5, but without any significant change in the load.
> My Solaris 9 box is an V440 with 4GB of ram and 4 ultrasparc CPU.
>
> Where I need to investigate ? From a simple check, seems that 2 
> MailScanner processes are statically  in O-state and three are in 
> either R/S state: it's normal ?
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0qtYBH2WUcUFbZUEQLMEACgiIawJOB95M8H1O+Ik7RrzcJRf88AoOvF
RuE7jUyv6vT4UU7ax1Tb08rI
=AYAX
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 10 19:08:41 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: Errors when running --lint
Message-ID: <mailman.15924.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dhawal Doshy wrote:

> Jody Cleveland wrote:
>
>> Hello,
>>
>> I recently upgraded spamassassin to 3.1 and  MailScanner to 4.46.2 and
>> it's all running on a redhat 3AS server.
>>
>> When I run:
>> # /usr/bin/spamassassin -p /etc/MailScanner/spam.assassin.prefs.conf
>> --lint
>>
>> I get this:
>> [10005] warn: config: failed to parse line, skipping: dcc_path
>> /usr/local/bin/dccproc
>> [10005] warn: config: failed to parse line, skipping: razor_timeout 10
>> [10005] warn: config: warning: score set for non-existent rule
>> RCVD_IN_RSL
>> [10005] warn: lint: 3 issues detected, please rerun with debug enabled
>> for more information
>>
>> Before those upgrades, lint ran fine without errors. Did something
>> change with how dcc and razor run that needs to be reconvigured?
>>
>> -- 
>> Jody Cleveland
>
>
> DCC and Razor are no more free, razor hasn't been so for the past 2 
> years and dcc for about 4 months..
>
> Heres what you need to do:
> Enable the DCC / RAZOR plugins in /etc/mail/spamassassin/v310.pre if 
> you qualify for their free usage policy OR comment out the erroneous 
> lines in spam.assassin.prefs.conf if you don't qualify.

If you install SpamAssassin from my ClamAV+SA package, it will tell you 
about things like that, and will tell you the lines you need to add to 
that file to enable SPF and SURBL checking too. For your info, they are
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
loadplugin Mail::SpamAssassin::Plugin::SPF
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0quKhH2WUcUFbZUEQK1TACcC033qSFvPkn46vXVzLVVaxkjpDMAoNp5
5MiBUVrXDktgQ0z/40oUfbrg
=zX06
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Cleveland at WINNEFOX.ORG  Mon Oct 10 19:59:45 2005
From: Cleveland at WINNEFOX.ORG (Jody Cleveland)
Date: Thu Jan 12 21:30:55 2006
Subject: Errors when running --lint
Message-ID: <mailman.15925.1137101455.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

> If you install SpamAssassin from my ClamAV+SA package, it 
> will tell you about things like that,

I'll definitely install it that way from now on.

> and will tell you the lines you need 
> to add to 
> that file to enable SPF and SURBL checking too. For your 
> info, they are
> loadplugin Mail::SpamAssassin::Plugin::RelayCountry
> loadplugin Mail::SpamAssassin::Plugin::SPF
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL

I added those in, and now I get this error when I run --lint:
[16459] warn: config: warning: score set for non-existent rule
RCVD_IN_RSL

Is there a plugin I need to install?

- jody

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 10 20:35:45 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:55 2006
Subject: Errors when running --lint
Message-ID: <mailman.15926.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jody Cleveland wrote:

>Hi Julian,
>
>  
>
>>If you install SpamAssassin from my ClamAV+SA package, it 
>>will tell you about things like that,
>>    
>>
>
>I'll definitely install it that way from now on.
>
>  
>
>>and will tell you the lines you need 
>>to add to 
>>that file to enable SPF and SURBL checking too. For your 
>>info, they are
>>loadplugin Mail::SpamAssassin::Plugin::RelayCountry
>>loadplugin Mail::SpamAssassin::Plugin::SPF
>>loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
>>    
>>
>
>I added those in, and now I get this error when I run --lint:
>[16459] warn: config: warning: score set for non-existent rule
>RCVD_IN_RSL
>
>Is there a plugin I need to install?
>  
>
No, that line isn't wanted any more. It's in spam.assassin.prefs.conf.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0rCkhH2WUcUFbZUEQIGKQCg9BD0bwgFZ30zFWiAvPcexsAv+goAoLtU
3tK2i2Py78NfhU0ht/T7rp0j
=fB0O
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Mon Oct 10 20:51:11 2005
From: alex at NKPANAMA.COM (Alex Neuman)
Date: Thu Jan 12 21:30:55 2006
Subject: Errors when running --lint
Message-ID: <mailman.15927.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> DCC and Razor are no more free, razor hasn't been so for the past 2
> years and dcc for about 4 months..
>
> Heres what you need to do:
> Enable the DCC / RAZOR plugins in /etc/mail/spamassassin/v310.pre if you
> qualify for their free usage policy OR comment out the erroneous lines
> in spam.assassin.prefs.conf if you don't qualify.

Anybody care to explain why/how DCC/Razor are not free? Are they "not free
as in beer", "not free as in speech", or some other form of "not free"?
Thanks...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Mon Oct 10 21:09:53 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15928.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes,
I am running MailScanner-mrtg (the most current stable version
0.10.00-1).  I have gone to /etc/cron.d on my CentOS 4.1 system, and
commented out all lines in:

mailscanner-mrtg.crond
mrtg

--time lapse while doing some research---

Looking in /etc/MailScanner/mailscanner-mrtg...I found this:

# MAILSCANNER SETTINGS
# --------------------

# We can restart MailScanner if the number of MailScanner processes
# goes below this number. Change to 0 if you don't want us to restart.
Restart Threshhold = 1

# The script to run to restart MailScanner
Restart MailScanner = /etc/rc.d/init.d/MailScanner restart

# MailScanner lock file
# This file is created by the MailScanner init script when MailScanner is
# stopped. MSMRTG will look for this file and if it exists will not
# attempt to restart MailScanner
MailScanner Off File = /var/lock/subsys/MailScanner.off

---------------------------

The part that I recognized right away was the Restart Threshold,
because that is what the /var/log/messages keeps saying.  Now, I can
see how, if I change this to 0, then my problem will more than likely
go away (something I will try after this email is sent).  Of course,
there are the two following commands that should already be working,
and from what I can gather, they are working just fine until I reboot.
 It is the rebooting that gets me in trouble.  The
/var/lock/subsys/MailScanner.off is no longer there when the system
reboots, and this allows mailscanner-mrtg to use the 'Restart
Threshold.'  So since this is the case, I guess what I need to do is
move everything back that I have changed, and give it a try.  Now,
earlier, there was a post to this topic, that said mailscanner-mrtg
0.10.00-1 was supposed to resolve this problem.  Is the problem
resolved or is it my system that is not working properly?

On 10/10/05, Alex Neuman van der Hans <alex@nkpanama.com> wrote:
> Information Services wrote:
>
> >I ran service MailScanner stop, and made sure the MailScanner.off was
> >in /var/lock/subsys/, and then rebooted.  Upon rebooting, and checking
> >the /var/lock/subsys/ directory, the MailScanner.off was no longer
> >there.  And then checking the /var/log/maillog I see this:
> >
> >Oct 10 08:35:03 wks-lin8 MailScanner-MRTG[3015]: Number of MailScanner
> >processes below threshold, restarting MailScanner
> >
> >My question now is....is the MailScanner.off supposed to be there upon a reboot?
> >
> >On 10/7/05, Scott Silva <ssilva@sgvwater.com> wrote:
> >
> >
> >>Information Services spake the following on 10/7/2005 12:52 PM:
> >>
> >>
> >>>You were right...MailScanner-mrtg looks like it is causing the
> >>>problem...here is what I just got from my log
> >>>
> >>>Oct  7 14:45:03 wks-lin8 MailScanner-MRTG[2873]: Number of MailScanner
> >>>processes below threshold, restarting MailScanner
> >>>
> >>>I guess I don't understand how MailScanner-MRTG is restarting when I
> >>>commented out all the lines in cron.d files.
> >>>
> >>>
> >>>
> >>>
> >>That was supposed to be fixed in 0.10.00-1.
> >>I think it looks for the same file that MailScanner generates when you
> >>run service MailScanner stop.
> >>/var/lock/subsys/MailScanner.off
> >>To quote the changelog "Now will not restart MailScanner if MailScanner
> >>was shut down using its init script."
> >>So if you stop MailScanner from it's init script, and then reboot, does
> >>it still restart?
> >>You might need to restore some of the changes you have made.
> >>--
> >>
> >>/-----------------------\           |~~\_____/~~\__  |
> >>| MailScanner; The best |___________ \N1____====== )-+
> >>| protection on the net!|                   ~~~|/~~  |
> >>\-----------------------/                      ()
> >>
> >>------------------------ MailScanner list ------------------------
> >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >>'leave mailscanner' in the body of the email.
> >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >>Support MailScanner development - buy the book off the website!
> >>
> >>
> >>
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >
> >
> You're running something else, in this case, "mailscanner-mrtg", which
> is doing the deleting/restarting, probably.
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Mon Oct 10 21:22:49 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:30:55 2006
Subject: MailScanner on boot
Message-ID: <mailman.15929.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Well it looks like the problem is resolved.  Thanks for all your help.
 Next time I need to look in the config file right away, but I can say
this...I better understand how Mailscanner-mrtg works.  Again, thanks
for taking the time to help me through this issue.

Casey

On 10/10/05, Information Services <lbcadmin@gmail.com> wrote:
> Yes,
> I am running MailScanner-mrtg (the most current stable version
> 0.10.00-1).  I have gone to /etc/cron.d on my CentOS 4.1 system, and
> commented out all lines in:
>
> mailscanner-mrtg.crond
> mrtg
>
> --time lapse while doing some research---
>
> Looking in /etc/MailScanner/mailscanner-mrtg...I found this:
>
> # MAILSCANNER SETTINGS
> # --------------------
>
> # We can restart MailScanner if the number of MailScanner processes
> # goes below this number. Change to 0 if you don't want us to restart.
> Restart Threshhold = 1
>
> # The script to run to restart MailScanner
> Restart MailScanner = /etc/rc.d/init.d/MailScanner restart
>
> # MailScanner lock file
> # This file is created by the MailScanner init script when MailScanner is
> # stopped. MSMRTG will look for this file and if it exists will not
> # attempt to restart MailScanner
> MailScanner Off File = /var/lock/subsys/MailScanner.off
>
> ---------------------------
>
> The part that I recognized right away was the Restart Threshold,
> because that is what the /var/log/messages keeps saying.  Now, I can
> see how, if I change this to 0, then my problem will more than likely
> go away (something I will try after this email is sent).  Of course,
> there are the two following commands that should already be working,
> and from what I can gather, they are working just fine until I reboot.
>  It is the rebooting that gets me in trouble.  The
> /var/lock/subsys/MailScanner.off is no longer there when the system
> reboots, and this allows mailscanner-mrtg to use the 'Restart
> Threshold.'  So since this is the case, I guess what I need to do is
> move everything back that I have changed, and give it a try.  Now,
> earlier, there was a post to this topic, that said mailscanner-mrtg
> 0.10.00-1 was supposed to resolve this problem.  Is the problem
> resolved or is it my system that is not working properly?
>
> On 10/10/05, Alex Neuman van der Hans <alex@nkpanama.com> wrote:
> > Information Services wrote:
> >
> > >I ran service MailScanner stop, and made sure the MailScanner.off was
> > >in /var/lock/subsys/, and then rebooted.  Upon rebooting, and checking
> > >the /var/lock/subsys/ directory, the MailScanner.off was no longer
> > >there.  And then checking the /var/log/maillog I see this:
> > >
> > >Oct 10 08:35:03 wks-lin8 MailScanner-MRTG[3015]: Number of MailScanner
> > >processes below threshold, restarting MailScanner
> > >
> > >My question now is....is the MailScanner.off supposed to be there upon a reboot?
> > >
> > >On 10/7/05, Scott Silva <ssilva@sgvwater.com> wrote:
> > >
> > >
> > >>Information Services spake the following on 10/7/2005 12:52 PM:
> > >>
> > >>
> > >>>You were right...MailScanner-mrtg looks like it is causing the
> > >>>problem...here is what I just got from my log
> > >>>
> > >>>Oct  7 14:45:03 wks-lin8 MailScanner-MRTG[2873]: Number of MailScanner
> > >>>processes below threshold, restarting MailScanner
> > >>>
> > >>>I guess I don't understand how MailScanner-MRTG is restarting when I
> > >>>commented out all the lines in cron.d files.
> > >>>
> > >>>
> > >>>
> > >>>
> > >>That was supposed to be fixed in 0.10.00-1.
> > >>I think it looks for the same file that MailScanner generates when you
> > >>run service MailScanner stop.
> > >>/var/lock/subsys/MailScanner.off
> > >>To quote the changelog "Now will not restart MailScanner if MailScanner
> > >>was shut down using its init script."
> > >>So if you stop MailScanner from it's init script, and then reboot, does
> > >>it still restart?
> > >>You might need to restore some of the changes you have made.
> > >>--
> > >>
> > >>/-----------------------\           |~~\_____/~~\__  |
> > >>| MailScanner; The best |___________ \N1____====== )-+
> > >>| protection on the net!|                   ~~~|/~~  |
> > >>\-----------------------/                      ()
> > >>
> > >>------------------------ MailScanner list ------------------------
> > >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > >>'leave mailscanner' in the body of the email.
> > >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >>
> > >>Support MailScanner development - buy the book off the website!
> > >>
> > >>
> > >>
> > >
> > >------------------------ MailScanner list ------------------------
> > >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > >'leave mailscanner' in the body of the email.
> > >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> > >
> > >Support MailScanner development - buy the book off the website!
> > >
> > >
> > You're running something else, in this case, "mailscanner-mrtg", which
> > is doing the deleting/restarting, probably.
> >
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Oct 10 22:12:45 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:55 2006
Subject: Errors when running --lint
Message-ID: <mailman.15930.1137101455.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 10/10/05, Alex Neuman <alex@nkpanama.com> wrote:
> > DCC and Razor are no more free, razor hasn't been so for the past 2
> > years and dcc for about 4 months..
> >
> > Heres what you need to do:
> > Enable the DCC / RAZOR plugins in /etc/mail/spamassassin/v310.pre if you
> > qualify for their free usage policy OR comment out the erroneous lines
> > in spam.assassin.prefs.conf if you don't qualify.
>
> Anybody care to explain why/how DCC/Razor are not free? Are they "not free
> as in beer", "not free as in speech", or some other form of "not free"?
> Thanks...
>
Excerpts from their sites
DCC: (in reverse order of appearance, for clarity)
...
The Distributed Checksum Clearinghouse source carries a license that
is free to organizations that do not sell filtering devices or
services except to their own users and that participate in the global
DCC network. (I.e. ISPs that use the DCC to filter mail for their own
users are intended to be covered in the free license.) You also can't
call it your own or blame anyone for using it.
...
Note that it has never been proper to sell the bandwidth and, most
important, human system administration work of the public DCC servers
to third parties. Sellers of products or services including the DCC
must provide DCC servers of their own or contracted from others. For
example, Commtouch operates DCC servers for its licensees.
...
Razor2: (More or less the total sum of
http://razor.sourceforge.net/docs/doc.php?type=text&name=SERVICE_POLICY)
...
Cloudmark SpamNet Service Policy

V1.0
Aug 1, 2003

SpamNet Service and Razor-Agents

While Razor-Agents are distributed under the Artistic License and will
stay that way, the Cloudmark SpamNet service, a particular implementation
of a Razor-compliant back-end, is a commercial operation with maintenance
and support costs, and is no longer available for unlimited free use,
effective immediately.

Use of the SpamNet service by Razor-agent-enabled software will remain
free for personal use, subject to capacity constraints that Cloudmark may
enforce against intensive users of the service as it sees fit.

Distribution or use of the system in commercial embedded software
solutions is not free. All such access must be licensed by Cloudmark.
Organizations interested in working with Razor or with Cloudmark's
next-generation SpamNet client technologies should contact Cloudmark at
partners@cloudmark.com
...

Just for completeness, lets add this blurb from the Pyzor website too:
...
 Pyzor is a collaborative, networked system to detect and block spam
using identifying digests of messages.

Pyzor initially started out to be merely a Python implementation of
Razor, but due to the protocol and the fact that Razor's server is not
Open Source or software libre, I decided to impelement Pyzor with a
new protocol and release the entire system as Open Source and software
libre.

Since the entire system is released under the GPL, people are free to
host their own independent servers. Server peering is planned for a
future release.
...

So of them, we have one GPL (but suffering from .... other problems...
Well, really just the scarcity of servers:-), one "free for YOUR
users, provided you SHARE", and one "free for personal use, but not
much else".

This is enough "freedom" that I, for one, can use them. And it is
strongly suggested that all you who provide commercial anti-spam
services should be using the commercial offering for Razor and
participate with at least a server and/or a commercial license for
DCC, AFAICS.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Mon Oct 10 23:17:33 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:56 2006
Subject: Error getting Julian's key
Message-ID: <mailman.15931.1137101455.24926.mailscanner@lists.mailscanner.info>

According to http://wiki.mailscanner.info/doku.php?id=maq:index I am
supposed to run 'gpg --recv-keys --keyserver pgp.mit.edu 1415B654'
before installation. However I get the following output:

gpg: failed to create temporary file
`/root/.gnupg/.#lk0x8bc9a8.localhost.localdomain.25932': No such file or
directory
gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
gpg: failed to create temporary file
`/root/.gnupg/.#lk0x8bccb8.localhost.localdomain.25932': No such file or
directory
gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
gpg: no writable keyring found: eof
gpg: error reading `[stream]': general error
gpg: Total number processed: 0

'rpm -qa|grep -i gpg' returns:

libgpg-error-1.0-1
gpg-pubkey-443e1821-421f218f


What am I missing or doing wrong?



Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 11 00:13:14 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:56 2006
Subject: Error getting Julian's key
Message-ID: <mailman.15932.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 11/10/05, Chris W. Parker <cparker@swatgear.com> wrote:
> According to http://wiki.mailscanner.info/doku.php?id=maq:index I am
> supposed to run 'gpg --recv-keys --keyserver pgp.mit.edu 1415B654'
> before installation. However I get the following output:
>
> gpg: failed to create temporary file
> `/root/.gnupg/.#lk0x8bc9a8.localhost.localdomain.25932': No such file or
> directory
> gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
> gpg: failed to create temporary file
> `/root/.gnupg/.#lk0x8bccb8.localhost.localdomain.25932': No such file or
> directory
> gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
> gpg: no writable keyring found: eof
> gpg: error reading `[stream]': general error
> gpg: Total number processed: 0
>
> 'rpm -qa|grep -i gpg' returns:
>
> libgpg-error-1.0-1
> gpg-pubkey-443e1821-421f218f
>
>
> What am I missing or doing wrong?
>
>
>
> Chris.
>
Well.... Do you have a keyring to add his public key to?
If not, just run through "gpg --gen-key" to generate both a secring
and a pubring (and a key pair for yourself:), then try receiving his
pubkey again.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct 11 05:08:38 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:56 2006
Subject: Error getting Julian's key
Message-ID: <mailman.15933.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker writes: 

> According to http://wiki.mailscanner.info/doku.php?id=maq:index I am
> supposed to run 'gpg --recv-keys --keyserver pgp.mit.edu 1415B654'
> before installation. However I get the following output: 
> 
> gpg: failed to create temporary file
> `/root/.gnupg/.#lk0x8bc9a8.localhost.localdomain.25932': No such file or
> directory
> gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
> gpg: failed to create temporary file
> `/root/.gnupg/.#lk0x8bccb8.localhost.localdomain.25932': No such file or
> directory
> gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
> gpg: no writable keyring found: eof
> gpg: error reading `[stream]': general error
> gpg: Total number processed: 0 
> 
> 'rpm -qa|grep -i gpg' returns: 
> 
> libgpg-error-1.0-1
> gpg-pubkey-443e1821-421f218f 
> 
> 
> What am I missing or doing wrong? 
> 
>  
> 
> Chris.

Do you have a directory called .gnupg in /root? try creating one and rinse 
repeat to see if it works. 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Tue Oct 11 08:18:18 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:30:56 2006
Subject: Too much uptime !
Message-ID: <mailman.15934.1137101456.24926.mailscanner@lists.mailscanner.info>

Peter Bonivart wrote:

> Rabellino Sergio wrote:
>
>> The load average persist over 3.00 and my mail traffic is not so high.
>
>
> The only times I've had high load averages continously without high 
> traffic is when some process got stuck. Could be SA, DCC or Clam. 
> Easiest way to find it is to shut down MS and see what's left, kill it 
> and restart MS.
>
There are no visible processes stucked by the VirusScanners nor the 
Spamassassin.

thanks.

-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Tue Oct 11 08:19:03 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:30:56 2006
Subject: Too much uptime !
Message-ID: <mailman.15935.1137101456.24926.mailscanner@lists.mailscanner.info>

Michael Baird wrote:

>You mean high load average I think. High uptime is a good thing.
>
>Regards
>Michael Biard
>
>  
>
Yes, i'm sorry, but yesterday was too late in the afternoon when I wrote 
the message :-)

>>Dear list,
>> i'm getting an high uptime on my mailscanner box, and this is a new 
>>behaviour for me.
>>
>>The load average persist over 3.00 and my mail traffic is not so high.
>>My actual config is
>>
>>MailScanner Rel4.45.4 - McAfee VirusScan - ClamAV cmd line - SA 3.0.4
>>Max Children = 5
>>Queue Scan Interval = 40
>>
>>I've changed The Scan Interval from 5 seconds to 40 and the max children 
>>from 10 to 5, but without any significant change in the load.
>>My Solaris 9 box is an V440 with 4GB of ram and 4 ultrasparc CPU.
>>
>>Where I need to investigate ? From a simple check, seems that 2 
>>MailScanner processes are statically  in O-state and three are in either 
>>R/S state: it's normal ?
>>
>>    
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>


-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Tue Oct 11 08:23:14 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:30:56 2006
Subject: Too much uptime !
Message-ID: <mailman.15936.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>High load average figures from "uptime" are not an indication at all 
>that your system is overloaded. It gives the average number of processes 
>in the run queue. If a process is waiting for disk, it adds 1. If a 
>process is waiting for network response, it adds 1. It doesn't mean 
>anything is overloaded at all.
>
>  
>
Yes, I know, but why there are 2 MS processes always in run-queue ?
They don't go to sleep  for a while between the queue scanning ?

>A load average of 3 means there are an average of 3 processes waiting 
>for cpu, disk or network. Since you have 4 CPUs then 1 of them is idle. 
>A load of 12 to 15 on a hard-working single cpu system is perfectly 
>common, it just means that all your system resources are being 
>thoroughly used.
>
>I usually recommend 5 children per CPU. So you should start by setting 
>it to 20.
>
>  
>
I was used to see a load-average between 0->1 so now I noticed a change
in this parameter and I need to understand why it happen.

>The Queue Scan Interval won't make any difference, I might remove it 
>some time. It only affects the behaviour of the system when there are 
>very few incoming messages. In all other situations it will process as 
>many messages as it can without waiting for anything. It doesn't mean 
>that MailScanner always waits 40 seconds to collect messages. If there 
>are any messages waiting at all, then they are immediately processed. 
>Leave it at 6.
>
>  
>
ok.

>With a load average of 3 on a box with 4 cpu's, you've wasted your money 
>as at least 1 cpu isn't even doing anything. A load average of 30 or 40 
>would mean your machine is working for its dinner.
>
>
>  
>
got it, captain!

>>Dear list,
>>i'm getting an high uptime on my mailscanner box, and this is a new 
>>behaviour for me.
>>
>>The load average persist over 3.00 and my mail traffic is not so high.
>>My actual config is
>>
>>MailScanner Rel4.45.4 - McAfee VirusScan - ClamAV cmd line - SA 3.0.4
>>Max Children = 5
>>Queue Scan Interval = 40
>>
>>I've changed The Scan Interval from 5 seconds to 40 and the max 
>>children from 10 to 5, but without any significant change in the load.
>>My Solaris 9 box is an V440 with 4GB of ram and 4 ultrasparc CPU.
>>
>>Where I need to investigate ? From a simple check, seems that 2 
>>MailScanner processes are statically  in O-state and three are in 
>>either R/S state: it's normal ?
>>
>>    
>>
>
>- -- 
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.2 (Build 2424)
>
>iQA/AwUBQ0qtYBH2WUcUFbZUEQLMEACgiIawJOB95M8H1O+Ik7RrzcJRf88AoOvF
>RuE7jUyv6vT4UU7ax1Tb08rI
>=AYAX
>-----END PGP SIGNATURE-----
>
>  
>


-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Tue Oct 11 08:54:33 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:56 2006
Subject: Beta release 4.47.1 - auto-update phishing sites list
Message-ID: <mailman.15937.1137101456.24926.mailscanner@lists.mailscanner.info>

Jules

Fun and games doing the auto-update phishing sites update this AM...


--03:30:00--  http://www.mailscanner.info/phishing.safe.sites.conf.master
           => `phishing.safe.sites.conf.master'
Resolving www.mailscanner.info... done.
Connecting to
www.mailscanner.info[2001:630:d0:f102:204:23ff:feb9:897f]:80... failed: No
route to host.
Connecting to www.mailscanner.info[152.78.68.160]:80... connected.
HTTP request sent, awaiting response... 302 Found
Location:
http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/phishing.safe.sites.conf.
master [following]
--03:30:20--
http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/phishing.safe.sites.conf.
master
           => `phishing.safe.sites.conf.master'
Resolving www.sng.ecs.soton.ac.uk... done.
Connecting to
www.sng.ecs.soton.ac.uk[2001:630:d0:f102:204:23ff:feb9:897f]:80... failed:
No route to host.
Connecting to www.sng.ecs.soton.ac.uk[152.78.68.160]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13,645 [text/plain]

    0K .......... ...                                        100%  160.54
KB/s

03:30:20 (160.54 KB/s) - `phishing.safe.sites.conf.master' saved
[13645/13645]

Phishing safe sites list updated.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf
Of Julian Field
Sent: 09 October 2005 15:54
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: [MAILSCANNER] Beta release 4.47.1 - auto-update phishing sites list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just released the first beta release of 4.47.

The main new feature here is to automatically update the 
phishing.safe.sites.conf file every day.
All your local changes will be kept, so there is no need to change how 
you use the file at all.

But if you post me details of new additions to the file, I will add them 
to the master list, and they will appear in everyone's list within a day.

If sites are added to the master list which turn out to be false, then I 
can just add a "REMOVE site.com" line to the master file and that will 
be removed from everyone's whitelist. So if you don't approve of one of 
my additions, you can add your own "REMOVE site.com" line so you don't 
use my listing for that site.com.

So it's all pretty safe, and it should be impossible to subvert it. I 
personally vet every application to add a host to the list. But if I 
list one I shouldn't, then it is very easy for me (or you) to undo this 
with the "REMOVE" syntax.

I hope you all find this useful and will upgrade to the new release at 
the start of November.

In the mean time, I would be eternally grateful if you could test this 
new feature for me.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0kvCxH2WUcUFbZUEQLvGgCg1IspN/sNwIq0mFDy1UhNNU7YjucAoLag
vdiHXNMXB4W3BMpNPQ3TKrfS
=HM+x
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 11 09:25:53 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:56 2006
Subject: Beta release 4.47.1 - auto-update phishing sites list
Message-ID: <mailman.15938.1137101456.24926.mailscanner@lists.mailscanner.info>

It just means our main net connection doesn't yet run native IPv6. We  
have a separate IPv6 feed, but we use that for research work.

On 11 Oct 2005, at 08:54, Martin Hepworth wrote:

> Jules
>
> Fun and games doing the auto-update phishing sites update this AM...
>
>
> --03:30:00--  http://www.mailscanner.info/ 
> phishing.safe.sites.conf.master
>            => `phishing.safe.sites.conf.master'
> Resolving www.mailscanner.info... done.
> Connecting to
> www.mailscanner.info[2001:630:d0:f102:204:23ff:feb9:897f]:80...  
> failed: No
> route to host.
> Connecting to www.mailscanner.info[152.78.68.160]:80... connected.
> HTTP request sent, awaiting response... 302 Found
> Location:
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/ 
> phishing.safe.sites.conf.
> master [following]
> --03:30:20--
> http://www.sng.ecs.soton.ac.uk/mailscanner/files/4/ 
> phishing.safe.sites.conf.
> master
>            => `phishing.safe.sites.conf.master'
> Resolving www.sng.ecs.soton.ac.uk... done.
> Connecting to
> www.sng.ecs.soton.ac.uk[2001:630:d0:f102:204:23ff:feb9:897f]:80...  
> failed:
> No route to host.
> Connecting to www.sng.ecs.soton.ac.uk[152.78.68.160]:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 13,645 [text/plain]
>
>     0K .......... ...                                        100%   
> 160.54
> KB/s
>
> 03:30:20 (160.54 KB/s) - `phishing.safe.sites.conf.master' saved
> [13645/13645]
>
> Phishing safe sites list updated.
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]  
> On Behalf
> Of Julian Field
> Sent: 09 October 2005 15:54
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Beta release 4.47.1 - auto-update phishing  
> sites list
>
> * PGP Signed by an unmatched address: 10/09/05 at 15:54:03
>
> I have just released the first beta release of 4.47.
>
> The main new feature here is to automatically update the
> phishing.safe.sites.conf file every day.
> All your local changes will be kept, so there is no need to change how
> you use the file at all.
>
> But if you post me details of new additions to the file, I will add  
> them
> to the master list, and they will appear in everyone's list within  
> a day.
>
> If sites are added to the master list which turn out to be false,  
> then I
> can just add a "REMOVE site.com" line to the master file and that will
> be removed from everyone's whitelist. So if you don't approve of  
> one of
> my additions, you can add your own "REMOVE site.com" line so you don't
> use my listing for that site.com.
>
> So it's all pretty safe, and it should be impossible to subvert it. I
> personally vet every application to add a host to the list. But if I
> list one I shouldn't, then it is very easy for me (or you) to undo  
> this
> with the "REMOVE" syntax.
>
> I hope you all find this useful and will upgrade to the new release at
> the start of November.
>
> In the mean time, I would be eternally grateful if you could test this
> new feature for me.
>
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> * Julian Field <sysjkf@ecs.soton.ac.uk>
> * 0x1415B654 (L)
>
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 11 10:36:04 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:56 2006
Subject: Error getting Julian's key
Message-ID: <mailman.15939.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 11/10/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> Chris W. Parker writes:
>
> > According to http://wiki.mailscanner.info/doku.php?id=maq:index I am
> > supposed to run 'gpg --recv-keys --keyserver pgp.mit.edu 1415B654'
> > before installation. However I get the following output:
> >
> > gpg: failed to create temporary file
> > `/root/.gnupg/.#lk0x8bc9a8.localhost.localdomain.25932': No such file or
> > directory
> > gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
> > gpg: failed to create temporary file
> > `/root/.gnupg/.#lk0x8bccb8.localhost.localdomain.25932': No such file or
> > directory
> > gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
> > gpg: no writable keyring found: eof
> > gpg: error reading `[stream]': general error
> > gpg: Total number processed: 0
> >
> > 'rpm -qa|grep -i gpg' returns:
> >
> > libgpg-error-1.0-1
> > gpg-pubkey-443e1821-421f218f
> >
> >
> > What am I missing or doing wrong?
> >
> >
> >
> > Chris.
>
> Do you have a directory called .gnupg in /root? try creating one and rinse
> repeat to see if it works.
>
>  - dhawal
>
Did some testing... Might this be run as a user which lack write
permissions on $HOME, like "postfix" usually does?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 11 10:39:51 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:56 2006
Subject: Error getting Julian's key
Message-ID: <mailman.15940.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 11/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> Did some testing... Might this be run as a user which lack write
> permissions on $HOME, like "postfix" usually does?

What I'm getting at is ... well, you might have done a plain "su
someuser"... Oh well, more coffee...

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From anders.andersson at LTKALMAR.SE  Tue Oct 11 11:51:15 2005
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:30:56 2006
Subject: LDAP script for Active Directory (also, Wiki)
Message-ID: <mailman.15941.1137101456.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Steve Freegard
> Sent: Monday, October 10, 2005 7:01 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: LDAP script for Active Directory (also, Wiki)
> 
> Hi Chris,
> 
> On Mon, 2005-10-10 at 09:34 -0700, Chris W. Parker wrote:
> > Hello,
> > 
> > I was just reading through
> > 
> http://wiki.mailscanner.info/doku.php?id=maq:index#using_with_exchange
> > _d omino_etc and to my dismay found out that there is no 
> link to the 
> > appropriate article where Exchange is concerned.
> > 
> > However, on
> > 
> http://wiki.mailscanner.info/doku.php?id=documentation:configuration:m
> > ta :postfix:how_to:reject_non_existent_users#ms_exchange there is a 
> > link to some documentation for Postfix and Exchange that can be 
> > applied to sendmail too.
> > 
> > For anyone out there that is using MailScanner as a gateway with 
> > sendmail in front of Exchange I would be very appreciative of a 
> > working script to query valid user email addresses.
> > 
> 
> If you are using Exchange 2003 - then I can thoroughly 
> recommend milter-ahead instead of directly querying Active Directory.
> 
> This is a call-ahead type milter that you can implement on 
> the gateway which then keeps a cache of the lookups for a 
> configurable number of days.  I prefer this as it's really 
> easy to set-up and has no chance of bogging down your domain 
> controllers or slowing mail delivery if AD is busy etc.
> 
> See 
> http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf 
> for details on setting this up.

One thing I wondered that I didnt understand about Milter-Ahead, what
will happen if the call-ahead fails? I guess that goes for things like
keeping configuration on a mysql as well?

/Anders

> 
> Hope this helps.
> 
> Cheers,
> Steve.
> 
> --
> Steve Freegard
> Fort Systems

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From suporte at SETINET.COM.BR  Tue Oct 11 16:40:29 2005
From: suporte at SETINET.COM.BR (Suporte SETi - Dennis)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15942.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What to do if i dont want Virus files in my quarantine Folders?
only eliminate the virus files.
 
 
thanks



--------------------------------------------------------------------
Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam.
Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct 11 12:43:26 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15943.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Suporte SETi - Dennis wrote:
> What to do if i dont want Virus files in my quarantine Folders?
> only eliminate the virus files.
>  
>  
> thanks

See this in MailScanner.conf

# Do you want to stop any virus-infected spam getting into the spam or MCP
# archives? If you have a system where users can release messages from the
# spam or MCP archives, then you probably want to stop them being able to
# release any infected messages, so set this to yes.
# It is set to no by default as it causes a small hit in performance, and
# many people don't allow users to access the spam quarantine, so don't
# need it.
# This can also be the filename of a ruleset.
Keep Spam And MCP Archive Clean = no

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From suporte at SETINET.COM.BR  Tue Oct 11 17:01:34 2005
From: suporte at SETINET.COM.BR (Suporte SETi - Dennis)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15944.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

And,  if i use this version :  4.36.4-1  ?


----- Original Message -----
From: "Dhawal Doshy" <dhawal@NETMAGICSOLUTIONS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, October 11, 2005 4:43 AM
Subject: Re: dont want virus files in quanrantine folders


> Suporte SETi - Dennis wrote:
> > What to do if i dont want Virus files in my quarantine Folders?
> > only eliminate the virus files.
> >
> >
> > thanks
>
> See this in MailScanner.conf
>
> # Do you want to stop any virus-infected spam getting into the spam or MCP
> # archives? If you have a system where users can release messages from the
> # spam or MCP archives, then you probably want to stop them being able to
> # release any infected messages, so set this to yes.
> # It is set to no by default as it causes a small hit in performance, and
> # many people don't allow users to access the spam quarantine, so don't
> # need it.
> # This can also be the filename of a ruleset.
> Keep Spam And MCP Archive Clean = no
>
> - dhawal
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
> --------------------------------------------------------------------
> Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam.
> Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br
>
>



--------------------------------------------------------------------
Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam. 
Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br    

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 11 13:05:08 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15945.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----

You need to upgrade. It was added in 4.37 (Jan 1st 2005).

On 11 Oct 2005, at 17:01, Suporte SETi - Dennis wrote:

> And,  if i use this version :  4.36.4-1  ?
>
>
> ----- Original Message -----
> From: "Dhawal Doshy" <dhawal@NETMAGICSOLUTIONS.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Tuesday, October 11, 2005 4:43 AM
> Subject: Re: dont want virus files in quanrantine folders
>
>
>
>> Suporte SETi - Dennis wrote:
>>
>>> What to do if i dont want Virus files in my quarantine Folders?
>>> only eliminate the virus files.
>>>
>>>
>>> thanks
>>>
>>
>> See this in MailScanner.conf
>>
>> # Do you want to stop any virus-infected spam getting into the  
>> spam or MCP
>> # archives? If you have a system where users can release messages  
>> from the
>> # spam or MCP archives, then you probably want to stop them being  
>> able to
>> # release any infected messages, so set this to yes.
>> # It is set to no by default as it causes a small hit in  
>> performance, and
>> # many people don't allow users to access the spam quarantine, so  
>> don't
>> # need it.
>> # This can also be the filename of a ruleset.
>> Keep Spam And MCP Archive Clean = no
>>
>> - dhawal
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>> --------------------------------------------------------------------
>> Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam.
>> Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br
>>
>>
>>
>
>
>
> --------------------------------------------------------------------
> Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam.
> Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0uqffw32o+k+q+hAQEzcgf/RGaPyHY6Ze3whf1qM24ydjaAjwn78U3c
jCAV7h3NVezkh7ElY2zoA8pNvwCQrLc0IFUzmgrCuaVU7PflxRDrzcFEg+KNji57
W5h2K0OfZb8grwyKBEeq0hY5cmzzK5nRUNUgQuSnpcCBwBx8tWQgldP48yV7belh
65onlbkwyTdsso6k5MUpE3pHABavzfNlzjwVSxQxMynDHfHf81UWE+Tuq2JzB4Au
i08yzVZ+39Sk8Od3VODdgn7pWqfF3g1ubFVmcGpFTLUreLAFj1c44kN7n2fUWzrI
9Lv6ImJtaiP/eAiBzK6wzSS9f1aoTEPvzOAjimzzKZi0botMjIWXLw==
=beFY
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct 11 13:11:34 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15946.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> You need to upgrade. It was added in 4.37 (Jan 1st 2005).
> 

And you also need to sync the time on your laptop.. your posts are more 
than 4 hours in the future.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Tue Oct 11 13:28:01 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:30:56 2006
Subject: LDAP script for Active Directory (also, Wiki)
Message-ID: <mailman.15947.1137101456.24926.mailscanner@lists.mailscanner.info>

On Tue, 2005-10-11 at 12:51 +0200, Anders Andersson, IT wrote:
> One thing I wondered that I didnt understand about Milter-Ahead, what
> will happen if the call-ahead fails? I guess that goes for things like
> keeping configuration on a mysql as well?

this is in the docs, the delivery is attempted.

G

> 
> /Anders

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct 11 13:24:19 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15948.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Tue, October 11, 2005 13:11, Dhawal Doshy wrote:
> Julian Field wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> You need to upgrade. It was added in 4.37 (Jan 1st 2005).
>>
>
> And you also need to sync the time on your laptop.. your posts are more
> than 4 hours in the future.
>

Or the time zone is wrong <header>Date: Tue, 11 Oct 2005 09:01:34
-0700</header>

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From suporte at SETINET.COM.BR  Tue Oct 11 13:46:07 2005
From: suporte at SETINET.COM.BR (Suporte SETi - Dennis)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15949.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ok, sorry about the time.
Now that's ok, i think

Thanks

----- Original Message -----
From: "Drew Marshall" <drew@THEMARSHALLS.CO.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, October 11, 2005 9:24 AM
Subject: Re: dont want virus files in quanrantine folders


> On Tue, October 11, 2005 13:11, Dhawal Doshy wrote:
> > Julian Field wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >>
> >> You need to upgrade. It was added in 4.37 (Jan 1st 2005).
> >>
> >
> > And you also need to sync the time on your laptop.. your posts are more
> > than 4 hours in the future.
> >
>
> Or the time zone is wrong <header>Date: Tue, 11 Oct 2005 09:01:34
> -0700</header>
>
> Drew
>
>
> --
> In line with our policy, this message has
> been scanned for viruses and dangerous
> content by MailScanner, and is believed to be clean.
> www.themarshalls.co.uk/policy
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
>
> --------------------------------------------------------------------
> Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam.
> Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br
>
>



--------------------------------------------------------------------
Esta mensagem foi verificada pelo sistema de anti-vírus e anti-spam. 
Seti Segurança e Tecnologia na Internet - suporte@setinet.com.br    

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From aslan at AEON.COM.BR  Tue Oct 11 13:48:50 2005
From: aslan at AEON.COM.BR (Aslan Carlos de Medeiros Ramos)
Date: Thu Jan 12 21:30:56 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.15950.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Guys,
I'm talk to brazil,
I've make a module for Mailscanner to save all traffic in and out for a
security propose, but If one here help I'll finish early.
I've used the object $message to get the traffic, but I can't get the
body, how I can do this?
Sorry my english may be so bad.
Thanks!!
When I've finish, I put it here..


--
Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br>
Aeon Technologies
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  492bytes. ]
    [ Unable to print this part. ]


From aslan at AEON.COM.BR  Tue Oct 11 13:57:36 2005
From: aslan at AEON.COM.BR (Aslan Carlos de Medeiros Ramos)
Date: Thu Jan 12 21:30:56 2006
Subject: Always Looked Up Last
Message-ID: <mailman.15951.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi!
How can I put two function in the option "Always Looked Up Last" in the
MailScanner.conf,
I want run the MailWatch and um function (my copymail) both togther.

Thanks..


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  492bytes. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Tue Oct 11 14:01:13 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:56 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.15952.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Just use the "Archive Mail" feature.
And please always set your reply-to to be the mailing list (or don't set
it at all). There is little point having a discussion in replies are not
sent to the list. And people like me get very annoyed having to add the
list address to the recipient list of all the replies to people like you.

On 11 Oct 2005, at 13:48, Aslan Carlos de Medeiros Ramos wrote:

      * PGP Signed by an unknown key: 10/11/05 at 13:48:49
Hi Guys,
I'm talk to brazil,
I've make a module for Mailscanner to save all traffic in and out
for a security propose, but If one here help I'll finish early.
I've used the object $message to get the traffic, but I can't get
the body, how I can do this?
Sorry my english may be so bad.
Thanks!!
When I've finish, I put it here..


--
Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br>
Aeon Technologies * Unknown Key
* 0x9939056D


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives
(http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From ugob at CAMO-ROUTE.COM  Tue Oct 11 13:53:48 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:56 2006
Subject: dont want virus files  in quanrantine folders
Message-ID: <mailman.15953.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Suporte SETi - Dennis wrote:
> And,  if i use this version :  4.36.4-1  ?

The workaround is to forward what you don't deliver to /dev/null.  But 
you should think about upgrading or you may end up having so much 
changes in your next upgrade that it would become very hard.

Regards,

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From aslan at AEON.COM.BR  Tue Oct 11 14:18:47 2005
From: aslan at AEON.COM.BR (Aslan Carlos de Medeiros Ramos)
Date: Thu Jan 12 21:30:56 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.15954.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks,
And Sorry it my first email.


On Tue, 2005-10-11 at 14:01 +0100, Julian Field wrote:
      Just use the "Archive Mail" feature.


      And please always set your reply-to to be the mailing list
      (or don't set it at all). There is little point having a
      discussion in replies are not sent to the list. And people
      like me get very annoyed having to add the list address to
      the recipient list of all the replies to people like you.

      On 11 Oct 2005, at 13:48, Aslan Carlos de Medeiros Ramos
      wrote:

            * PGP Signed by an unknown key: 10/11/05 at
            13:48:49

            Hi Guys,
            I'm talk to brazil,
            I've make a module for Mailscanner to save all
            traffic in and out for a security propose, but If
            one here help I'll finish early.
            I've used the object $message to get the traffic,
            but I can't get the body, how I can do this?
            Sorry my english may be so bad.
            Thanks!!
            When I've finish, I put it here..


            --
            Aslan Carlos de Medeiros Ramos
            <aslan@aeon.com.br>
            Aeon Technologies * Unknown Key
            * 0x9939056D



            ------------------------ MailScanner list
            ------------------------
            To unsubscribe, email jiscmail@jiscmail.ac.uk
            with the words:
            'leave mailscanner' in the body of the email.
            Before posting, read the Wiki
            (http://wiki.mailscanner.info/)
            and the archives
            (http://www.jiscmail.ac.uk/lists/mailscanner.html).

            Support MailScanner development - buy the book
            off the website!


      -- 
      Julian Field
      www.MailScanner.info
      Buy the MailScanner book at www.MailScanner.info/store
      PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415
      B654



      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!

--
Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br>
Aeon Technologies
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  492bytes. ]
    [ Unable to print this part. ]


From cparker at SWATGEAR.COM  Tue Oct 11 16:42:01 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:56 2006
Subject: Error getting Julian's key
Message-ID: <mailman.15955.1137101456.24926.mailscanner@lists.mailscanner.info>

Dhawal Doshy <mailto:dhawal@NETMAGICSOLUTIONS.COM>
    on Monday, October 10, 2005 9:09 PM said:

> Do you have a directory called .gnupg in /root? try creating one and
> rinse repeat to see if it works.

No I didn't. I thought it was more complicated than that so I asked the
list to make sure (because Google was no help). But I guess this was all
I needed to do.


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From aslan at AEON.COM.BR  Tue Oct 11 17:12:50 2005
From: aslan at AEON.COM.BR (Aslan Carlos de Medeiros Ramos)
Date: Thu Jan 12 21:30:56 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.15956.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi  Julian,
Thanks for help me, this option "Archive Mail" it's my solution, but I
can't understand the rules,
there say
# Space-separated list of any combination of
# 1. email addresses to which mail should be forwarded,
# 2. directory names where you want mail to be stored,
# 3. file names (they must already exist!) to which mail will be appended
#    in "mbox" format suitable for most Unix mail systems.
#
# If you give this option a ruleset, you can control exactly whose mail
# is archived or forwarded. If you do this, beware of the legal
implications
# as this could be deemed to be illegal interception unless the police
have
# asked you to do this.
(Where a put the 1,2 or 3 sayed above)?

I'd make a file rule follow a exemple
/etc/MailScanner/rules/achive.rules
FromOrTo:    user@domain.com        /var/spool/MailScanner/achive/user
above is append all the traffic from or to to the file user in the one
dir, but my problem is , I need to order by date
exemple : /var/spool/MailScanner/user/$date/in or out .
Any Idea?


Thanks for all,
Aslan Carlos


On Tue, 2005-10-11 at 10:18 -0300, Aslan Carlos de Medeiros Ramos wrote:
      Thanks,
      And Sorry it my first email.


      On Tue, 2005-10-11 at 14:01 +0100, Julian Field wrote:
            Just use the "Archive Mail" feature.


            And please always set your reply-to to be the
            mailing list (or don't set it at all). There is
            little point having a discussion in replies are
            not sent to the list. And people like me get very
            annoyed having to add the list address to the
            recipient list of all the replies to people like
            you.

            On 11 Oct 2005, at 13:48, Aslan Carlos de
            Medeiros Ramos wrote:

                  * PGP Signed by an unknown key:
                  10/11/05 at 13:48:49

                  Hi Guys,
                  I'm talk to brazil,
                  I've make a module for Mailscanner to
                  save all traffic in and out for a
                  security propose, but If one here
                  help I'll finish early.
                  I've used the object $message to get
                  the traffic, but I can't get the
                  body, how I can do this?
                  Sorry my english may be so bad.
                  Thanks!!
                  When I've finish, I put it here..


                  --
                  Aslan Carlos de Medeiros Ramos
                  <aslan@aeon.com.br>
                  Aeon Technologies * Unknown Key
                  * 0x9939056D



                  ------------------------ MailScanner
                  list ------------------------
                  To unsubscribe, email
                  jiscmail@jiscmail.ac.uk with the
                  words:
                  'leave mailscanner' in the body of
                  the email.
                  Before posting, read the Wiki
                  (http://wiki.mailscanner.info/)
                  and the archives
                  (http://www.jiscmail.ac.uk/lists/mailscanner.html).

                  Support MailScanner development - buy
                  the book off the website!


            -- 
            Julian Field
            www.MailScanner.info
            Buy the MailScanner book at
            www.MailScanner.info/store
            PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6
            5947 1415 B654



            ------------------------ MailScanner list
            ------------------------
            To unsubscribe, email jiscmail@jiscmail.ac.uk
            with the words:
            'leave mailscanner' in the body of the email.
            Before posting, read the Wiki
            (http://wiki.mailscanner.info/)
            and the archives
            (http://www.jiscmail.ac.uk/lists/mailscanner.html).

            Support MailScanner development - buy the book
            off the website!

      --
      Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br>
      Aeon Technologies
      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!

--
Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br>
Aeon Technologies
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  492bytes. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Tue Oct 11 17:59:43 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:56 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.15957.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Aslan Carlos de Medeiros Ramos wrote:

> Hi  Julian,
> Thanks for help me, this option "Archive Mail" it's my solution, but I 
> can't understand the rules,
> there say
> # Space-separated list of any combination of
> # 1. email addresses to which mail should be forwarded,
> # 2. directory names where you want mail to be stored,
> # 3. file names (they must already exist!) to which mail will be appended
> #    in "mbox" format suitable for most Unix mail systems.
> #
> # If you give this option a ruleset, you can control exactly whose mail
> # is archived or forwarded. If you do this, beware of the legal 
> implications
> # as this could be deemed to be illegal interception unless the police 
> have
> # asked you to do this.
> (Where a put the 1,2 or 3 sayed above)?

It means you can have a list containing any of the 3 options given.

>
> I'd make a file rule follow a exemple
> /etc/MailScanner/rules/achive.rules
> FromOrTo:    user@domain.com        /var/spool/MailScanner/achive/user
> above is append all the traffic from or to to the file user in the one 
> dir, but my problem is , I need to order by date
> exemple : /var/spool/MailScanner/user/$date/in or out .
> Any Idea?

If you had a recent version, you would see this comment as well:

# Any of the items above can contain the magic string _DATE_ in them
# which will be replaced with the current date in yyyymmdd format.
# This will make archive-rolling and maintenance much easier, as you can
# guarantee that yesterday's mail archive will not be in active use today.

So if you wanted to save the mail for user@domain.com then you could put
Archive Mail = /var/spool/MailScanner/user/_DATE_/mail

You need to upgrade your MailScanner.

>
>
> Thanks for all,
> Aslan Carlos
>
>
> On Tue, 2005-10-11 at 10:18 -0300, Aslan Carlos de Medeiros Ramos wrote:
>
>> Thanks,
>> And Sorry it my first email.
>>
>>
>> On Tue, 2005-10-11 at 14:01 +0100, Julian Field wrote:
>>
>>> Just use the "Archive Mail" feature.
>>>
>>>
>>> And please always set your reply-to to be the mailing list (or don't 
>>> set it at all). There is little point having a discussion in replies 
>>> are not sent to the list. And people like me get very annoyed having 
>>> to add the list address to the recipient list of all the replies to 
>>> people like you.
>>>
>>> On 11 Oct 2005, at 13:48, Aslan Carlos de Medeiros Ramos wrote:
>>>
>>>> * PGP Signed by an unknown key: 10/11/05 at 13:48:49
>>>>
>>>> Hi Guys,
>>>> I'm talk to brazil,
>>>> I've make a module for Mailscanner to save all traffic in and out 
>>>> for a security propose, but If one here help I'll finish early.
>>>> I've used the object $message to get the traffic, but I can't get 
>>>> the body, how I can do this?
>>>> Sorry my english may be so bad.
>>>> Thanks!!
>>>> When I've finish, I put it here..
>>>>
>>>>
>>>> -- 
>>>> Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br 
>>>> <mailto:aslan@aeon.com.br>>
>>>> Aeon Technologies
>>>>
>>>> * Unknown Key
>>>> * 0x9939056D
>>>>
>>>>
>>>>
>>>> ------------------------ MailScanner list ------------------------
>>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>> 'leave mailscanner' in the body of the email.
>>>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>>
>>>> *Support MailScanner development - buy the book off the website!*
>>>
>>>
>>> -- 
>>> Julian Field
>>> www.MailScanner.info
>>> Buy the MailScanner book at www.MailScanner.info/store 
>>> <http://www.MailScanner.info/store>
>>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> *Support MailScanner development - buy the book off the website!*
>>
>> -- 
>> Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br 
>> <mailto:aslan@aeon.com.br>>
>> Aeon Technologies
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> *Support MailScanner development - buy the book off the website!*
>
> -- 
> Aslan Carlos de Medeiros Ramos <aslan@aeon.com.br 
> <mailto:aslan@aeon.com.br>>
> Aeon Technologies
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> *Support MailScanner development - buy the book off the website!*


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike.patchen at GMAIL.COM  Tue Oct 11 18:37:31 2005
From: mike.patchen at GMAIL.COM (Mike Patchen)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15958.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

I am having a slight problem with Mailscanner in that occasionally
messages do not get scanned at all.  Running Mailscanner version
4.44.6, sendmail 8.12.8 (I know, I need to update that).  Problem only
occurs a couple of time a day out of about 4,000 emails/day.  Of
course, all the ones that I catch are spam/virus that should have been
caught in Mailscanner, but were completely missed.  On all of these
messages, there is no header information to suggest that it was even
scanned, and the logs show no scanning to have occurred.

Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
from=<{sender@domain.org}>, size=2102, class=0, nrcpts=3,
msgid=<46951E64.855A1E7@{domain.org}>, proto=ESMTP, daemon=MTA,
relay={relay} [{x.x.x.x}]
Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
to=<{user1@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
stat=queued
Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
to=<{user2@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
stat=queued
Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
to=<{user3@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
stat=queued
Oct 11 11:37:04 mail sendmail[20449]: j9BGb2KV020448:
to=<{user3@mydomain.com}>,<{user2@mydomain.com}>,<{user1@mydomain.com}>,
delay=00:00:02, xdelay=00:00:00, mailer=smtp, pri=182102,
relay=[{internal mail server}] [x.x.x.x], dsn=2.0.0, stat=Sent
(Requested mail action okay, completed)

Sometimes there will be multiple recipients, sometimes just one.  I
have verified that there are no specific rules for any of the
individual users, or the relay servers.  I'm not even sure if this is
a Mailscanner issue or a sendmail issue at this point.  With the
exception of these few messages, everything is working just as
expected.

Thanks in advance for any help!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 11 19:12:04 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15959.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Are you running Linux?
Please check you have *not* got the sendmail service running, and not 
starting on reboot. Do this lot:
service MailScanner stop
service sendmail stop
Check you have no sendmail processes running at all
Check you have no MailScanner processes running at all
chkconfig sendmail off
chkconfig --level 2345 MailScanner on
service MailScanner start

and see if that helps at all.

Also, make sure you haven't got any webmin/cpanel/whatever software 
running that may be trying to restart sendmail.

Mike Patchen wrote:

>Hello,
>
>I am having a slight problem with Mailscanner in that occasionally
>messages do not get scanned at all.  Running Mailscanner version
>4.44.6, sendmail 8.12.8 (I know, I need to update that).  Problem only
>occurs a couple of time a day out of about 4,000 emails/day.  Of
>course, all the ones that I catch are spam/virus that should have been
>caught in Mailscanner, but were completely missed.  On all of these
>messages, there is no header information to suggest that it was even
>scanned, and the logs show no scanning to have occurred.
>
>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>from=<{sender@domain.org}>, size=2102, class=0, nrcpts=3,
>msgid=<46951E64.855A1E7@{domain.org}>, proto=ESMTP, daemon=MTA,
>relay={relay} [{x.x.x.x}]
>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>to=<{user1@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
>stat=queued
>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>to=<{user2@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
>stat=queued
>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>to=<{user3@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
>stat=queued
>Oct 11 11:37:04 mail sendmail[20449]: j9BGb2KV020448:
>to=<{user3@mydomain.com}>,<{user2@mydomain.com}>,<{user1@mydomain.com}>,
>delay=00:00:02, xdelay=00:00:00, mailer=smtp, pri=182102,
>relay=[{internal mail server}] [x.x.x.x], dsn=2.0.0, stat=Sent
>(Requested mail action okay, completed)
>
>Sometimes there will be multiple recipients, sometimes just one.  I
>have verified that there are no specific rules for any of the
>individual users, or the relay servers.  I'm not even sure if this is
>a Mailscanner issue or a sendmail issue at this point.  With the
>exception of these few messages, everything is working just as
>expected.
>
>Thanks in advance for any help!
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0wAdhH2WUcUFbZUEQIcuwCg1MjyVXsv3aeiriQz2g+Ro8nhJP4AoIDx
trfDNRMvozg84nvii6nacIh7
=fbXu
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike.patchen at GMAIL.COM  Tue Oct 11 19:29:52 2005
From: mike.patchen at GMAIL.COM (Mike Patchen)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15960.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, I am running Linux - RedHat 8.  Guess I am a bit confused on not
having sendmail running, do I not need this to accept incoming mail
and place it in MailScanner's queue?  I have my sendmail setup as per
the instructions on the web site, it saves incoming messages to
mailq.in, MailScanner processes them and places them back into mailq. 
A separate sendmail process then handles final delivery of the
message.  This appears to be working perfectly fine.

Mike

On 10/11/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Are you running Linux?
> Please check you have *not* got the sendmail service running, and not
> starting on reboot. Do this lot:
> service MailScanner stop
> service sendmail stop
> Check you have no sendmail processes running at all
> Check you have no MailScanner processes running at all
> chkconfig sendmail off
> chkconfig --level 2345 MailScanner on
> service MailScanner start
>
> and see if that helps at all.
>
> Also, make sure you haven't got any webmin/cpanel/whatever software
> running that may be trying to restart sendmail.
>
> Mike Patchen wrote:
>
> >Hello,
> >
> >I am having a slight problem with Mailscanner in that occasionally
> >messages do not get scanned at all.  Running Mailscanner version
> >4.44.6, sendmail 8.12.8 (I know, I need to update that).  Problem only
> >occurs a couple of time a day out of about 4,000 emails/day.  Of
> >course, all the ones that I catch are spam/virus that should have been
> >caught in Mailscanner, but were completely missed.  On all of these
> >messages, there is no header information to suggest that it was even
> >scanned, and the logs show no scanning to have occurred.
> >
> >Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >from=<{sender@domain.org}>, size=2102, class=0, nrcpts=3,
> >msgid=<46951E64.855A1E7@{domain.org}>, proto=ESMTP, daemon=MTA,
> >relay={relay} [{x.x.x.x}]
> >Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >to=<{user1@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> >stat=queued
> >Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >to=<{user2@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> >stat=queued
> >Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >to=<{user3@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> >stat=queued
> >Oct 11 11:37:04 mail sendmail[20449]: j9BGb2KV020448:
> >to=<{user3@mydomain.com}>,<{user2@mydomain.com}>,<{user1@mydomain.com}>,
> >delay=00:00:02, xdelay=00:00:00, mailer=smtp, pri=182102,
> >relay=[{internal mail server}] [x.x.x.x], dsn=2.0.0, stat=Sent
> >(Requested mail action okay, completed)
> >
> >Sometimes there will be multiple recipients, sometimes just one.  I
> >have verified that there are no specific rules for any of the
> >individual users, or the relay servers.  I'm not even sure if this is
> >a Mailscanner issue or a sendmail issue at this point.  With the
> >exception of these few messages, everything is working just as
> >expected.
> >
> >Thanks in advance for any help!
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >
> >
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
>
> iQA/AwUBQ0wAdhH2WUcUFbZUEQIcuwCg1MjyVXsv3aeiriQz2g+Ro8nhJP4AoIDx
> trfDNRMvozg84nvii6nacIh7
> =fbXu
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 11 20:15:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15961.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Mike Patchen wrote:

>Yes, I am running Linux - RedHat 8.  Guess I am a bit confused on not
>having sendmail running, do I not need this to accept incoming mail
>and place it in MailScanner's queue?
>
The MailScanner startup script will also start the sendmail processes it 
needs in the correct way. You don't want to start up sendmail 
independently as well, that will bypass MailScanner.

>  I have my sendmail setup as per
>the instructions on the web site, it saves incoming messages to
>mailq.in, MailScanner processes them and places them back into mailq. 
>A separate sendmail process then handles final delivery of the
>message.  This appears to be working perfectly fine.
>  
>
I hope you mean mqueue and not mailq....

>Mike
>
>On 10/11/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
>  
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Are you running Linux?
>>Please check you have *not* got the sendmail service running, and not
>>starting on reboot. Do this lot:
>>service MailScanner stop
>>service sendmail stop
>>Check you have no sendmail processes running at all
>>Check you have no MailScanner processes running at all
>>chkconfig sendmail off
>>chkconfig --level 2345 MailScanner on
>>service MailScanner start
>>
>>and see if that helps at all.
>>
>>Also, make sure you haven't got any webmin/cpanel/whatever software
>>running that may be trying to restart sendmail.
>>
>>Mike Patchen wrote:
>>
>>    
>>
>>>Hello,
>>>
>>>I am having a slight problem with Mailscanner in that occasionally
>>>messages do not get scanned at all.  Running Mailscanner version
>>>4.44.6, sendmail 8.12.8 (I know, I need to update that).  Problem only
>>>occurs a couple of time a day out of about 4,000 emails/day.  Of
>>>course, all the ones that I catch are spam/virus that should have been
>>>caught in Mailscanner, but were completely missed.  On all of these
>>>messages, there is no header information to suggest that it was even
>>>scanned, and the logs show no scanning to have occurred.
>>>
>>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>>>from=<{sender@domain.org}>, size=2102, class=0, nrcpts=3,
>>>msgid=<46951E64.855A1E7@{domain.org}>, proto=ESMTP, daemon=MTA,
>>>relay={relay} [{x.x.x.x}]
>>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>>>to=<{user1@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
>>>stat=queued
>>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>>>to=<{user2@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
>>>stat=queued
>>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
>>>to=<{user3@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
>>>stat=queued
>>>Oct 11 11:37:04 mail sendmail[20449]: j9BGb2KV020448:
>>>to=<{user3@mydomain.com}>,<{user2@mydomain.com}>,<{user1@mydomain.com}>,
>>>delay=00:00:02, xdelay=00:00:00, mailer=smtp, pri=182102,
>>>relay=[{internal mail server}] [x.x.x.x], dsn=2.0.0, stat=Sent
>>>(Requested mail action okay, completed)
>>>
>>>Sometimes there will be multiple recipients, sometimes just one.  I
>>>have verified that there are no specific rules for any of the
>>>individual users, or the relay servers.  I'm not even sure if this is
>>>a Mailscanner issue or a sendmail issue at this point.  With the
>>>exception of these few messages, everything is working just as
>>>expected.
>>>
>>>Thanks in advance for any help!
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>Support MailScanner development - buy the book off the website!
>>>
>>>
>>>      
>>>
>>- --
>>Julian Field
>>www.MailScanner.info
>>Buy the MailScanner book at www.MailScanner.info/store
>>Professional Support Services at www.MailScanner.biz
>>MailScanner thanks transtec Computers for their support
>>
>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>>-----BEGIN PGP SIGNATURE-----
>>Version: PGP Desktop 9.0.2 (Build 2424)
>>
>>iQA/AwUBQ0wAdhH2WUcUFbZUEQIcuwCg1MjyVXsv3aeiriQz2g+Ro8nhJP4AoIDx
>>trfDNRMvozg84nvii6nacIh7
>>=fbXu
>>-----END PGP SIGNATURE-----
>>
>>--
>>This message has been scanned for viruses and
>>dangerous content by MailScanner, and is
>>believed to be clean.
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>
>>    
>>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ0wPRhH2WUcUFbZUEQIVDgCdFhjiShGvtExH2iUlka7+hdjBEhYAoP0a
wGBRvnJhx4qXG2/k3Rn4qUsF
=FIDD
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Tue Oct 11 20:15:46 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:56 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.15962.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>
> And please always set your reply-to to be the mailing list (or don't 
> set it at all). There is little point having a discussion in replies 
> are not sent to the list. And people like me get very annoyed having 
> to add the list address to the recipient list of all the replies to 
> people like you.
>
Another thing I hate about other mailing lists. I'd rather put up with 
the occasional out-of-office reply than have to "reply all", "copy and 
paste" etc. - mailing list discussions are just that - discussions - and 
replies should go to the list.

And don't get me started on thread hijacking! ;)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Tue Oct 11 20:21:43 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:30:56 2006
Subject: Rants - was Re: Traffic Backup for security propose.
Message-ID: <mailman.15963.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Alex Neuman van der Hans wrote:

> And don't get me started on thread hijacking! ;)

Have we had a rant about email etiquette, top posting etc., recently? :)

/me runs


-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct 11 20:23:53 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:56 2006
Subject: Rants - was Re: Traffic Backup for security propose.
Message-ID: <mailman.15964.1137101456.24926.mailscanner@lists.mailscanner.info>

On 11 Oct 2005, at 20:21, Michele Neylon:: Blacknight.ie wrote:

> Alex Neuman van der Hans wrote:
>
>
>> And don't get me started on thread hijacking! ;)
>>
>
> Have we had a rant about email etiquette, top posting etc.,  
> recently? :)
>
> /me runs

Not for a couple of weeks or at least of any quality. :-)

/me runs after Michele

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Tue Oct 11 20:29:29 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:30:56 2006
Subject: Rants - was Re: Traffic Backup for security propose.
Message-ID: <mailman.15965.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Drew Marshall wrote:
 > Not for a couple of weeks or at least of any quality. :-)
> 
> /me runs after Michele
> 
Is that a gauntlet I see before me?

/me wonders if anybody else saw it

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct 11 20:36:39 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:56 2006
Subject: Rants - was Re: Traffic Backup for security propose.
Message-ID: <mailman.15966.1137101456.24926.mailscanner@lists.mailscanner.info>

On 11 Oct 2005, at 20:29, Michele Neylon:: Blacknight.ie wrote:

> Drew Marshall wrote:
>
>> Not for a couple of weeks or at least of any quality. :-)
>>
>> /me runs after Michele
>>
>>
> Is that a gauntlet I see before me?
>
> /me wonders if anybody else saw it

A gauntlet? I like to only take challenges I have a better than half  
a chance of winning :-) As 'Jim' (Gym) is some one I work with as  
opposed to go to...

On you marks... get set... GO

/me runs the other way some what faster than when he was following  
Michele (Now red in face and sounding like a steam train)

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rob at THEHOSTMASTERS.COM  Tue Oct 11 20:40:44 2005
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15967.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "Windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello all.. just tried this, and it did not work.... am i missing something?

In a file located in /etc/Mailscanner/rules/virus.scanning.rules

FromTo: *@domain1.com  no
FromTo: *@domain2.com    no
FromTo: default         yes


In /etc/Mailscanner/Mailscanner.conf

Changed the line

Virus scanning = yes

to

Virus scanning = /etc/Mailscanner/rules/virus.scanning.rules

All domain still get scanned for viruses...

Thanks...



Rob...

----- Original Message ----- 
From: "Chris Conn" <cconn@ABACOM.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, September 30, 2005 4:06 PM
Subject: Re: Exclude domain from Virus scan...


> Rob wrote:
>> Sorry for being a pain, but i did a quick search and did not find 
>> anything... i have a client that just called up 4pm here on a Friday, i 
>> close at 4:30 pm. This client wants me to exclude his domain from virus 
>> scanning only, but leave spam scanning , as they are developers and want 
>> to email each other this weekend   files and stuff...
>>
>> Can anyone tell me what files i need to add this domain to, to have it 
>> excluded from virus scanning?
>>
>> Once again sorry for posting in haste.. i apologize...
>>
>> Thanks...
>>
>> Rob...
>>
>
> Find this in your MailScanner.conf:
>
> Virus Scanning = yes
>
>
> change it to:
>
> Virus Scanning = %rules-dir%/virus.scanning.rules
>
> and in your rules dir, make a file calle virus.scanning.rules that 
> contains:
>
> To: *@hisdomain.com no
> To: *@hisdomain2.com no
> To: *@hisdomain3.com no
> FromOrTo: default yes
>
> so for every domain you don't want to virus scan, list it before the 
> FromOrTo line.  If your customer only has one domain, your file will only 
> have 2 lines.
>
> Good luck.
>
> Oh, and since it is friday I would send myself a few test viruses and make 
> sure that you didn't fowl up anything... =)
>
> Chris
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cconn at ABACOM.COM  Tue Oct 11 20:42:04 2005
From: cconn at ABACOM.COM (Chris Conn)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15968.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Did you reload your mailscanner processes after?

Chris

Rob wrote:
> Hello all.. just tried this, and it did not work.... am i missing 
> something?
> 
> In a file located in /etc/Mailscanner/rules/virus.scanning.rules
> 
> FromTo: *@domain1.com  no
> FromTo: *@domain2.com    no
> FromTo: default         yes
> 
> 
> In /etc/Mailscanner/Mailscanner.conf
> 
> Changed the line
> 
> Virus scanning = yes
> 
> to
> 
> Virus scanning = /etc/Mailscanner/rules/virus.scanning.rules
> 
> All domain still get scanned for viruses...
> 
> Thanks...
> 
> 
> 
> Rob...
> 
> ----- Original Message ----- From: "Chris Conn" <cconn@ABACOM.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Friday, September 30, 2005 4:06 PM
> Subject: Re: Exclude domain from Virus scan...
> 
> 
>> Rob wrote:
>>
>>> Sorry for being a pain, but i did a quick search and did not find 
>>> anything... i have a client that just called up 4pm here on a Friday, 
>>> i close at 4:30 pm. This client wants me to exclude his domain from 
>>> virus scanning only, but leave spam scanning , as they are developers 
>>> and want to email each other this weekend   files and stuff...
>>>
>>> Can anyone tell me what files i need to add this domain to, to have 
>>> it excluded from virus scanning?
>>>
>>> Once again sorry for posting in haste.. i apologize...
>>>
>>> Thanks...
>>>
>>> Rob...
>>>
>>
>> Find this in your MailScanner.conf:
>>
>> Virus Scanning = yes
>>
>>
>> change it to:
>>
>> Virus Scanning = %rules-dir%/virus.scanning.rules
>>
>> and in your rules dir, make a file calle virus.scanning.rules that 
>> contains:
>>
>> To: *@hisdomain.com no
>> To: *@hisdomain2.com no
>> To: *@hisdomain3.com no
>> FromOrTo: default yes
>>
>> so for every domain you don't want to virus scan, list it before the 
>> FromOrTo line.  If your customer only has one domain, your file will 
>> only have 2 lines.
>>
>> Good luck.
>>
>> Oh, and since it is friday I would send myself a few test viruses and 
>> make sure that you didn't fowl up anything... =)
>>
>> Chris
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website! 
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Tue Oct 11 20:41:58 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:56 2006
Subject: Errors when running --lint
Message-ID: <mailman.15969.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>On 10/10/05, Alex Neuman <alex@nkpanama.com> wrote:
>  
>
>>>DCC and Razor are no more free, razor hasn't been so for the past 2
>>>years and dcc for about 4 months..
>>>
>>>Heres what you need to do:
>>>Enable the DCC / RAZOR plugins in /etc/mail/spamassassin/v310.pre if you
>>>qualify for their free usage policy OR comment out the erroneous lines
>>>in spam.assassin.prefs.conf if you don't qualify.
>>>      
>>>
>>Anybody care to explain why/how DCC/Razor are not free? Are they "not free
>>as in beer", "not free as in speech", or some other form of "not free"?
>>Thanks...
>>
>>    
>>
>Excerpts from their sites
>DCC: (in reverse order of appearance, for clarity)
>...
>The Distributed Checksum Clearinghouse source carries a license that
>is free to organizations that do not sell filtering devices or
>services except to their own users and that participate in the global
>DCC network. (I.e. ISPs that use the DCC to filter mail for their own
>users are intended to be covered in the free license.) You also can't
>call it your own or blame anyone for using it.
>...
>Note that it has never been proper to sell the bandwidth and, most
>important, human system administration work of the public DCC servers
>to third parties. Sellers of products or services including the DCC
>must provide DCC servers of their own or contracted from others. For
>example, Commtouch operates DCC servers for its licensees.
>...
>Razor2: (More or less the total sum of
>http://razor.sourceforge.net/docs/doc.php?type=text&name=SERVICE_POLICY)
>...
>Cloudmark SpamNet Service Policy
>
>V1.0
>Aug 1, 2003
>
>SpamNet Service and Razor-Agents
>
>While Razor-Agents are distributed under the Artistic License and will
>stay that way, the Cloudmark SpamNet service, a particular implementation
>of a Razor-compliant back-end, is a commercial operation with maintenance
>and support costs, and is no longer available for unlimited free use,
>effective immediately.
>
>Use of the SpamNet service by Razor-agent-enabled software will remain
>free for personal use, subject to capacity constraints that Cloudmark may
>enforce against intensive users of the service as it sees fit.
>
>Distribution or use of the system in commercial embedded software
>solutions is not free. All such access must be licensed by Cloudmark.
>Organizations interested in working with Razor or with Cloudmark's
>next-generation SpamNet client technologies should contact Cloudmark at
>partners@cloudmark.com
>...
>
>Just for completeness, lets add this blurb from the Pyzor website too:
>...
> Pyzor is a collaborative, networked system to detect and block spam
>using identifying digests of messages.
>
>Pyzor initially started out to be merely a Python implementation of
>Razor, but due to the protocol and the fact that Razor's server is not
>Open Source or software libre, I decided to impelement Pyzor with a
>new protocol and release the entire system as Open Source and software
>libre.
>
>Since the entire system is released under the GPL, people are free to
>host their own independent servers. Server peering is planned for a
>future release.
>...
>
>So of them, we have one GPL (but suffering from .... other problems...
>Well, really just the scarcity of servers:-), one "free for YOUR
>users, provided you SHARE", and one "free for personal use, but not
>much else".
>
>This is enough "freedom" that I, for one, can use them. And it is
>strongly suggested that all you who provide commercial anti-spam
>services should be using the commercial offering for Razor and
>participate with at least a server and/or a commercial license for
>DCC, AFAICS.
>
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>
Ok... So unless it's for my own personal use, pyzor is the only really 
"free" one. I'll look into setting up a service on my servers in order 
to help with the load.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Tue Oct 11 20:43:25 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15970.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rob wrote:

> Hello all.. just tried this, and it did not work.... am i missing 
> something?
>
> In a file located in /etc/Mailscanner/rules/virus.scanning.rules
>
> FromTo: *@domain1.com  no
> FromTo: *@domain2.com    no
> FromTo: default         yes

It's From:, To:, or FromOrTo: - not FromTo:

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct 11 20:44:26 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15971.1137101456.24926.mailscanner@lists.mailscanner.info>

On 11 Oct 2005, at 20:40, Rob wrote:

> Hello all.. just tried this, and it did not work.... am i missing  
> something?

Yup :-)
>
> In a file located in /etc/Mailscanner/rules/virus.scanning.rules
>
> FromTo: *@domain1.com  no
> FromTo: *@domain2.com    no
> FromTo: default         yes

I think this should be FromOrTo: *@domain.tld no

etc

>
>
> In /etc/Mailscanner/Mailscanner.conf
>
> Changed the line
>
> Virus scanning = yes
>
> to
>
> Virus scanning = /etc/Mailscanner/rules/virus.scanning.rules
>
> All domain still get scanned for viruses...

Don't forget to restart MailScanner

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike.patchen at GMAIL.COM  Tue Oct 11 20:51:34 2005
From: mike.patchen at GMAIL.COM (Mike Patchen)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15972.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, mqueue and mqueue.in.  Major brain fart there, sorry.  Sometimes
the fingers work independently from the brain when writing email.

On 10/11/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Mike Patchen wrote:
>
> >Yes, I am running Linux - RedHat 8.  Guess I am a bit confused on not
> >having sendmail running, do I not need this to accept incoming mail
> >and place it in MailScanner's queue?
> >
> The MailScanner startup script will also start the sendmail processes it
> needs in the correct way. You don't want to start up sendmail
> independently as well, that will bypass MailScanner.
>
> >  I have my sendmail setup as per
> >the instructions on the web site, it saves incoming messages to
> >mailq.in, MailScanner processes them and places them back into mailq.
> >A separate sendmail process then handles final delivery of the
> >message.  This appears to be working perfectly fine.
> >
> >
> I hope you mean mqueue and not mailq....
>
> >Mike
> >
> >On 10/11/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> >
> >
> >>-----BEGIN PGP SIGNED MESSAGE-----
> >>Hash: SHA1
> >>
> >>Are you running Linux?
> >>Please check you have *not* got the sendmail service running, and not
> >>starting on reboot. Do this lot:
> >>service MailScanner stop
> >>service sendmail stop
> >>Check you have no sendmail processes running at all
> >>Check you have no MailScanner processes running at all
> >>chkconfig sendmail off
> >>chkconfig --level 2345 MailScanner on
> >>service MailScanner start
> >>
> >>and see if that helps at all.
> >>
> >>Also, make sure you haven't got any webmin/cpanel/whatever software
> >>running that may be trying to restart sendmail.
> >>
> >>Mike Patchen wrote:
> >>
> >>
> >>
> >>>Hello,
> >>>
> >>>I am having a slight problem with Mailscanner in that occasionally
> >>>messages do not get scanned at all.  Running Mailscanner version
> >>>4.44.6, sendmail 8.12.8 (I know, I need to update that).  Problem only
> >>>occurs a couple of time a day out of about 4,000 emails/day.  Of
> >>>course, all the ones that I catch are spam/virus that should have been
> >>>caught in Mailscanner, but were completely missed.  On all of these
> >>>messages, there is no header information to suggest that it was even
> >>>scanned, and the logs show no scanning to have occurred.
> >>>
> >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >>>from=<{sender@domain.org}>, size=2102, class=0, nrcpts=3,
> >>>msgid=<46951E64.855A1E7@{domain.org}>, proto=ESMTP, daemon=MTA,
> >>>relay={relay} [{x.x.x.x}]
> >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >>>to=<{user1@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> >>>stat=queued
> >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >>>to=<{user2@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> >>>stat=queued
> >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> >>>to=<{user3@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> >>>stat=queued
> >>>Oct 11 11:37:04 mail sendmail[20449]: j9BGb2KV020448:
> >>>to=<{user3@mydomain.com}>,<{user2@mydomain.com}>,<{user1@mydomain.com}>,
> >>>delay=00:00:02, xdelay=00:00:00, mailer=smtp, pri=182102,
> >>>relay=[{internal mail server}] [x.x.x.x], dsn=2.0.0, stat=Sent
> >>>(Requested mail action okay, completed)
> >>>
> >>>Sometimes there will be multiple recipients, sometimes just one.  I
> >>>have verified that there are no specific rules for any of the
> >>>individual users, or the relay servers.  I'm not even sure if this is
> >>>a Mailscanner issue or a sendmail issue at this point.  With the
> >>>exception of these few messages, everything is working just as
> >>>expected.
> >>>
> >>>Thanks in advance for any help!
> >>>
> >>>------------------------ MailScanner list ------------------------
> >>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >>>'leave mailscanner' in the body of the email.
> >>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>>
> >>>Support MailScanner development - buy the book off the website!
> >>>
> >>>
> >>>
> >>>
> >>- --
> >>Julian Field
> >>www.MailScanner.info
> >>Buy the MailScanner book at www.MailScanner.info/store
> >>Professional Support Services at www.MailScanner.biz
> >>MailScanner thanks transtec Computers for their support
> >>
> >>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> >>
> >>
> >>-----BEGIN PGP SIGNATURE-----
> >>Version: PGP Desktop 9.0.2 (Build 2424)
> >>
> >>iQA/AwUBQ0wAdhH2WUcUFbZUEQIcuwCg1MjyVXsv3aeiriQz2g+Ro8nhJP4AoIDx
> >>trfDNRMvozg84nvii6nacIh7
> >>=fbXu
> >>-----END PGP SIGNATURE-----
> >>
> >>--
> >>This message has been scanned for viruses and
> >>dangerous content by MailScanner, and is
> >>believed to be clean.
> >>
> >>------------------------ MailScanner list ------------------------
> >>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >>'leave mailscanner' in the body of the email.
> >>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >>Support MailScanner development - buy the book off the website!
> >>
> >>
> >>
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >
> >
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
>
> iQA/AwUBQ0wPRhH2WUcUFbZUEQIVDgCdFhjiShGvtExH2iUlka7+hdjBEhYAoP0a
> wGBRvnJhx4qXG2/k3Rn4qUsF
> =FIDD
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dnsadmin at 1BIGTHINK.COM  Tue Oct 11 21:00:07 2005
From: dnsadmin at 1BIGTHINK.COM (dnsadmin 1bigthink.com)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15973.1137101456.24926.mailscanner@lists.mailscanner.info>

At 03:51 PM 10/11/2005, you wrote:

>Yes, mqueue and mqueue.in.  Major brain fart there, sorry.  Sometimes
>the fingers work independently from the brain when writing email.
>
>On 10/11/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >
> > Mike Patchen wrote:
> >
> > >Yes, I am running Linux - RedHat 8.  Guess I am a bit confused on not
> > >having sendmail running, do I not need this to accept incoming mail
> > >and place it in MailScanner's queue?
> > >
> > The MailScanner startup script will also start the sendmail processes it
> > needs in the correct way. You don't want to start up sendmail
> > independently as well, that will bypass MailScanner.
> >
> > >  I have my sendmail setup as per
> > >the instructions on the web site, it saves incoming messages to
> > >mailq.in, MailScanner processes them and places them back into mailq.
> > >A separate sendmail process then handles final delivery of the
> > >message.  This appears to be working perfectly fine.
> > >
> > >
> > I hope you mean mqueue and not mailq....
> >
> > >Mike
> > >
> > >On 10/11/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> > >
> > >
> > >>-----BEGIN PGP SIGNED MESSAGE-----
> > >>Hash: SHA1
> > >>
> > >>Are you running Linux?
> > >>Please check you have *not* got the sendmail service running, and not
> > >>starting on reboot. Do this lot:
> > >>service MailScanner stop
> > >>service sendmail stop
> > >>Check you have no sendmail processes running at all
> > >>Check you have no MailScanner processes running at all
> > >>chkconfig sendmail off
> > >>chkconfig --level 2345 MailScanner on
> > >>service MailScanner start
> > >>
> > >>and see if that helps at all.
> > >>
> > >>Also, make sure you haven't got any webmin/cpanel/whatever software
> > >>running that may be trying to restart sendmail.
> > >>
> > >>Mike Patchen wrote:
> > >>
> > >>
> > >>
> > >>>Hello,
> > >>>
> > >>>I am having a slight problem with Mailscanner in that occasionally
> > >>>messages do not get scanned at all.  Running Mailscanner version
> > >>>4.44.6, sendmail 8.12.8 (I know, I need to update that).  Problem only
> > >>>occurs a couple of time a day out of about 4,000 emails/day.  Of
> > >>>course, all the ones that I catch are spam/virus that should have been
> > >>>caught in Mailscanner, but were completely missed.  On all of these
> > >>>messages, there is no header information to suggest that it was even
> > >>>scanned, and the logs show no scanning to have occurred.
> > >>>
> > >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> > >>>from=<{sender@domain.org}>, size=2102, class=0, nrcpts=3,
> > >>>msgid=<46951E64.855A1E7@{domain.org}>, proto=ESMTP, daemon=MTA,
> > >>>relay={relay} [{x.x.x.x}]
> > >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> > >>>to=<{user1@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> > >>>stat=queued
> > >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> > >>>to=<{user2@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> > >>>stat=queued
> > >>>Oct 11 11:37:02 mail sendmail[20448]: j9BGb2KV020448:
> > >>>to=<{user3@mydomain.com}>, delay=00:00:00, mailer=smtp, pri=92102,
> > >>>stat=queued
> > >>>Oct 11 11:37:04 mail sendmail[20449]: j9BGb2KV020448:
> > >>>to=<{user3@mydomain.com}>,<{user2@mydomain.com}>,<{user1@mydomain.com}>,
> > >>>delay=00:00:02, xdelay=00:00:00, mailer=smtp, pri=182102,
> > >>>relay=[{internal mail server}] [x.x.x.x], dsn=2.0.0, stat=Sent
> > >>>(Requested mail action okay, completed)
> > >>>
> > >>>Sometimes there will be multiple recipients, sometimes just one.  I
> > >>>have verified that there are no specific rules for any of the
> > >>>individual users, or the relay servers.  I'm not even sure if this is
> > >>>a Mailscanner issue or a sendmail issue at this point.  With the
> > >>>exception of these few messages, everything is working just as
> > >>>expected.
> > >>>
> > >>>Thanks in advance for any help!
> > >>>


Try 'chkconfig --list Mailscanner' and 'chkconfig --list sendmail' 
from the command line to see if you are starting up the two processes 
indepently.

Cheers! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dyioulos at FIRSTBHPH.COM  Tue Oct 11 21:02:26 2005
From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos)
Date: Thu Jan 12 21:30:56 2006
Subject: Errors when running --lint
Message-ID: <mailman.15974.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Tuesday October 11 2005 3:41 pm, Alex Neuman van der Hans wrote:
> Glenn Steen wrote:
> >On 10/10/05, Alex Neuman <alex@nkpanama.com> wrote:
> >>>DCC and Razor are no more free, razor hasn't been so for the past 2
> >>>years and dcc for about 4 months..
> >>>
> >>>Heres what you need to do:
> >>>Enable the DCC / RAZOR plugins in /etc/mail/spamassassin/v310.pre if you
> >>>qualify for their free usage policy OR comment out the erroneous lines
> >>>in spam.assassin.prefs.conf if you don't qualify.
> >>
> >>Anybody care to explain why/how DCC/Razor are not free? Are they "not
> >> free as in beer", "not free as in speech", or some other form of "not
> >> free"? Thanks...
> >
> >Excerpts from their sites
> >DCC: (in reverse order of appearance, for clarity)
> >...
> >The Distributed Checksum Clearinghouse source carries a license that
> >is free to organizations that do not sell filtering devices or
> >services except to their own users and that participate in the global
> >DCC network. (I.e. ISPs that use the DCC to filter mail for their own
> >users are intended to be covered in the free license.) You also can't
> >call it your own or blame anyone for using it.
> >...
> >Note that it has never been proper to sell the bandwidth and, most
> >important, human system administration work of the public DCC servers
> >to third parties. Sellers of products or services including the DCC
> >must provide DCC servers of their own or contracted from others. For
> >example, Commtouch operates DCC servers for its licensees.
> >...
> >Razor2: (More or less the total sum of
> >http://razor.sourceforge.net/docs/doc.php?type=text&name=SERVICE_POLICY)
> >...
> >Cloudmark SpamNet Service Policy
> >
> >V1.0
> >Aug 1, 2003
> >
> >SpamNet Service and Razor-Agents
> >
> >While Razor-Agents are distributed under the Artistic License and will
> >stay that way, the Cloudmark SpamNet service, a particular implementation
> >of a Razor-compliant back-end, is a commercial operation with maintenance
> >and support costs, and is no longer available for unlimited free use,
> >effective immediately.
> >
> >Use of the SpamNet service by Razor-agent-enabled software will remain
> >free for personal use, subject to capacity constraints that Cloudmark may
> >enforce against intensive users of the service as it sees fit.
> >
> >Distribution or use of the system in commercial embedded software
> >solutions is not free. All such access must be licensed by Cloudmark.
> >Organizations interested in working with Razor or with Cloudmark's
> >next-generation SpamNet client technologies should contact Cloudmark at
> >partners@cloudmark.com
> >...
> >
> >Just for completeness, lets add this blurb from the Pyzor website too:
> >...
> > Pyzor is a collaborative, networked system to detect and block spam
> >using identifying digests of messages.
> >
> >Pyzor initially started out to be merely a Python implementation of
> >Razor, but due to the protocol and the fact that Razor's server is not
> >Open Source or software libre, I decided to impelement Pyzor with a
> >new protocol and release the entire system as Open Source and software
> >libre.
> >
> >Since the entire system is released under the GPL, people are free to
> >host their own independent servers. Server peering is planned for a
> >future release.
> >...
> >
> >So of them, we have one GPL (but suffering from .... other problems...
> >Well, really just the scarcity of servers:-), one "free for YOUR
> >users, provided you SHARE", and one "free for personal use, but not
> >much else".
> >
> >This is enough "freedom" that I, for one, can use them. And it is
> >strongly suggested that all you who provide commercial anti-spam
> >services should be using the commercial offering for Razor and
> >participate with at least a server and/or a commercial license for
> >DCC, AFAICS.
> >
> >--
> >-- Glenn
> >email: glenn < dot > steen < at > gmail < dot > com
> >work: glenn < dot > steen < at > ap1 < dot > se
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
>
> Ok... So unless it's for my own personal use, pyzor is the only really
> "free" one. I'll look into setting up a service on my servers in order
> to help with the load.
>

<SNIP>

Not so.  Razor is available as long as it's not part of a solution that a fee 
is chared for.  So, even in a business environment, as long as no fee is 
being charged for Razor, it can legally be used.  This is as per vipul; it 
was posted here earlier.  Not sure about DCC, though.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Tue Oct 11 21:08:04 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:30:56 2006
Subject: OT: Email Etiquette Rant
Message-ID: <mailman.15975.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I haven't done one of these in a while, so if I forget anything obvious
please let me know:

<rant>

- please don't post HTML emails. They may seem appropriate for marketing
but they are not appropriate for a technical mailing list. Just because
your MUA can display them properly doesn't mean that mine can

- please don't put in 40 line disclaimers. We aren't going to read them
and as you are posting to a public mailing list they are a kind of pointless

- when replying to previous emails try "snipping". There's no point in
reposting several hundred lines of logs etc., to simply say two words

- Subject lines serve a purpose. Please use them and DO NOT hijack threads.

- Please read the MAQ/FAQ and other documentation. The most common
issues have been covered many times in the past.

- Wording your questions properly will help avoid getting "larted" /
"flamed"
 Please read http://www.catb.org/~esr/faqs/smart-questions.html if you
are unsure what this means.

- The output of MailScanner -v is useful.

- Help us help you. We cannot "guess" what you are doing or using. (see
above)

- Out of Office replies may serve a purpose but sending them to a
mailing list is _not_ it.

- If you insist on "protecting" yourself with CR whitelist the list.

- please don't "top post". There may be valid reasons for doing it in
some contexts, but if you're only sending a two liner do we really need
an entire copy of the last message to the list?

- Be patient. You may be having a rough day, but most regulars on the
list work for a living too

</rant>


-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From richard.siddall at ELIRION.NET  Tue Oct 11 21:17:42 2005
From: richard.siddall at ELIRION.NET (Richard Siddall)
Date: Thu Jan 12 21:30:56 2006
Subject: Razor/DCC license, was: Errors when running --lint
Message-ID: <mailman.15976.1137101456.24926.mailscanner@lists.mailscanner.info>

Dimitri Yioulos wrote:
[snip]
> 
> Not so.  Razor is available as long as it's not part of a solution that a fee 
> is chared for.  So, even in a business environment, as long as no fee is 
> being charged for Razor, it can legally be used.  This is as per vipul; it 
> was posted here earlier.  Not sure about DCC, though.
> 
> Dimitri
> 

DCC's about the same.  You read the license and conclude you can't use 
it.  You read the explanations of the license on the DCC mailing list by 
the person who wrote the license and conclude that you can.

So, it's not clear whether you can or you can't.  Probably best to run 
the license and the explanations past a lawyer.

Regards,

	Richard Siddall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jstork at pbco.ca  Tue Oct 11 21:19:27 2005
From: jstork at pbco.ca (Johnny Stork)
Date: Thu Jan 12 21:30:56 2006
Subject: How to accept all mail and forward to another SMTP server?
Message-ID: <mailman.15977.1137101456.24926.mailscanner@lists.mailscanner.info>

Currently we run a mail server called Scalix (server2) and run MailScanner for outgoing mail/SMTP traffic for scanning on another server (server3). I would like to setup this SMTP gateway server running MailScanner (server3) to accep all incoming mail for our domain, and after scanning route it back to the main, internal mail server, Scalix (server2).
 
 I know I can change sendmail to be setup to accept mail for the domain (pbco.ca), after I make the MX record changes for that domain, but how can I get MailScanner/Sendmail to accept all mail for a given domain without having to create users on that server for each email account? I just want MailScanner to accept all the mail, scan, process and then route to the Scalix server, where all the accounts actually do exist?
 
 Thanks for any help in advance :)
_______________________________ 
 Johnny Stork 
 Information & Technology Manager
 Provincial Blood Coordinating Office
 604-806-8840 
  
  
bsite!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Tue Oct 11 21:26:52 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:56 2006
Subject: How to accept all mail and forward to another SMTP server?
Message-ID: <mailman.15978.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have this exact setup. All the configuration to make mail forward to the end server is done in sendmail. You have to make an entry 
in the mailertable to send all email from that domain to the name of the other server. Be sure that your sendmail.cf has the 
mailertable feature enabled and be sure to run makemap on the mailertable file to get the appropriate db file.

Johnny Stork wrote:
> Currently we run a mail server called Scalix (server2) and run MailScanner for outgoing mail/SMTP traffic for scanning on another server (server3). I would like to setup this SMTP gateway server running MailScanner (server3) to accep all incoming mail for our domain, and after scanning route it back to the main, internal mail server, Scalix (server2).
>  
>  I know I can change sendmail to be setup to accept mail for the domain (pbco.ca), after I make the MX record changes for that domain, but how can I get MailScanner/Sendmail to accept all mail for a given domain without having to create users on that server for each email account? I just want MailScanner to accept all the mail, scan, process and then route to the Scalix server, where all the accounts actually do exist?
>  
>  Thanks for any help in advance :)
> _______________________________ 
>  Johnny Stork 
>  Information & Technology Manager
>  Provincial Blood Coordinating Office
>  604-806-8840 
>   
>   
> bsite!
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Tue Oct 11 21:30:28 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:30:56 2006
Subject: How to accept all mail and forward to another SMTP server?
Message-ID: <mailman.15979.1137101456.24926.mailscanner@lists.mailscanner.info>

If the gateway server is running sendmail simply add the following into
the mailertable (usually in /etc/mail/mailertable ):
domain.tld  esmtp:[destination]

The square brackets are required
Destination can be an IP address or hostname

Sendmail will check the mailertable and see that it is set to accept
mail for the domain, mailscanner will filter it and send on the "clean"
mail to the destination

HTH

Michele

Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike.patchen at GMAIL.COM  Tue Oct 11 21:36:10 2005
From: mike.patchen at GMAIL.COM (Mike Patchen)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15980.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 10/11/05, dnsadmin 1bigthink.com <dnsadmin@1bigthink.com> wrote:
>
> Try 'chkconfig --list Mailscanner' and 'chkconfig --list sendmail'
> from the command line to see if you are starting up the two processes
> indepently.
>

Confirmed:
sendmail        0:off  1:off  2:on  3:on  4:on  5:on  6:off
Mailscanner   0:off   1:off  2:on  3:on  4:on  5:on  6:off

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rob at THEHOSTMASTERS.COM  Tue Oct 11 21:44:16 2005
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15981.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "Windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It is now FromOrTo: and i have restarted mail scanner and it still removes 
.exe files that got through... unless this is another issue?? they need to 
transfer .exe files back and forth, would this be another modification 
rather than just turning off virus scanning for the domain in question?

Sorry if i did not mention this before...



Rob...

----- Original Message ----- 
From: "Alex Neuman van der Hans" <alex@NKPANAMA.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, October 11, 2005 3:43 PM
Subject: Re: Exclude domain from Virus scan...


> Rob wrote:
>
>> Hello all.. just tried this, and it did not work.... am i missing 
>> something?
>>
>> In a file located in /etc/Mailscanner/rules/virus.scanning.rules
>>
>> FromTo: *@domain1.com  no
>> FromTo: *@domain2.com    no
>> FromTo: default         yes
>
> It's From:, To:, or FromOrTo: - not FromTo:
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Tue Oct 11 21:37:29 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:56 2006
Subject: OT - Which greylist milter
Message-ID: <mailman.15982.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

James Gray wrote:
> On Wednesday 05 October 2005 09:02, Scott Silva wrote:
>> Just getting a feel at which greylist solutions are used by the esteemed
>> recipients of this list.
>> Especially interested in sendmail milters.
> 
> We use milter-greylist on both our sendmail gateways (one FreeBSD, the other 
> is CentOS).  Compiled the latest version from source so we can use extended 
> regex in our configuration files.  The results have been good:
> Spam reduction:  ~30-50%
> Virus reduction: ~15-20%
> (compared to total spam/viruses before the greylist, ie, not a %-age of total 
> mail volume).  As always, the biggest bonus is that all this happens at the 
> MTA level saving MailScanner the hassle.
> 
> The biggest problems we've had stem from the assumption amongst users that 
> e-mail is actually some sort of instant-messaging.  If a message didn't 
> arrive within X-seconds, they would log a help desk call!  Despite much 
> education and assurance that once the mail (sender+recipient+originating SMTP 
> host tuple) had been "learned" there would be no further delays as long as 
> the sender sent you mail at least once a month (our autolearned-whitelist 
> forgets unused entries older than 30 days).
> 
> Our solution was simply to not greylist mail from key clients' domains[1] and 
> to manually whitelist a few internal mail accounts (mostly sales people).  
> Beyond that, we simply ignored most cries for help from the user population 
> until after a week-or-so to give the greylist a chance to "learn" the mail 
> patterns.  Surprisingly, this worked - after a week, the flood of "my e-mail 
> hasn't arrived" messages dried up. :)

I've read somewhere that you could put greylisting in 'learn' mode. 
Woudln't that have helped?

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Tue Oct 11 21:57:32 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15983.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Try this section in the MailScanner.conf. Notice it says it will accept or reject regardless if it's infected.

I have my users put their .exe files within zips.

#
# Attachment Filename Checking
# ----------------------------
#

# Set where to find the attachment filename ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their name, regardless of
# whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
Filename Rules = %etc-dir%/filename.rules.conf

# Set where to find the attachment filetype ruleset.
# The structure of this file is explained elsewhere, but it is used to
# accept or reject file attachments based on their content as determined
# by the "file" command, regardless of whether they are infected or not.
#
# This can also point to a ruleset, but the ruleset filename must end in
# ".rules" so that MailScanner can determine if the filename given is
# a ruleset or not!
#
# To disable this feature, set this to just "Filetype Rules =" or set
# the location of the file command to a blank string.
Filetype Rules = %etc-dir%/filetype.rules.conf


Rob wrote:
> It is now FromOrTo: and i have restarted mail scanner and it still 
> removes .exe files that got through... unless this is another issue?? 
> they need to transfer .exe files back and forth, would this be another 
> modification rather than just turning off virus scanning for the domain 
> in question?
> 
> Sorry if i did not mention this before...
> 
> 
> 
> Rob...
> 
> ----- Original Message ----- From: "Alex Neuman van der Hans" 
> <alex@NKPANAMA.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Tuesday, October 11, 2005 3:43 PM
> Subject: Re: Exclude domain from Virus scan...
> 
> 
>> Rob wrote:
>>
>>> Hello all.. just tried this, and it did not work.... am i missing 
>>> something?
>>>
>>> In a file located in /etc/Mailscanner/rules/virus.scanning.rules
>>>
>>> FromTo: *@domain1.com  no
>>> FromTo: *@domain2.com    no
>>> FromTo: default         yes
>>
>>
>> It's From:, To:, or FromOrTo: - not FromTo:
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website! 
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct 11 21:59:19 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15984.1137101456.24926.mailscanner@lists.mailscanner.info>

On 11 Oct 2005, at 21:44, Rob wrote:

> It is now FromOrTo: and i have restarted mail scanner and it still  
> removes .exe files that got through... unless this is another  
> issue?? they need to transfer .exe files back and forth, would this  
> be another modification rather than just turning off virus scanning  
> for the domain in question?
>
> Sorry if i did not mention this before...

Yes this is another issue. Allowing (Or stopping) virus scanning will  
make no difference. You need to look at the file name/ type conf  
files (Search your MailScanner.conf for filename.rules.conf and  
filetypes.rules.conf for some details) also search the mailling list  
as this can be set up on a 'cascading' basis which Julian explained  
far better than I can :-) You might also have a look in the wiki.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From SJCJonker at SJC.NL  Tue Oct 11 22:08:57 2005
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:30:56 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15985.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mike,

Mike Patchen said the following on 11/10/2005 22:36:
> On 10/11/05, dnsadmin 1bigthink.com <dnsadmin@1bigthink.com> wrote:
> 
>>Try 'chkconfig --list Mailscanner' and 'chkconfig --list sendmail'
>>from the command line to see if you are starting up the two processes
>>indepently.
>>
> Confirmed:
> sendmail        0:off  1:off  2:on  3:on  4:on  5:on  6:off
> Mailscanner   0:off   1:off  2:on  3:on  4:on  5:on  6:off

As julian said, the sendmail process is started by mailscanner, the
follwing commands should fix your problem

chkconfig sendmail off
/etc/init.d/sendmail stop
/etc/init.d/Mailscanner stop
sleep 10
/etc/init.d/Mailscanner start

(And i like this one:)
chmod 0000 /etc/init.d/sendmail

Just to be sure.

Stijn

-- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dyioulos at FIRSTBHPH.COM  Tue Oct 11 22:37:25 2005
From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos)
Date: Thu Jan 12 21:30:56 2006
Subject: Passworded zip files denied
Message-ID: <mailman.15986.1137101456.24926.mailscanner@lists.mailscanner.info>

Hello to all.

Recently, I had occasion to receive an email with a  password-protected zip 
file attached.  MailScanner wouldn't let that piece of mail through.  I 
looked in filename.rules.conf and filetype.rules.conf, but couldn't see any 
(obvious) rule which was casing this to happen.  Can anyone tell me how to 
allow mail with password-protected zip files to pass unimpeded?

Thanks.

Dimitri

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cstone at AXINT.NET  Tue Oct 11 22:43:21 2005
From: cstone at AXINT.NET (Chris Stone)
Date: Thu Jan 12 21:30:56 2006
Subject: Passworded zip files denied
Message-ID: <mailman.15987.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 11 October 2005 03:37 pm, Dimitri Yioulos wrote:
> Recently, I had occasion to receive an email with a  password-protected zip
> file attached.  MailScanner wouldn't let that piece of mail through.  I
> looked in filename.rules.conf and filetype.rules.conf, but couldn't see any
> (obvious) rule which was casing this to happen.  Can anyone tell me how to
> allow mail with password-protected zip files to pass unimpeded?

In MailScanner.conf:

# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = yes

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDTDH5G4PxJjbMvv0RAleIAJ9x4DhXMFeHLZ/wCCx7frFc+UKf7gCfUR9G
7aN7XlaYlP2vZlnGnEYGq4Q=
=nzSp
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dyioulos at FIRSTBHPH.COM  Tue Oct 11 22:55:24 2005
From: dyioulos at FIRSTBHPH.COM (Dimitri Yioulos)
Date: Thu Jan 12 21:30:56 2006
Subject: Passworded zip files denied
Message-ID: <mailman.15988.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Arrrgh.  Thanks, Chris, for your patience with a fool who didn't look closely 
enough.

Dimitri

On Tuesday October 11 2005 5:43 pm, Chris Stone wrote:
> On Tuesday 11 October 2005 03:37 pm, Dimitri Yioulos wrote:
> > Recently, I had occasion to receive an email with a  password-protected
> > zip file attached.  MailScanner wouldn't let that piece of mail through. 
> > I looked in filename.rules.conf and filetype.rules.conf, but couldn't see
> > any (obvious) rule which was casing this to happen.  Can anyone tell me
> > how to allow mail with password-protected zip files to pass unimpeded?
>
> In MailScanner.conf:
>
> # Should archives which contain any password-protected files be allowed?
> # Leaving this set to "no" is a good way of protecting against all the
> # protected zip files used by viruses at the moment.
> # This can also be the filename of a ruleset.
> Allow Password-Protected Archives = yes
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From brad at BECKENHAUER.COM  Tue Oct 11 23:17:26 2005
From: brad at BECKENHAUER.COM (brad@beckenhauer.com)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15989.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rob, 
Julian posted a great message about this back at the end of June.  

Martin Hepworth created a wiki page based on that email.  Read it a couple of times.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading

Essentially, it sounds as if you're going to want to ALLOW ".exe" files only between the two specified domains.  So, using the wiki as a reference:


MailScanner.conf:
Filename Rules = %rules-dir%/filename.rules

%rules-dir%/filename.rules:
To: *@domain1.tld  and From: *@domain2.tld  /etc/MailScanner/filename.domain1.tld.conf  /etc/MailScanner/filename.rules.conf

To: *@domain2.tld  and From: *@domain1.tld  /etc/MailScanner/filename.domain2.tld.conf  /etc/MailScanner/filename.rules.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf


/etc/MailScanner/filename.domain1.tld.conf:
allow   \.exe$          Windows/DOS Exe's   Exe's DOS/Windows programs are dangerous in email


/etc/MailScanner/filename.domain2.tld.conf:
allow   \.exe$          Windows/DOS Exe's   Exe's DOS/Windows programs are dangerous in email

Enjoy.
Brad


>>> Rob<rob@THEHOSTMASTERS.COM> 10/11/2005 3:44:16 PM >>>
It is now FromOrTo: and i have restarted mail scanner and it still removes 
.exe files that got through... unless this is another issue?? they need to 
transfer .exe files back and forth, would this be another modification 
rather than just turning off virus scanning for the domain in question?

Sorry if i did not mention this before...



Rob...

----- Original Message ----- 
From: "Alex Neuman van der Hans" <alex@NKPANAMA.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, October 11, 2005 3:43 PM
Subject: Re: Exclude domain from Virus scan...


> Rob wrote:
>
>> Hello all.. just tried this, and it did not work.... am i missing 
>> something?
>>
>> In a file located in /etc/Mailscanner/rules/virus.scanning.rules
>>
>> FromTo: *@domain1.com  no
>> FromTo: *@domain2.com    no
>> FromTo: default         yes
>
> It's From:, To:, or FromOrTo: - not FromTo:
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jstork at pbco.ca  Wed Oct 12 06:10:27 2005
From: jstork at pbco.ca (Johnny Stork)
Date: Thu Jan 12 21:30:56 2006
Subject: How to accept all mail and forward to another SMTP server?
Message-ID: <mailman.15990.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I seem to be getting close, mail is getting picked up and scanned by the MailScanner server, and it is getting routed to the Scalix server (192.168.1.3) but I am getting an error and the mail is returned
 
 (myserver.mydomain.ca edited to hide the real hostname)
 
 myserver.mydomain.ca [192.168.1.3] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
 
 I tried adding the Mailscanner server into the accepted relay list but still the same message?
 
----- Original Message -----
From: Michele Neylon:: Blacknight.ie 
Sent: Tue Oct 11 2005 13:38:50 GMT-0700 (Pacific Daylight Time)
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: How to accept all mail and forward to another SMTP server?

If the gateway server is running sendmail simply add the following into
the mailertable (usually in /etc/mail/mailertable ):
domain.tld  esmtp:[destination]

The square brackets are required
Destination can be an IP address or hostname

Sendmail will check the mailertable and see that it is set to accept
mail for the domain, mailscanner will filter it and send on the "clean"
mail to the destination

HTH

Michele

Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Oct 12 08:12:15 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:56 2006
Subject: Errors when running --lint
Message-ID: <mailman.15991.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 11/10/05, Dimitri Yioulos <dyioulos@firstbhph.com> wrote:
> On Tuesday October 11 2005 3:41 pm, Alex Neuman van der Hans wrote:
> > Glenn Steen wrote:
(snip)
> > >DCC: (in reverse order of appearance, for clarity)
> > >...
(snip)
> > >DCC network. (I.e. ISPs that use the DCC to filter mail for their own
> > >users are intended to be covered in the free license.) You also can't
(snip)
> > Ok... So unless it's for my own personal use, pyzor is the only really
> > "free" one. I'll look into setting up a service on my servers in order
> > to help with the load.

If "freedom to use" isn't enough, then yes. As usual, when someone is
giving away the fruit of their labour with a specific recipient crowd
in mind (or rather, wanting to exclude some specific types of sharks),
the wording can be less than clear.
I'm not sure Pyzor is able to function with a "load-balancing" set of
servers ... yet. But any effort to make it a better service is
commendable.

> <SNIP>
>
> Not so.  Razor is available as long as it's not part of a solution that a fee
> is chared for.  So, even in a business environment, as long as no fee is
> being charged for Razor, it can legally be used.  This is as per vipul; it
> was posted here earlier.  Not sure about DCC, though.
>
> Dimitri
>
It's all in the wording there ... "fee being charged for service"...
In a "business" (like mine) that simply use it for our own end, no
revenue from it, sure. I'm less clear on ISPs or others though. Might
be that the intention is pretty much the same as for DCC, that
benevolent ISPs (and similar) should be allowed to use it free of
charge.

Anyway, giving something back to these people wouldn't be a bad idea
(sort of like the consensus here regarding supporting Jules), if one
has the budget and thinks they've been helpful in protecting ones
environment.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Q.G.Campbell at NEWCASTLE.AC.UK  Wed Oct 12 09:24:34 2005
From: Q.G.Campbell at NEWCASTLE.AC.UK (Quentin Campbell)
Date: Thu Jan 12 21:30:56 2006
Subject: Beta release 4.47.1 - auto-update phishing sites list
Message-ID: <mailman.15992.1137101456.24926.mailscanner@lists.mailscanner.info>

Julian

Have been running MailScanner-4.47.1-1 on one of our production Mail
Hubs without obvious problems.

The "phishing.safe.sites.conf" file was updated overnight.

MS installed on this RH AS4 system as usual without any problems.

Quentin
---
PHONE: +44 191 222 8209    Information Systems and Services (ISS),
                           University of Newcastle,
                           Newcastle upon Tyne,
FAX:   +44 191 222 8765    United Kingdom, NE1 7RU.
------------------------------------------------------------------------
Any opinion expressed above is mine. The University can get its own. 
 

>-----Original Message-----
>From: MailScanner mailing list 
>[mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Julian Field
>Sent: 09 October 2005 15:54
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Beta release 4.47.1 - auto-update phishing sites list
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I have just released the first beta release of 4.47.
>
>The main new feature here is to automatically update the 
>phishing.safe.sites.conf file every day.
>All your local changes will be kept, so there is no need to change how 
>you use the file at all.
>
>But if you post me details of new additions to the file, I 
>will add them 
>to the master list, and they will appear in everyone's list 
>within a day.
>
>If sites are added to the master list which turn out to be 
>false, then I 
>can just add a "REMOVE site.com" line to the master file and that will 
>be removed from everyone's whitelist. So if you don't approve 
>of one of 
>my additions, you can add your own "REMOVE site.com" line so you don't 
>use my listing for that site.com.
>
>So it's all pretty safe, and it should be impossible to subvert it. I 
>personally vet every application to add a host to the list. But if I 
>list one I shouldn't, then it is very easy for me (or you) to 
>undo this 
>with the "REMOVE" syntax.
>
>I hope you all find this useful and will upgrade to the new release at 
>the start of November.
>
>In the mean time, I would be eternally grateful if you could test this 
>new feature for me.
>
>- -- 
>Julian Field
>www.MailScanner.info
>Buy the MailScanner book at www.MailScanner.info/store
>Professional Support Services at www.MailScanner.biz
>MailScanner thanks transtec Computers for their support
>
>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP Desktop 9.0.2 (Build 2424)
>
>iQA/AwUBQ0kvCxH2WUcUFbZUEQLvGgCg1IspN/sNwIq0mFDy1UhNNU7YjucAoLag
>vdiHXNMXB4W3BMpNPQ3TKrfS
>=HM+x
>-----END PGP SIGNATURE-----
>
>-- 
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rob at THEHOSTMASTERS.COM  Wed Oct 12 14:41:40 2005
From: rob at THEHOSTMASTERS.COM (Rob)
Date: Thu Jan 12 21:30:56 2006
Subject: Exclude domain from Virus scan...
Message-ID: <mailman.15993.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

That did it!!
thanks guys.....

I really appreciate all the help...

:)

Rob...

----- Original Message ----- 
From: "brad@beckenhauer.com" <brad@BECKENHAUER.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, October 11, 2005 6:17 PM
Subject: Re: Exclude domain from Virus scan...


Rob,
Julian posted a great message about this back at the end of June.

Martin Hepworth created a wiki page based on that email.  Read it a couple 
of times.

http://wiki.mailscanner.info/doku.php?id=documentation:configuration:rulesets:overloading

Essentially, it sounds as if you're going to want to ALLOW ".exe" files only 
between the two specified domains.  So, using the wiki as a reference:


MailScanner.conf:
Filename Rules = %rules-dir%/filename.rules

%rules-dir%/filename.rules:
To: *@domain1.tld  and From: *@domain2.tld 
/etc/MailScanner/filename.domain1.tld.conf 
/etc/MailScanner/filename.rules.conf

To: *@domain2.tld  and From: *@domain1.tld 
/etc/MailScanner/filename.domain2.tld.conf 
/etc/MailScanner/filename.rules.conf
FromOrTo: default /etc/MailScanner/filename.rules.conf


/etc/MailScanner/filename.domain1.tld.conf:
allow   \.exe$          Windows/DOS Exe's   Exe's DOS/Windows programs are 
dangerous in email


/etc/MailScanner/filename.domain2.tld.conf:
allow   \.exe$          Windows/DOS Exe's   Exe's DOS/Windows programs are 
dangerous in email

Enjoy.
Brad


>>> Rob<rob@THEHOSTMASTERS.COM> 10/11/2005 3:44:16 PM >>>
It is now FromOrTo: and i have restarted mail scanner and it still removes
.exe files that got through... unless this is another issue?? they need to
transfer .exe files back and forth, would this be another modification
rather than just turning off virus scanning for the domain in question?

Sorry if i did not mention this before...



Rob...

----- Original Message ----- 
From: "Alex Neuman van der Hans" <alex@NKPANAMA.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, October 11, 2005 3:43 PM
Subject: Re: Exclude domain from Virus scan...


> Rob wrote:
>
>> Hello all.. just tried this, and it did not work.... am i missing
>> something?
>>
>> In a file located in /etc/Mailscanner/rules/virus.scanning.rules
>>
>> FromTo: *@domain1.com  no
>> FromTo: *@domain2.com    no
>> FromTo: default         yes
>
> It's From:, To:, or FromOrTo: - not FromTo:
>
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Wed Oct 12 15:49:06 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:30:56 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.15994.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Craig White wrote:

>most modern mail programs have 'reply to list' so that shouldn't be such
>a big problem but I agree, I sometimes forget and reply to previous
>sender and not list.
>
>Craig
>
>
>  
>
Thunderbird's pretty modern and, to my knowledge, doesn't have it. I 
have to "reply all" then delete the poster's address.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From DCurtis at SBSCHOOLS.NET  Wed Oct 12 17:13:25 2005
From: DCurtis at SBSCHOOLS.NET (David Curtis)
Date: Thu Jan 12 21:30:56 2006
Subject: SQL logging and reporting.
Message-ID: <mailman.15995.1137101456.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This is the first time I have attempted to setup mysql logging with
mailscanner. I have the logging working. My question is do I have to
change any thing for reporting to continue to work?
 
Thanks in advance.




______________________________________________________________
______________________________________________________________
This email may contain information protected under the Family
Educational Rights and Privacy Act (FERPA) or the Health Insurance
Portability and Accountability Act (HIPAA). If this email contains
confidential and/or privileged health or student information and you
are not entitled to access such information under FERPA or HIPAA,
federal regulations require that you destroy this email without
reviewing it and you may not forward it to anyone.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From SJCJonker at SJC.NL  Wed Oct 12 22:07:25 2005
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:30:57 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15996.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello Mike & The list,

On 12-Oct-2005 20:04, Mike Patchen wrote:
> On 10/11/05, Stijn Jonker <SJCJonker@sjc.nl> wrote:
>> Mike,
>>
>> Mike Patchen said the following on 11/10/2005 22:36:
>>> On 10/11/05, dnsadmin 1bigthink.com <dnsadmin@1bigthink.com> wrote:
>>>
>>>> Try 'chkconfig --list Mailscanner' and 'chkconfig --list sendmail'
>>> >from the command line to see if you are starting up the two processes
>>>> indepently.
>>>>
>>> Confirmed:
>>> sendmail        0:off  1:off  2:on  3:on  4:on  5:on  6:off
>>> Mailscanner   0:off   1:off  2:on  3:on  4:on  5:on  6:off

>> As julian said, the sendmail process is started by mailscanner, the
>> follwing commands should fix your problem
>>
>> chkconfig sendmail off
>> /etc/init.d/sendmail stop
>> /etc/init.d/Mailscanner stop
>> sleep 10
>> /etc/init.d/Mailscanner start
>>
>> (And i like this one:)
>> chmod 0000 /etc/init.d/sendmail

> OK, I now know one of my problems.  I had been using the tarball for
> my install, and did not have the actual init.d scripts.  I have
> installed the init.d scripts from the rpm and modified them to match
> my paths (not other modifications).  I now have sendmail starting from
> withing the Mailscanner script, and have confirmed that it is not
> starting anywhere else (command mentioned above have been executed). 
> I am still seeing the problem, though :-(

I'm not a 100% sure, if mail is still bypassing MailScanner it looks
like something else is handling the email. To rule out other mailers,
could you run:
"lsof -i4tcp:25 -n -P"

And provide the output? Next to this could you also provide the output of:
"ps -eaf | grep -i -e sendmail \
	-e mailscanner \
	-e qmail \
	-e exim \
	-e master \
	-e qmgr"

Stijn
-- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From SJCJonker at SJC.NL  Wed Oct 12 22:45:02 2005
From: SJCJonker at SJC.NL (Stijn Jonker)
Date: Thu Jan 12 21:30:57 2006
Subject: Messages not getting scanned
Message-ID: <mailman.15997.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Mike,

First off all please leave the list in, I'm not all knowing...

On 12-Oct-2005 23:20, Mike Patchen wrote:
> On 10/12/05, Stijn Jonker <SJCJonker@sjc.nl> wrote:
>> Hello Mike & The list,
> 
>> I'm not a 100% sure, if mail is still bypassing MailScanner it looks
>> like something else is handling the email. To rule out other mailers,
>> could you run:
>> "lsof -i4tcp:25 -n -P"
>>
>> And provide the output? Next to this could you also provide the output of:
>> "ps -eaf | grep -i -e sendmail \
>>         -e mailscanner \
>>         -e qmail \
>>         -e exim \
>>         -e master \
>>         -e qmgr"
>>
>> Stijn
>> --
>> Met Vriendelijke groet/Yours Sincerely
>> Stijn Jonker <SJCJonker@sjc.nl>
>>
> 
> Output of lsof:
> [root@mail 20051012]# lsof -i4tcp:25 -n -P
> COMMAND    PID USER   FD   TYPE    DEVICE SIZE NODE NAME
> sendmail  7934 root    4u  IPv4 719480370       TCP *:25 (LISTEN)
<<SNIP>>
> 
> And the ps command:
> [root@mail 20051012]# ps -eaf | grep -i -e sendmail -e mailscanner -e
> qmail -e exim -e master -e qmgr
<<OUTPUT REMOVED, Looked normal>>

How do you determine it's bypassing mailscanner, are you 100% sure it's
not bypassing it through a secondary mailserver, firewall hole or
something else?

Stijn



-- 
Met Vriendelijke groet/Yours Sincerely
Stijn Jonker <SJCJonker@sjc.nl>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lhaig at HAIGMAIL.COM  Thu Oct 13 06:59:50 2005
From: lhaig at HAIGMAIL.COM (Lance Haig)
Date: Thu Jan 12 21:30:57 2006
Subject: I error with SA
Message-ID: <mailman.15998.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

Not knowing much about SA my rulesdujure sent me this error

Lint output: [5426] warn: config: warning: score set for non-existent rule RCVD_IN_RSL
[5426] warn: lint: 1 issues detected, please rerun with debug enabled for more information

what can I do to repair this?

Thanks Guys

Lance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 13 08:58:50 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: I error with SA
Message-ID: <mailman.15999.1137101457.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

This is a rule in an old spam.assassin.prefs.conf file. Just remove  
the RCVD_IN_RSL line(s) from that file.

On 13 Oct 2005, at 06:59, Lance Haig wrote:

> Hi,
>
> Not knowing much about SA my rulesdujure sent me this error
>
> Lint output: [5426] warn: config: warning: score set for non- 
> existent rule RCVD_IN_RSL
> [5426] warn: lint: 1 issues detected, please rerun with debug  
> enabled for more information
>
> what can I do to repair this?
>
> Thanks Guys
>
> Lance
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ04Tvfw32o+k+q+hAQFV4wgAp/JDHdoGjPUB6f3Oa/HNsYt6Tl+7Saba
qRGVDY5TpaBdh1k8u/x2YnrWnUg7pGNhEXrJw5fUMIaoSRlKwQnBJIZoTbYjfpWW
aQVxn59zTbMxps7gnCOpNGau+Srz6Yx31yJTAUVz46bkytg7ef0dzpp/W19nYsJ1
UgWXGAPCxwlQCa5gd5U2FwJ0X9uig0kWzwbmF4GA/YjF67JB03unb/Pu/Ib+xEpb
14mdodNaolpbSoPQipAotxZ0DQrblTb10BEj3b6LHOx88CfKCjgR40hvD09MzLws
9VV8ecPq0104u3O9rS8S6sSY0nd29F0Ma2ckrOP082lqcteBzd7vug==
=WwZC
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Thu Oct 13 09:15:11 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16000.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dear list,
 i'm involved in a revision of the filename rules applied to my domain.
Specifically the rumors were around the last rule, the "double dot deny" 
(MS default choice),  believed too strict and unuseful if catching also 
exes and scripts .

What is the community opinion about that rule ?

Thanks.

-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Thu Oct 13 09:42:09 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16001.1137101457.24926.mailscanner@lists.mailscanner.info>

Hi

Double file extensions still catch anough viruses etc for me before the AV
people update to it useful..

This then becomes an education issue... advise people not to put dots in
filesnames as many anti-virus gateways will not them through as they are a
potential virus.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Rabellino Sergio
> Sent: 13 October 2005 09:15
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Best practice
> 
> Dear list,
>  i'm involved in a revision of the filename rules applied to my domain.
> Specifically the rumors were around the last rule, the "double dot deny"
> (MS default choice),  believed too strict and unuseful if catching also
> exes and scripts .
> 
> What is the community opinion about that rule ?
> 
> Thanks.
> 
> --
> Dott. Mag. Sergio Rabellino
> 
>  Technical Staff
>  Department of Computer Science
>  University of Torino (Italy)
> 
> http://www.di.unito.it/~rabser
> Tel. +39-0116706701
> Fax. +39-011751603
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Thu Oct 13 10:36:12 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16002.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Martin Hepworth wrote:

>Hi
>
>Double file extensions still catch anough viruses etc for me before the AV
>people update to it useful..
>
>This then becomes an education issue... advise people not to put dots in
>filesnames as many anti-virus gateways will not them through as they are a
>potential virus.
>
>--
>Martin Hepworth 
>Snr Systems Administrator
>Solid State Logic
>Tel: +44 (0)1865 842300
>
>  
>
Ho do you feel about  mycode.c.old or mydocs.tar.gz, or 
mydata.20051009.txt ???

It's hard tell anyone that he can't send a project in development to 
someone else because there are double dotted filenames, without concerning
the real content.

This was the start point for our discussion, then my doubt on that rule. 
Could  be a 'better performance' rule, but there are real attacks 
catched ONLY by that rule ?

For now i've not found any attacks singularly catched by the double-dot 
rule, but...

-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From richard.gray at DNS.CO.UK  Thu Oct 13 10:59:43 2005
From: richard.gray at DNS.CO.UK (Gray, Richard)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16003.1137101457.24926.mailscanner@lists.mailscanner.info>

> This was the start point for our discussion, then my doubt on 
> that rule. 
> Could  be a 'better performance' rule, but there are real 
> attacks catched ONLY by that rule ?
> 

Its Defence In Depth. You're right that their nearly always caught by
something else (a lot of ours are stopped by spam filters and RBLs) but
there is always a possibility that one will slip through, however remote
the chance may be.

Its like all these defences, you have to weigh up whats more important,
and make a decision based on that. If you are getting major grief for
double dot viruses, then IMHO you're probably safe to take them out. You
could mitigate the risk by using a heuristic virus scanner. This might
increase the number of FPs that you get, but lowers the risk of a double
dotted 0-day virus coming in.

Your choice really.

R  
________________________________

richard gray
dns ltd
 
83 princes street, edinburgh, eh2 2er
 
t:      +44 (0) 870 085 8555 
f:      +44 (0) 870 085 8556
m:    +44 (0) 777 569 2145
w:     http://www.dns.co.uk/ 

-----------------------
This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses.

For further information contact email-integrity@dns.co.uk

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From a.peacock at CHIME.UCL.AC.UK  Thu Oct 13 11:53:42 2005
From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16004.1137101457.24926.mailscanner@lists.mailscanner.info>

Hi,

> Hi
> 
> Double file extensions still catch anough viruses etc for me before
> the AV people update to it useful..
> 
> This then becomes an education issue... advise people not to put dots
> in filesnames as many anti-virus gateways will not them through as
> they are a potential virus.

<SNIP>

I agree that it is an education issue.  I have managed to convince 
most of my users that email is not a file transfer medium.  Yes, it 
is convenient to send small files as attachments to emails, but if 
people are regularly sending project related files to each other they 
should be picking a more suitable mechanism.

-- 
Anthony Peacock       
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
"In the beginning of a change, the patriot is a brave and 
scarce man, hated and scorned. When the cause succeeds, however, 
the timid join him...for then it costs nothing to be a 
patriot." -Mark Twain

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lhaig at HAIGMAIL.COM  Thu Oct 13 13:10:58 2005
From: lhaig at HAIGMAIL.COM (Lance Haig)
Date: Thu Jan 12 21:30:57 2006
Subject: I error with SA
Message-ID: <mailman.16005.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks Julian.

I have just upgraded with your install package

Lance

Julian Field wrote:

 -----BEGIN PGP SIGNED MESSAGE-----

This is a rule in an old spam.assassin.prefs.conf file. Just remove  
the RCVD_IN_RSL line(s) from that file.

On 13 Oct 2005, at 06:59, Lance Haig wrote:

  

 Hi,

Not knowing much about SA my rulesdujure sent me this error

Lint output: [5426] warn: config: warning: score set for non- 
existent rule RCVD_IN_RSL
[5426] warn: lint: 1 issues detected, please rerun with debug  
enabled for more information

what can I do to repair this?

Thanks Guys

Lance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    

 - -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ04Tvfw32o+k+q+hAQFV4wgAp/JDHdoGjPUB6f3Oa/HNsYt6Tl+7Saba
qRGVDY5TpaBdh1k8u/x2YnrWnUg7pGNhEXrJw5fUMIaoSRlKwQnBJIZoTbYjfpWW
aQVxn59zTbMxps7gnCOpNGau+Srz6Yx31yJTAUVz46bkytg7ef0dzpp/W19nYsJ1
UgWXGAPCxwlQCa5gd5U2FwJ0X9uig0kWzwbmF4GA/YjF67JB03unb/Pu/Ib+xEpb
14mdodNaolpbSoPQipAotxZ0DQrblTb10BEj3b6LHOx88CfKCjgR40hvD09MzLws
9VV8ecPq0104u3O9rS8S6sSY0nd29F0Ma2ckrOP082lqcteBzd7vug==
=WwZC
-----END PGP SIGNATURE-----

  


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From lhaig at HAIGMAIL.COM  Thu Oct 13 13:23:51 2005
From: lhaig at HAIGMAIL.COM (Lance Haig)
Date: Thu Jan 12 21:30:57 2006
Subject: I error with SA
Message-ID: <mailman.16006.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What I meant was

I had installed the new package and MS and then this error started so it
might be in the spamassassin.conf that is in your package

Lance

Lance Haig wrote:
      Thanks Julian.

      I have just upgraded with your install package

      Lance

      Julian Field wrote:

 -----BEGIN PGP SIGNED MESSAGE-----

This is a rule in an old spam.assassin.prefs.conf file. Just remove  
the RCVD_IN_RSL line(s) from that file.

On 13 Oct 2005, at 06:59, Lance Haig wrote:

  

 Hi,

Not knowing much about SA my rulesdujure sent me this error

Lint output: [5426] warn: config: warning: score set for non- 
existent rule RCVD_IN_RSL
[5426] warn: lint: 1 issues detected, please rerun with debug  
enabled for more information

what can I do to repair this?

Thanks Guys

Lance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    

 - -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ04Tvfw32o+k+q+hAQFV4wgAp/JDHdoGjPUB6f3Oa/HNsYt6Tl+7Saba
qRGVDY5TpaBdh1k8u/x2YnrWnUg7pGNhEXrJw5fUMIaoSRlKwQnBJIZoTbYjfpWW
aQVxn59zTbMxps7gnCOpNGau+Srz6Yx31yJTAUVz46bkytg7ef0dzpp/W19nYsJ1
UgWXGAPCxwlQCa5gd5U2FwJ0X9uig0kWzwbmF4GA/YjF67JB03unb/Pu/Ib+xEpb
14mdodNaolpbSoPQipAotxZ0DQrblTb10BEj3b6LHOx88CfKCjgR40hvD09MzLws
9VV8ecPq0104u3O9rS8S6sSY0nd29F0Ma2ckrOP082lqcteBzd7vug==
=WwZC
-----END PGP SIGNATURE-----

  


      --
      This message has been scanned for viruses and
      dangerous content by Red Armour MailScanner, and is
      believed to be clean.


      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From ebruce at HPMICH.COM  Thu Oct 13 13:47:11 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16007.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Anthony Peacock wrote:
> <snip snip here and a snip snip there>
> <SNIP>
>
> I agree that it is an education issue.  I have managed to convince 
> most of my users that email is not a file transfer medium.  Yes, it 
> is convenient to send small files as attachments to emails, but if 
> people are regularly sending project related files to each other they 
> should be picking a more suitable mechanism.
>
>   

I'll 2nd this and add thats what ftp and scp are for.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike.patchen at GMAIL.COM  Thu Oct 13 13:49:10 2005
From: mike.patchen at GMAIL.COM (Mike Patchen)
Date: Thu Jan 12 21:30:57 2006
Subject: Messages not getting scanned
Message-ID: <mailman.16008.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 10/12/05, Stijn Jonker <SJCJonker@sjc.nl> wrote:
> Mike,
>
> First off all please leave the list in, I'm not all knowing...
>
> On 12-Oct-2005 23:20, Mike Patchen wrote:
> > On 10/12/05, Stijn Jonker <SJCJonker@sjc.nl> wrote:
> >> Hello Mike & The list,
> >
> >> I'm not a 100% sure, if mail is still bypassing MailScanner it looks
> >> like something else is handling the email. To rule out other mailers,
> >> could you run:
> >> "lsof -i4tcp:25 -n -P"
> >>
> >> And provide the output? Next to this could you also provide the output of:
> >> "ps -eaf | grep -i -e sendmail \
> >>         -e mailscanner \
> >>         -e qmail \
> >>         -e exim \
> >>         -e master \
> >>         -e qmgr"
> >>
> >> Stijn
> >> --
> >> Met Vriendelijke groet/Yours Sincerely
> >> Stijn Jonker <SJCJonker@sjc.nl>
> >>
> >
> > Output of lsof:
> > [root@mail 20051012]# lsof -i4tcp:25 -n -P
> > COMMAND    PID USER   FD   TYPE    DEVICE SIZE NODE NAME
> > sendmail  7934 root    4u  IPv4 719480370       TCP *:25 (LISTEN)
> <<SNIP>>
> >
> > And the ps command:
> > [root@mail 20051012]# ps -eaf | grep -i -e sendmail -e mailscanner -e
> > qmail -e exim -e master -e qmgr
> <<OUTPUT REMOVED, Looked normal>>
>
> How do you determine it's bypassing mailscanner, are you 100% sure it's
> not bypassing it through a secondary mailserver, firewall hole or
> something else?
>
> Stijn
>
>
>
> --
> Met Vriendelijke groet/Yours Sincerely
> Stijn Jonker <SJCJonker@sjc.nl>
>

Stijn, and all,

Firstly, I apologize for not watching my reply address closer.  You
would think gmail would be smart enough to figure out how to respond
to a mailing list.

On to the question at hand.  I have determined the bypass by watching
the logs (looking for a needle in a haystack).  I will see the message
picked up by the sendmail deamon, dropped into the queue directory,
then delivered to the destination all within a second or two.  When I
watch scanned messages on the same server, there is a delay of at
least 5 seconds between the receipt of the message and delivery
(usually a little longer, but 5 seconds was the least I have noticed).

As far as some secondary mailserver, the only mta installed on this
machine is sendmail.  Not sure how a firewall hole would allow some
messages to be scanned, but not others.  And for anything else, that
is why I am asking.  What else can I look for?  What else might be
there that would be causing this?


Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Thu Oct 13 13:55:27 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:30:57 2006
Subject: LDAP script for Active Directory (also, Wiki) - my fault
Message-ID: <mailman.16009.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Buggar, i was hosting that. Sorry i moved web hosts and didnt move those 
files, i will sort it out over the weekend.
Pete

Steve Freegard wrote:
> Hi Chris,
> 
> On Mon, 2005-10-10 at 09:34 -0700, Chris W. Parker wrote:
> 
>>Hello,
>>
>>I was just reading through
>>http://wiki.mailscanner.info/doku.php?id=maq:index#using_with_exchange_d
>>omino_etc and to my dismay found out that there is no link to the
>>appropriate article where Exchange is concerned.
>>
>>However, on
>>http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta
>>:postfix:how_to:reject_non_existent_users#ms_exchange there is a link to
>>some documentation for Postfix and Exchange that can be applied to
>>sendmail too.
>>
>>For anyone out there that is using MailScanner as a gateway with
>>sendmail in front of Exchange I would be very appreciative of a working
>>script to query valid user email addresses.
>>
> 
> 
> If you are using Exchange 2003 - then I can thoroughly recommend
> milter-ahead instead of directly querying Active Directory.
> 
> This is a call-ahead type milter that you can implement on the gateway
> which then keeps a cache of the lookups for a configurable number of
> days.  I prefer this as it's really easy to set-up and has no chance of
> bogging down your domain controllers or slowing mail delivery if AD is
> busy etc.
> 
> See http://www.fsl.com/support/Milter-Ahead-Exchange-Settings.pdf for
> details on setting this up.
> 
> Hope this helps.
> 
> Cheers,
> Steve.
> 
> --
> Steve Freegard
> Fort Systems
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From aslan at AEON.COM.BR  Thu Oct 13 14:03:22 2005
From: aslan at AEON.COM.BR (Aslan Carlos de Medeiros Ramos)
Date: Thu Jan 12 21:30:57 2006
Subject: Traffic Backup for security propose.
Message-ID: <mailman.16010.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sorry, That one was my first email for the list.
I use Evolution it`s my favourite, but this mail aslan@aeon.com.br is my
work mail and it`s necessery
reply to one general email for anyone in my sector recives it.

Sorry again, I disabled this options one time I`ll send email for the
list.
Thanks so much for all help .

Aslan Carlos M. Ramos
LPC 1 . LPIC 2
Linux Administrator 
Aeon Technologies
www.aeon.com.br

On Tue, 2005-10-11 at 23:31 -0700, Craig White wrote:

 On Tue, 2005-10-11 at 14:15 -0500, Alex Neuman van der Hans wrote:
> Julian Field wrote:
> 
> >
> > And please always set your reply-to to be the mailing list (or don't 
> > set it at all). There is little point having a discussion in replies 
> > are not sent to the list. And people like me get very annoyed having 
> > to add the list address to the recipient list of all the replies to 
> > people like you.
> >
> Another thing I hate about other mailing lists. I'd rather put up with 
> the occasional out-of-office reply than have to "reply all", "copy and 
> paste" etc. - mailing list discussions are just that - discussions - and 
> replies should go to the list.
----
most modern mail programs have 'reply to list' so that shouldn't be such
a big problem but I agree, I sometimes forget and reply to previous
sender and not list.

Craig


-
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, "This is a digitally signed message part"  ]
    [ Application/PGP-SIGNATURE  492bytes. ]
    [ Unable to print this part. ]


From rcooper at DWFORD.COM  Thu Oct 13 14:03:19 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16011.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Rabellino Sergio
> Sent: Thursday, October 13, 2005 4:36 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Best practice
>
>
> Martin Hepworth wrote:
>
> >Hi
> >
> >Double file extensions still catch anough viruses etc for me
> before the AV
> >people update to it useful..
> >
> >This then becomes an education issue... advise people not to put dots in
> >filesnames as many anti-virus gateways will not them through as
> they are a
> >potential virus.
> >
> >--
> >Martin Hepworth
> >Snr Systems Administrator
> >Solid State Logic
> >Tel: +44 (0)1865 842300
> >
> >
> >
> Ho do you feel about  mycode.c.old or mydocs.tar.gz, or
> mydata.20051009.txt ???
>
> It's hard tell anyone that he can't send a project in development to
> someone else because there are double dotted filenames, without concerning
> the real content.
>
> This was the start point for our discussion, then my doubt on that rule.
> Could  be a 'better performance' rule, but there are real attacks
> catched ONLY by that rule ?
>
> For now i've not found any attacks singularly catched by the double-dot
> rule, but...
>
> --

A Lot of this is a policy issue. For instance, if you use .tar.gz files in
your organization then add an allow rule above the double ext deny like
allow \.tar\.gz$, same with other commonly used formats. For instance one
site I handle routinely receives files from Ford Motor Company that end 5
digits and then xls so I allow \.\d{5}\.xls$. Well then I start seeing all
kinds of other vendors sending reports and quotes and such with double
extensions so I added the following to my filename rules

# Allow XLS/DOC/PDF files that do not have an executable second extension
deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.doc$
Attempt to Hide Bad Things With DOC Extension  Attempt to Hide Bad Things
With DOC Extension - NO CIGAR!
deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.xls$
Attempt to Hide Bad Things With XLS Extension  Attempt to Hide Bad Things
With XLS Extension - NO CIGAR!
deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.pdf$
Attempt to Hide Bad Things With PDF Extension  Attempt to Hide Bad Things
With PDF Extension - NO CIGAR!

# Allow multiple extensions on .xls, .doc, .pdf files
allow  \.(doc|xls|pdf)$  Allow xls, doc, pdf outright  Allow xls, doc, pdf
outright

This could, of course, be easily extended to include any final extension or
all final extensions such as

deny (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.[^\.]{1,}$

which would deny anything ending in a double containing the parenthetic
expressions and any other extension. Could easily add more denied types to
the \.exe|\.scr stuff

I really don't think the original double extension problem is an issue
anymore (executing by type and not name from an email) but there are still
issues with extensions like somefile.xls.exe because once saved the user in
a default windows configuration will see somefile.xls.

Of course one way to mitigate the double extension issue somewhat is to
disable hiding known file types in the windows folder views, so
somefile.xls.exe doesn't appear as somefile.xls

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Thu Oct 13 14:40:42 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16012.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

From: "Rick Cooper" <rcooper@DWFORD.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, October 13, 2005 3:03 PM
Subject: Re: Best practice
> 
> # Allow XLS/DOC/PDF files that do not have an executable second extension
> deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.doc$
> Attempt to Hide Bad Things With DOC Extension  Attempt to Hide Bad Things
> With DOC Extension - NO CIGAR!
> deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.xls$
> Attempt to Hide Bad Things With XLS Extension  Attempt to Hide Bad Things
> With XLS Extension - NO CIGAR!
> deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.pdf$
> Attempt to Hide Bad Things With PDF Extension  Attempt to Hide Bad Things
> With PDF Extension - NO CIGAR!
> 
Haven't you got this the other way around?

There is nothing harmful with a filename.bat.doc
On the other hand, filename.doc.bat might be dangerous.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct 13 16:39:28 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16013.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gray, Richard spake the following on 10/13/2005 2:59 AM:
>>This was the start point for our discussion, then my doubt on 
>>that rule. 
>>Could  be a 'better performance' rule, but there are real 
>>attacks catched ONLY by that rule ?
>>
> 
> 
> Its Defence In Depth. You're right that their nearly always caught by
> something else (a lot of ours are stopped by spam filters and RBLs) but
> there is always a possibility that one will slip through, however remote
> the chance may be.
> 
> Its like all these defences, you have to weigh up whats more important,
> and make a decision based on that. If you are getting major grief for
> double dot viruses, then IMHO you're probably safe to take them out. You
> could mitigate the risk by using a heuristic virus scanner. This might
> increase the number of FPs that you get, but lowers the risk of a double
> dotted 0-day virus coming in.
> 
> Your choice really.
> 

But wouldn't blocking executables by filetype catch anything that could
be executable? Even if the filename is obscured?
The file command is pretty good with dos and windows executables, no
matter the extension. I usually catch the newer viruses here as their
signatures are written and distributed through the virus scanner channels.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Thu Oct 13 17:21:14 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:57 2006
Subject: Messages not getting scanned
Message-ID: <mailman.16014.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Do you have any "Spam checks" rules?


Mike Patchen wrote:

>On 10/12/05, Stijn Jonker <SJCJonker@sjc.nl> wrote:
>  
>
>>Mike,
>>
>>First off all please leave the list in, I'm not all knowing...
>>
>>On 12-Oct-2005 23:20, Mike Patchen wrote:
>>    
>>
>>>On 10/12/05, Stijn Jonker <SJCJonker@sjc.nl> wrote:
>>>      
>>>
>>>>Hello Mike & The list,
>>>>        
>>>>
>>>>I'm not a 100% sure, if mail is still bypassing MailScanner it looks
>>>>like something else is handling the email. To rule out other mailers,
>>>>could you run:
>>>>"lsof -i4tcp:25 -n -P"
>>>>
>>>>And provide the output? Next to this could you also provide the output of:
>>>>"ps -eaf | grep -i -e sendmail \
>>>>        -e mailscanner \
>>>>        -e qmail \
>>>>        -e exim \
>>>>        -e master \
>>>>        -e qmgr"
>>>>
>>>>Stijn
>>>>--
>>>>Met Vriendelijke groet/Yours Sincerely
>>>>Stijn Jonker <SJCJonker@sjc.nl>
>>>>
>>>>        
>>>>
>>>Output of lsof:
>>>[root@mail 20051012]# lsof -i4tcp:25 -n -P
>>>COMMAND    PID USER   FD   TYPE    DEVICE SIZE NODE NAME
>>>sendmail  7934 root    4u  IPv4 719480370       TCP *:25 (LISTEN)
>>>      
>>>
>><<SNIP>>
>>    
>>
>>>And the ps command:
>>>[root@mail 20051012]# ps -eaf | grep -i -e sendmail -e mailscanner -e
>>>qmail -e exim -e master -e qmgr
>>>      
>>>
>><<OUTPUT REMOVED, Looked normal>>
>>
>>How do you determine it's bypassing mailscanner, are you 100% sure it's
>>not bypassing it through a secondary mailserver, firewall hole or
>>something else?
>>
>>Stijn
>>
>>
>>
>>--
>>Met Vriendelijke groet/Yours Sincerely
>>Stijn Jonker <SJCJonker@sjc.nl>
>>
>>    
>>
>
>Stijn, and all,
>
>Firstly, I apologize for not watching my reply address closer.  You
>would think gmail would be smart enough to figure out how to respond
>to a mailing list.
>
>On to the question at hand.  I have determined the bypass by watching
>the logs (looking for a needle in a haystack).  I will see the message
>picked up by the sendmail deamon, dropped into the queue directory,
>then delivered to the destination all within a second or two.  When I
>watch scanned messages on the same server, there is a delay of at
>least 5 seconds between the receipt of the message and delivery
>(usually a little longer, but 5 seconds was the least I have noticed).
>
>As far as some secondary mailserver, the only mta installed on this
>machine is sendmail.  Not sure how a firewall hole would allow some
>messages to be scanned, but not others.  And for anything else, that
>is why I am asking.  What else can I look for?  What else might be
>there that would be causing this?
>
>
>Mike
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at ELIQUID.COM  Thu Oct 13 17:36:23 2005
From: mailscanner at ELIQUID.COM (Wess Bechard)
Date: Thu Jan 12 21:30:57 2006
Subject: Hangup on 4.46.2 when missing filename/filetype rules
Message-ID: <mailman.16015.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I came across this bug today and thought I would share it with all of
you.

While installing a new email system with MailScanner 4.46.2 and Postfix
2.1.5, I came across a bug when handling missing filetype and filename
configuration files for MailScanner.

To make a long bug report short, commenting out the filename and filetype
rules from the Mailscanner.conf, or simply configuring and using the
filename and filetype checks fixes the problem.  The only bug here is
that MailScanner reports that it is ignoring the missing files, and then
crashes and starts a mail check loop that runs forever.

If you would like to read the details, please continue below.


It seems that MailScanner writes warning to the log file that it is
skipping the filename and filetype checks, as it cannot find the files. 
This warning is the proper way to handle the missing files.

The problem is that after issuing a warning, MailScanner dies, and
restarts.

Example:

Message 5FA399E80F4.8A148 from 64.12.136.13 (scomp@aol.net) to eliquid.ca
is not spam, SpamAssassin (score=1.658, required 5, autolearn=disabled,
FAKED_UNDISC_RECIPS 0.56, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28,
NO_REAL_NAME 0.18, URIBL_SBL 0.63)
Oct 13 11:49:22 email MailScanner[23356]: Spam Checks completed at 8525
bytes per second

Right here is where the child process has restarted...

Oct 13 11:49:23 email MailScanner[23356]: Virus and Content Scanning:
Starting
Oct 13 11:49:30 email MailScanner[23371]: MailScanner E-Mail Virus
Scanner version 4.46.2 starting...
Oct 13 11:49:30 email MailScanner[23371]: Cannot open filename-rules file
etc-dir%/filename.rules.conf, skipping
Oct 13 11:49:30 email MailScanner[23371]: Cannot open filename-rules file
etc-dir%/filetype.rules.conf, skipping
Oct 13 11:49:30 email MailScanner[23371]: Read 676 hostnames from the
phishing whitelist

This example also shows that MailScanner has indicated that it will skip
the filename/filetype rules.  You would naturally assume that MailScanner
should ignore anything else about these rules.


Since mail was looping through spam checks and dying, I turned on Debug
mode and found the problem by running check_mailscanner.

Right when MailScanner starts to process the checks, right after the
virus scanning, we find an error:

Can't use an undefined value as an ARRAY reference at
/opt/MailScanner/lib/MailScanner/Config.pm line 897.

Config.pm @ Line 875:

sub FilenameRulesValue {
  my($message) = @_;

  my($list,@filenamelist,$file,$listref,@totallist);

  # Get the list of filenames and split it
  $list = Value('filenamerules', $message);
  @filenamelist = split(" ", $list);

  # Now construct a list containing the concatenation of all the
allow-deny
  # rules
  #print STDERR "Filename rulesets are " . join(', ', @filenamelist) .
"\n";
  foreach $file (@filenamelist) {
    if (!exists($FilenameRules{$file})) {
      #print STDERR "Could not find filenamerules $file, forcing a
re-read.\n";
      # This filename has not been seen before, so compile it now.
      # Skip the file if it didn't exist, error already generated.
      next unless $FilenameRules{$file} =
ReadOneFilenameRulesFile($file);
    }
    $listref = $FilenameRules{$file};
    #print STDERR "listref = $listref\n";
    #print STDERR "listref = " . @{$listref} . "\n";
    push @totallist, @{$listref};         <--- Error occurs here
  }

  #print STDERR "Filename rules for message are\n" .
join("\n",@totallist) .
  #             "Filename rules for message ends.\n";
  return \@totallist;
}


Thanks folks.

Make sure to visit us on irc.freenode.net #mailscanner for the live
technical support community!


___________________________________________

Wess Bechard
Information Technology Manager
eliquidMEDIA International Inc.
Visit: www.eliquid.com
Office: 519.973.1930  -  1.800.561.7525
Fax: 519.253.0337
Cell: 519.791.9492
___________________________________________


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From rcooper at DWFORD.COM  Thu Oct 13 18:18:10 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16016.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Leif Neland
> Sent: Thursday, October 13, 2005 8:41 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Best practice
>
>
> From: "Rick Cooper" <rcooper@DWFORD.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Thursday, October 13, 2005 3:03 PM
> Subject: Re: Best practice
> >
> > # Allow XLS/DOC/PDF files that do not have an executable second
> extension
> > deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.doc$
> > Attempt to Hide Bad Things With DOC Extension  Attempt to Hide
> Bad Things
> > With DOC Extension - NO CIGAR!
> > deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.xls$
> > Attempt to Hide Bad Things With XLS Extension  Attempt to Hide
> Bad Things
> > With XLS Extension - NO CIGAR!
> > deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.pdf$
> > Attempt to Hide Bad Things With PDF Extension  Attempt to Hide
> Bad Things
> > With PDF Extension - NO CIGAR!
> >
> Haven't you got this the other way around?
>
> There is nothing harmful with a filename.bat.doc
> On the other hand, filename.doc.bat might be dangerous.
>

That has to do with an old vulnerability wherein you could place an
incorrect ending suffix such as txt to an executable and it would fire off
rather than use notepad because it was aware of the actual file type. I
don't think it really exists anymore. The normal double filter would catch
something ending some.exe later down the expressions.

The only reason I even keep the above rule around is you never know what
some 3d part application might do.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike.patchen at GMAIL.COM  Thu Oct 13 18:37:01 2005
From: mike.patchen at GMAIL.COM (Mike Patchen)
Date: Thu Jan 12 21:30:57 2006
Subject: Messages not getting scanned
Message-ID: <mailman.16017.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 10/13/05, Dennis Willson <taz@taz-mania.com> wrote:
> Do you have any "Spam checks" rules?

In Mailscanner.conf:
Spam Checks = %rules-dir%/spam.check.rules

spam.checks.rules:
From: 127.0.0.1  no
From: <our firewall address>   no
FromOrTo: default   yes

I have the firewall address in there to keep outbound emails from
being scanned, and the loopback address for obvious reasons.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Thu Oct 13 21:45:11 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16018.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello all,

My users would prefer not to receive emails with phishing attempts, 
specially the banking ones.

I was wondering about URIBL_PH_SURBL and discovered I only got 3 hits 
this month (didn't look at previous logs).

Is there some RBL more effective than this one targeted at phishing 
attempts?  I would like to score them big enough to get the mails high 
scoring and deleted.

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Thu Oct 13 21:52:37 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16019.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:

> Hello all,
>
> My users would prefer not to receive emails with phishing attempts, 
> specially the banking ones.
>
> I was wondering about URIBL_PH_SURBL and discovered I only got 3 hits 
> this month (didn't look at previous logs).
>
> Is there some RBL more effective than this one targeted at phishing 
> attempts?  I would like to score them big enough to get the mails high 
> scoring and deleted.
>

Julian,

Could the phishing net be expanded to delete/deliver/whatever phishing 
attempts on selected web sites?  We could maintain a liste of web sites 
that wouldn't tolerate phishing attempts against them (our local banking 
sites, for example).  If a phishing attempt was detected for one of 
those sites, the mail would be deleted/delivered/whatever.

Could this be of interest to other people?

Thanks again!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Thu Oct 13 22:08:55 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16020.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin writes: 

> I was wondering about URIBL_PH_SURBL and discovered I only got 3 hits this 
> month (didn't look at previous logs). 
> 
> Is there some RBL more effective than this one targeted at phishing 
> attempts?  I would like to score them big enough to get the mails high 
> scoring and deleted. 
> 

What do your clamav (assuming you are using it) stats for phishing mails 
look like? fyi, bitdefender also detects phished mails. 

Anyways have a look at these and see if you can use them:
http://www.ahbl.org/docs/rhsbl.php
http://rhs.mailpolice.com/ (this one has already merged with ph.surbl) 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Thu Oct 13 22:15:49 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16021.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dhawal Doshy writes: 

> Denis Beauchemin writes:  
> 
>> I was wondering about URIBL_PH_SURBL and discovered I only got 3 hits 
>> this month (didn't look at previous logs).  
>> 
>> Is there some RBL more effective than this one targeted at phishing 
>> attempts?  I would like to score them big enough to get the mails high 
>> scoring and deleted.  
>> 
> 
> Anyways have a look at these and see if you can use them:
> http://www.ahbl.org/docs/rhsbl.php
> http://rhs.mailpolice.com/ (this one has already merged with ph.surbl)  
> 

One more, if you are ready to go the commercial way. (all on one line)
http://news.netcraft.com/archives/2005/04/27/netcraft_phishing_site_feed_ava 
ilable.html 

i found it a bit too expensive, when last inquired. i could dig up the info 
if you are interested. 

 - dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From richard.thomas at PSYSOLUTIONS.COM  Thu Oct 13 22:10:18 2005
From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16022.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rabellino Sergio wrote:

> Ho do you feel about  mycode.c.old or mydocs.tar.gz, or 
> mydata.20051009.txt ???
>
> It's hard tell anyone that he can't send a project in development to 
> someone else because there are double dotted filenames, without 
> concerning
> the real content.
>
> This was the start point for our discussion, then my doubt on that 
> rule. Could  be a 'better performance' rule, but there are real 
> attacks catched ONLY by that rule ?
>
> For now i've not found any attacks singularly catched by the 
> double-dot rule, but...
>
I've been wondering about this myself. I mean sure, block report.doc.exe 
and hotpic.jpg.pif but is anything really gained by blocking the 
examples listed by the previous poster? And I mean don't just do some 
handwaving about "extra security", I'd like to see a real explanation of 
the gain and preferably a couple of examples.

Rich




-- 
MIS Department      | Psychiatric Solutions Inc |Phone: +1 615 312 5787
840 Crescent Ctr Dr |                           |Fax:   +1 615 312 5711
Suite 460           +---------------------------+----------------------
Franklin, TN 37067  |Support: helpdesk@psysolutions.com +1 615 312 5888

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From richard.thomas at PSYSOLUTIONS.COM  Thu Oct 13 22:16:59 2005
From: richard.thomas at PSYSOLUTIONS.COM (Richard Thomas)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16023.1137101457.24926.mailscanner@lists.mailscanner.info>

Rick Cooper wrote:

>>-----Original Message-----
>>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>>Behalf Of Leif Neland
>>Sent: Thursday, October 13, 2005 8:41 AM
>>To: MAILSCANNER@JISCMAIL.AC.UK
>>Subject: Re: Best practice
>>
>>
>>From: "Rick Cooper" <rcooper@DWFORD.COM>
>>To: <MAILSCANNER@JISCMAIL.AC.UK>
>>Sent: Thursday, October 13, 2005 3:03 PM
>>Subject: Re: Best practice
>>    
>>
>>># Allow XLS/DOC/PDF files that do not have an executable second
>>>      
>>>
>>extension
>>    
>>
>>>deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.doc$
>>>Attempt to Hide Bad Things With DOC Extension  Attempt to Hide
>>>      
>>>
>>Bad Things
>>    
>>
>>>With DOC Extension - NO CIGAR!
>>>deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.xls$
>>>Attempt to Hide Bad Things With XLS Extension  Attempt to Hide
>>>      
>>>
>>Bad Things
>>    
>>
>>>With XLS Extension - NO CIGAR!
>>>deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf])\.pdf$
>>>Attempt to Hide Bad Things With PDF Extension  Attempt to Hide
>>>      
>>>
>>Bad Things
>>    
>>
>>>With PDF Extension - NO CIGAR!
>>>
>>>      
>>>
>>Haven't you got this the other way around?
>>
>>There is nothing harmful with a filename.bat.doc
>>On the other hand, filename.doc.bat might be dangerous.
>>
>>    
>>
>
>That has to do with an old vulnerability wherein you could place an
>incorrect ending suffix such as txt to an executable and it would fire off
>rather than use notepad because it was aware of the actual file type. I
>don't think it really exists anymore. The normal double filter would catch
>something ending some.exe later down the expressions.
>  
>
In that case, isn't the script still incorrect since it is looking for 
exe, scr, bat etc in the filename when presumably that wouldn't be 
required and you could have a document.txt with an executable mimetype?

Rich

>The only reason I even keep the above rule around is you never know what
>some 3d part application might do.
>
>Rick
>
>
>--
>This message has been scanned for viruses and
>dangerous content by MailScanner, and is
>believed to be clean.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>


-- 
MIS Department      | Psychiatric Solutions Inc |Phone: +1 615 312 5787
840 Crescent Ctr Dr |                           |Fax:   +1 615 312 5711
Suite 460           +---------------------------+----------------------
Franklin, TN 37067  |Support: helpdesk@psysolutions.com +1 615 312 5888


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]


From jlmiller at MMTNETWORKS.COM.AU  Fri Oct 14 01:16:55 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:30:57 2006
Subject: question re: spam mail
Message-ID: <mailman.16024.1137101457.24926.mailscanner@lists.mailscanner.info>

Maybe I'm not understanding the function of this program clearly.  I'm still receiving various spam mail with all types of content ranging from free vacation to viagra to see my wife crap and the like.  I submit these e-mail as samples to a folder on the linux server and run a script that sa-learn reads and then delete the contents of the folder.  

mail:/home/jlmiller/spam# cat /root/spamlearn.sh
#!/bin/bash
# spamlearn.sh - enter mail name to run
sa-learn -p -v /etc/spam.assassin.prefs.conf --spam /home/jlmiller/spam
ls -l /home/jlmiller/spam/* >> /home/jlmiller/spammail/spamlist.txt
rm /home/jlmiller/spam/*.mlm


Now from what I understood from someone on the list is that this has to happen several times before SA will learn that this is considered spam, is that correct?
If so why not run the same junk through several times?  If I do it manually I see that sa-learn picks up on the information and learns that the submitted mail is spam.  If I run it a 2nd time it states it "Learned from 0 message(s) (14 message(s) examined)".

1st run
mail:/home/jlmiller/spam# sa-learn -p -v /etc/spam.assassin.prefs.conf --spam /home/jlmiller/spam
Learned from 13 message(s) (14 message(s) examined).


2nd run
mail:/home/jlmiller/spam# sa-learn -p -v /etc/spam.assassin.prefs.conf --spam /home/jlmiller/spam
Learned from 0 message(s) (14 message(s) examined).


So, if it's learned something from the 1st run why is it the same email can come through time and time again?

Also in the header of some of these e-mails I can see that SA disabled itself (2nd e-mail header) or has timed out others are reporting the score in a either a negative (1st email header) or too low.

Like to get some help in understanding why messages such as these are able to get through.

Thanks


*************** 1st email header ************************************
Received: from mail.mmtnetworks.com.au
 ([192.168.3.3])
 by mmtnetworks.com.au; Thu, 13 Oct 2005 20:46:53 +0800
Received: from arcor.de (unknown [81.13.29.16])
 by mail.mmtnetworks.com.au (Postfix) with SMTP id 6BF47150080
 for <jlmiller@mmtnetworks.com.au>; Thu, 13 Oct 2005 20:41:15 +0800 (WST)
Received: from theirs (192.168.226.107)
 by arcor.de (Crusher oi 4.97) with SMTP id GYCIjl-OHQvnr-qT
 for <jlmiller@mmtnetworks.com.au>; Thu, 13 Oct 2005 07:29:12 -0500
Message-ID: <000e01c5cff1$b58e5880$6be2a8c0@theirs>
From: "Rajendra Birkland" <rajenktlbirkland@arcor.de>
To: "Olya Bachelder" <jlmiller@mmtnetworks.com.au>
Subject: Dumitru Pugliese Meids
Date: Thu, 13 Oct 2005 07:29:09 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_000B_01C5CFC7.CCB85080"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-mmtnet-MailScanner: Found to be clean
X-mmtnet-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.018,
 required 2, BAYES_00, HTML_90_100, HTML_FONT_BIG, HTML_MESSAGE,
 MIME_QP_LONG_LINE, SARE_HTML_TD_BR)
X-MailScanner-From: rajenktlbirkland@arcor.de


******** 2nd email header **********************

Received: from mail.mmtnetworks.com.au
 ([192.168.3.3])
 by mmtnetworks.com.au; Thu, 06 Oct 2005 21:18:58 +0800
Received: from cm-85-152-224-116.telecable.es (cm-85-152-224-116.telecable.es [85.152.224.116])
 by mail.mmtnetworks.com.au (Postfix) with SMTP id 0B548150073
 for <jlmiller@mmtnetworks.com.au>; Thu,  6 Oct 2005 21:14:58 +0800 (WST)
FCC: mailbox://wkcoawzpu@hotmail.com/Sent
X-Identity-Key: id1
Date: Thu, 06 Oct 2005 13:00:45 -0100
From: Liliana Winters <wkcoawzpu@hotmail.com>
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: jlmiller@mmtnetworks.com.au
Subject: re [9]:
Content-Type: multipart/related;
 boundary="------------070203010308010305060004"
Message-Id: <20051006131458.0B548150073@mail.mmtnetworks.com.au>
X-mmtnet-MailScanner: Found to be clean
X-mmtnet-MailScanner-SpamCheck: not spam,
 SpamAssassin (Disabled due to 20 consecutive timeouts)
X-MailScanner-From: wkcoawzpu@hotmail.com

This is a multi-part message in MIME format.
--------------070203010308010305060004
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit

<html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head><body bgcolor="#FFFFF7" text="#B1C5FD"><p><IMG SRC="cid:part1.07050508.00050507@gwnfcmat@hotmail.com" border="0" ALT=""></p><p><font color="#FFFFFA">it's beautiful Oscar Powerball Cliff Notes</font></p><p><font color="#FFFFF8">Atkins Diet Oprah Winfrey</font></p></body></html>

--------------070203010308010305060004
Content-Type: image/gif;
 name="asinine.GIF"
Content-Transfer-Encoding: base64
Content-ID: <part1.07050508.00050507@gwnfcmat@hotmail.com>
Content-Disposition: inline;
 filename="asinine.GIF"
Click to view Base64 Encoded File 


Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
Director/Sr Systems Consultant
MMT Networks Pty Ltd
http://www.mmtnetworks.com.au
Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl

"I don't know the key to success, but the key to failure
 is trying to please everybody." -Bill Cosby

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/HTML  131 lines. ]
    [ Unable to print this part. ]


From matt at CODERS.CO.UK  Fri Oct 14 01:33:29 2005
From: matt at CODERS.CO.UK (Matt Hampton)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16025.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva wrote:

>But wouldn't blocking executables by filetype catch anything that could
>be executable? Even if the filename is obscured?
>The file command is pretty good with dos and windows executables, no
>matter the extension. I usually catch the newer viruses here as their
>signatures are written and distributed through the virus scanner channels.
>  
>
Still testing the code but I am implementing a safe filename/filetype 
function.  If the file extension ends .pdf (with anything before it) and 
"file" returns that it is a PDF allow it.  At the same time if something 
other than PDF is returned by "file" the attachment is is handled like a 
virus.......

Once I am happy with the code I'll post it..... (otherwise engaged at 
the moment - my daughter was born two days ago :-) )

matt

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Fri Oct 14 07:22:18 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:30:57 2006
Subject: question re: spam mail
Message-ID: <mailman.16026.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

---- Original Message ----
From: "Jon Miller" <jlmiller@MMTNETWORKS.COM.AU>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, October 14, 2005 2:16 AM
Subject: question re: spam mail

> Maybe I'm not understanding the function of this program clearly.
> I'm still receiving various spam mail with all types of content
> ranging from free vacation to viagra to see my wife crap and the
> like.  I submit these e-mail as samples to a folder on the linux
> server and run a script that sa-learn reads and then delete the
> contents of the folder.
>
> Now from what I understood from someone on the list is that this has
> to happen several times before SA will learn that this is considered
> spam, is that correct?
> If so why not run the same junk through several times?  If I do it
> manually I see that sa-learn picks up on the information and learns
> that the submitted mail is spam.  If I run it a 2nd time it states it
> "Learned from 0 message(s) (14 message(s) examined)".

Because there is nothing new, it doesn't help running the samme messages 
through.

You might think the messages are the same, but the spammers add spelling 
mistakes to make the messages different, and they often add random sentences 
at the bottom of the mail to confuse the bayes-filter.

Viagra, vlagra vi agr a  etc are different words for the filter, but you 
recognize the word.

> So, if it's learned something from the 1st run why is it the same
> email can come through time and time again?

Because it is not quite the same email.
>
> Also in the header of some of these e-mails I can see that SA
> disabled itself (2nd e-mail header) or has timed out others are
> reporting the score in a either a negative (1st email header) or too
> low.

> X-mmtnet-MailScanner: Found to be clean
> X-mmtnet-MailScanner-SpamCheck: not spam,
>  SpamAssassin (Disabled due to 20 consecutive timeouts)

Is it an old slow machine?
Try increasing the timeout, and run mailscanner in debug-mode to see where 
it is slow.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From anders.andersson at LTKALMAR.SE  Fri Oct 14 08:28:29 2005
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:30:57 2006
Subject: OT OT  was   Re: Best practice
Message-ID: <mailman.16027.1137101457.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Matt Hampton
> Sent: Friday, October 14, 2005 2:33 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Best practice

> Once I am happy with the code I'll post it..... (otherwise 
> engaged at the moment - my daughter was born two days ago :-) )
> 
> matt
> 

Congratulation from me and the rest of the list  :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From matt at CODERS.CO.UK  Fri Oct 14 09:04:57 2005
From: matt at CODERS.CO.UK (Matt Hampton)
Date: Thu Jan 12 21:30:57 2006
Subject: question re: spam mail
Message-ID: <mailman.16028.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>1st run
>mail:/home/jlmiller/spam# sa-learn -p -v /etc/spam.assassin.prefs.conf --spam /home/jlmiller/spam
>Learned from 13 message(s) (14 message(s) examined).
>
>  
>
Mailscanner doesn't use the default Spam Assassin config file - see

http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:debug

Try this command instead (assuming you have a standardish installation!)

sa-learn -p -v /etc/MailScanner/spam.assassin.prefs.conf --spam /home/jlmiller/spam

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 14 09:11:42 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:57 2006
Subject: question re: spam mail
Message-ID: <mailman.16029.1137101457.24926.mailscanner@lists.mailscanner.info>

Jon

Make sure you have the URI-RBL's enabled (needs Net::DNS) in the SA setup
(in /etc/mail/spamassassin/*.pre)

Also run a 

spamassassin -D --lint

to see if it pops any errors....also check the SARE rules and others on
www.rulesemporium.com for lots of nice extras ontop of the default SA ones.



--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jon Miller
> Sent: 14 October 2005 01:17
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] question re: spam mail
> 
> Maybe I'm not understanding the function of this program clearly.  I'm
> still receiving various spam mail with all types of content ranging from
> free vacation to viagra to see my wife crap and the like.  I submit these
> e-mail as samples to a folder on the linux server and run a script that
> sa-learn reads and then delete the contents of the folder.
> 
> mail:/home/jlmiller/spam# cat /root/spamlearn.sh
> #!/bin/bash
> # spamlearn.sh - enter mail name to run
> sa-learn -p -v /etc/spam.assassin.prefs.conf --spam /home/jlmiller/spam
> ls -l /home/jlmiller/spam/* >> /home/jlmiller/spammail/spamlist.txt
> rm /home/jlmiller/spam/*.mlm
> 
> 
> Now from what I understood from someone on the list is that this has to
> happen several times before SA will learn that this is considered spam, is
> that correct?
> If so why not run the same junk through several times?  If I do it
> manually I see that sa-learn picks up on the information and learns that
> the submitted mail is spam.  If I run it a 2nd time it states it "Learned
> from 0 message(s) (14 message(s) examined)".
> 
> 1st run
> mail:/home/jlmiller/spam# sa-learn -p -v /etc/spam.assassin.prefs.conf --
> spam /home/jlmiller/spam
> Learned from 13 message(s) (14 message(s) examined).
> 
> 
> 2nd run
> mail:/home/jlmiller/spam# sa-learn -p -v /etc/spam.assassin.prefs.conf --
> spam /home/jlmiller/spam
> Learned from 0 message(s) (14 message(s) examined).
> 
> 
> So, if it's learned something from the 1st run why is it the same email
> can come through time and time again?
> 
> Also in the header of some of these e-mails I can see that SA disabled
> itself (2nd e-mail header) or has timed out others are reporting the score
> in a either a negative (1st email header) or too low.
> 
> Like to get some help in understanding why messages such as these are able
> to get through.
> 
> Thanks
> 
> 
> *************** 1st email header ************************************
> Received: from mail.mmtnetworks.com.au
>  ([192.168.3.3])
>  by mmtnetworks.com.au; Thu, 13 Oct 2005 20:46:53 +0800
> Received: from arcor.de (unknown [81.13.29.16])
>  by mail.mmtnetworks.com.au (Postfix) with SMTP id 6BF47150080
>  for <jlmiller@mmtnetworks.com.au>; Thu, 13 Oct 2005 20:41:15 +0800 (WST)
> Received: from theirs (192.168.226.107)
>  by arcor.de (Crusher oi 4.97) with SMTP id GYCIjl-OHQvnr-qT
>  for <jlmiller@mmtnetworks.com.au>; Thu, 13 Oct 2005 07:29:12 -0500
> Message-ID: <000e01c5cff1$b58e5880$6be2a8c0@theirs>
> From: "Rajendra Birkland" <rajenktlbirkland@arcor.de>
> To: "Olya Bachelder" <jlmiller@mmtnetworks.com.au>
> Subject: Dumitru Pugliese Meids
> Date: Thu, 13 Oct 2005 07:29:09 -0500
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
>  boundary="----=_NextPart_000_000B_01C5CFC7.CCB85080"
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2800.1106
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> X-mmtnet-MailScanner: Found to be clean
> X-mmtnet-MailScanner-SpamCheck: not spam, SpamAssassin (score=-2.018,
>  required 2, BAYES_00, HTML_90_100, HTML_FONT_BIG, HTML_MESSAGE,
>  MIME_QP_LONG_LINE, SARE_HTML_TD_BR)
> X-MailScanner-From: rajenktlbirkland@arcor.de
> 
> 
> ******** 2nd email header **********************
> 
> Received: from mail.mmtnetworks.com.au
>  ([192.168.3.3])
>  by mmtnetworks.com.au; Thu, 06 Oct 2005 21:18:58 +0800
> Received: from cm-85-152-224-116.telecable.es (cm-85-152-224-
> 116.telecable.es [85.152.224.116])
>  by mail.mmtnetworks.com.au (Postfix) with SMTP id 0B548150073
>  for <jlmiller@mmtnetworks.com.au>; Thu,  6 Oct 2005 21:14:58 +0800 (WST)
> FCC: mailbox://wkcoawzpu@hotmail.com/Sent
> X-Identity-Key: id1
> Date: Thu, 06 Oct 2005 13:00:45 -0100
> From: Liliana Winters <wkcoawzpu@hotmail.com>
> X-Accept-Language: en-us, en
> MIME-Version: 1.0
> To: jlmiller@mmtnetworks.com.au
> Subject: re [9]:
> Content-Type: multipart/related;
>  boundary="------------070203010308010305060004"
> Message-Id: <20051006131458.0B548150073@mail.mmtnetworks.com.au>
> X-mmtnet-MailScanner: Found to be clean
> X-mmtnet-MailScanner-SpamCheck: not spam,
>  SpamAssassin (Disabled due to 20 consecutive timeouts)
> X-MailScanner-From: wkcoawzpu@hotmail.com
> 
> This is a multi-part message in MIME format.
> --------------070203010308010305060004
> Content-Type: text/html; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> 
> <html><head><meta http-equiv="Content-Type" content="text/html;
> charset=iso-8859-1"></head><body bgcolor="#FFFFF7" text="#B1C5FD"><p><IMG
> SRC="cid:part1.07050508.00050507@gwnfcmat@hotmail.com" border="0"
> ALT=""></p><p><font color="#FFFFFA">it's beautiful Oscar Powerball Cliff
> Notes</font></p><p><font color="#FFFFF8">Atkins Diet Oprah
> Winfrey</font></p></body></html>
> 
> --------------070203010308010305060004
> Content-Type: image/gif;
>  name="asinine.GIF"
> Content-Transfer-Encoding: base64
> Content-ID: <part1.07050508.00050507@gwnfcmat@hotmail.com>
> Content-Disposition: inline;
>  filename="asinine.GIF"
> Click to view Base64 Encoded File
> 
> 
> Jon L. Miller,  ASE, CNS, CLS, MCNE, CCNA
> Director/Sr Systems Consultant
> MMT Networks Pty Ltd
> http://www.mmtnetworks.com.au
> Resellers for: Sophos Anti-Virus, Novell, Cisco, Swifdsl
> 
> "I don't know the key to success, but the key to failure
>  is trying to please everybody." -Bill Cosby
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 14 09:12:32 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:57 2006
Subject: question re: spam mail
Message-ID: <mailman.16030.1137101457.24926.mailscanner@lists.mailscanner.info>

Oh another thing

The bayes stuff isn't as effective as the URI-RBL's I find....

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Matt Hampton
> Sent: 14 October 2005 09:05
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] question re: spam mail
> 
> >1st run
> >mail:/home/jlmiller/spam# sa-learn -p -v /etc/spam.assassin.prefs.conf --
> spam /home/jlmiller/spam
> >Learned from 13 message(s) (14 message(s) examined).
> >
> >
> >
> Mailscanner doesn't use the default Spam Assassin config file - see
> 
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassas
> sin:debug
> 
> Try this command instead (assuming you have a standardish installation!)
> 
> sa-learn -p -v /etc/MailScanner/spam.assassin.prefs.conf --spam
> /home/jlmiller/spam
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 14 09:19:44 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: Hangup on 4.46.2 when missing filename/filetype rules
Message-ID: <mailman.16031.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Many thanks for the bug report. Fixed hopefully now. It will be in the
next beta.
On 13 Oct 2005, at 17:36, Wess Bechard wrote:

      I came across this bug today and thought I would share it
      with all of you.

      While installing a new email system with MailScanner 4.46.2
      and Postfix 2.1.5, I came across a bug when handling missing
      filetype and filename configuration files for MailScanner.

      To make a long bug report short, commenting out the filename
      and filetype rules from the Mailscanner.conf, or simply
      configuring and using the filename and filetype checks fixes
      the problem.  The only bug here is that MailScanner reports
      that it is ignoring the missing files, and then crashes and
      starts a mail check loop that runs forever.

      If you would like to read the details, please continue below.


      It seems that MailScanner writes warning to the log file that
      it is skipping the filename and filetype checks, as it cannot
      find the files.  This warning is the proper way to handle the
      missing files.

      The problem is that after issuing a warning, MailScanner
      dies, and restarts.

      Example:

      Message 5FA399E80F4.8A148 from 64.12.136.13 (scomp@aol.net)
      to eliquid.ca is not spam, SpamAssassin (score=1.658,
      required 5, autolearn=disabled, FAKED_UNDISC_RECIPS 0.56,
      HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28, NO_REAL_NAME 0.18,
      URIBL_SBL 0.63)
      Oct 13 11:49:22 email MailScanner[23356]: Spam Checks
      completed at 8525 bytes per second

      Right here is where the child process has restarted...

      Oct 13 11:49:23 email MailScanner[23356]: Virus and Content
      Scanning: Starting
      Oct 13 11:49:30 email MailScanner[23371]: MailScanner E-Mail
      Virus Scanner version 4.46.2 starting...
      Oct 13 11:49:30 email MailScanner[23371]: Cannot open
      filename-rules file etc-dir%/filename.rules.conf, skipping
      Oct 13 11:49:30 email MailScanner[23371]: Cannot open
      filename-rules file etc-dir%/filetype.rules.conf, skipping
      Oct 13 11:49:30 email MailScanner[23371]: Read 676 hostnames
      from the phishing whitelist

      This example also shows that MailScanner has indicated that
      it will skip the filename/filetype rules.  You would
      naturally assume that MailScanner should ignore anything else
      about these rules.


      Since mail was looping through spam checks and dying, I
      turned on Debug mode and found the problem by running
      check_mailscanner.

      Right when MailScanner starts to process the checks, right
      after the virus scanning, we find an error:

      Can't use an undefined value as an ARRAY reference at
      /opt/MailScanner/lib/MailScanner/Config.pm line 897.

      Config.pm @ Line 875:

      sub FilenameRulesValue {
        my($message) = @_;

        my($list,@filenamelist,$file,$listref,@totallist);

        # Get the list of filenames and split it
        $list = Value('filenamerules', $message);
        @filenamelist = split(" ", $list);

        # Now construct a list containing the concatenation of all
      the allow-deny
        # rules
        #print STDERR "Filename rulesets are " . join(', ',
      @filenamelist) . "\n";
        foreach $file (@filenamelist) {
          if (!exists($FilenameRules{$file})) {
            #print STDERR "Could not find filenamerules $file,
      forcing a re-read.\n";
            # This filename has not been seen before, so compile it
      now.
            # Skip the file if it didn't exist, error already
      generated.
            next unless $FilenameRules{$file} =
      ReadOneFilenameRulesFile($file);
          }
          $listref = $FilenameRules{$file};
          #print STDERR "listref = $listref\n";
          #print STDERR "listref = " . @{$listref} . "\n";
          push @totallist, @{$listref};         <--- Error occurs
      here
        }

        #print STDERR "Filename rules for message are\n" .
      join("\n",@totallist) .
        #             "Filename rules for message ends.\n";
        return \@totallist;
      }


      Thanks folks.

      Make sure to visit us on irc.freenode.net #mailscanner for
      the live technical support community!


      ___________________________________________

      Wess Bechard
      Information Technology Manager
      eliquidMEDIA International Inc.
      Visit: www.eliquid.com
      Office: 519.973.1930  -  1.800.561.7525
      Fax: 519.253.0337
      Cell: 519.791.9492
      ___________________________________________


      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Fri Oct 14 09:24:21 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16032.1137101457.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 13 Oct 2005, at 18:18, Rick Cooper wrote:

>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
>> Behalf Of Leif Neland
>> Sent: Thursday, October 13, 2005 8:41 AM
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Best practice
>>
>>
>> From: "Rick Cooper" <rcooper@DWFORD.COM>
>> To: <MAILSCANNER@JISCMAIL.AC.UK>
>> Sent: Thursday, October 13, 2005 3:03 PM
>> Subject: Re: Best practice
>>
>>>
>>> # Allow XLS/DOC/PDF files that do not have an executable second
>>>
>> extension
>>
>>> deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf]) 
>>> \.doc$
>>> Attempt to Hide Bad Things With DOC Extension  Attempt to Hide
>>>
>> Bad Things
>>
>>> With DOC Extension - NO CIGAR!
>>> deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf]) 
>>> \.xls$
>>> Attempt to Hide Bad Things With XLS Extension  Attempt to Hide
>>>
>> Bad Things
>>
>>> With XLS Extension - NO CIGAR!
>>> deny  (?:\.exe|\.scr|\.bat|\.com|\.vb[es]|\.cmd|\.pif|\.ws[chf]) 
>>> \.pdf$
>>> Attempt to Hide Bad Things With PDF Extension  Attempt to Hide
>>>
>> Bad Things
>>
>>> With PDF Extension - NO CIGAR!
>>>
>>>
>> Haven't you got this the other way around?
>>
>> There is nothing harmful with a filename.bat.doc
>> On the other hand, filename.doc.bat might be dangerous.
>>
>>
>
> That has to do with an old vulnerability wherein you could place an
> incorrect ending suffix such as txt to an executable and it would  
> fire off
> rather than use notepad because it was aware of the actual file  
> type. I
> don't think it really exists anymore. The normal double filter  
> would catch
> something ending some.exe later down the expressions.

There certainly was a vulnerability whereby if you had 3 extensions,  
and the 3rd one started at the 256th character in the filename then  
it would use the 2nd one. Something like that, but that is why I put  
in the "long filename" and "lots of spaces" rules.
I never saw any patch which definitely said they had fixed it, so the  
rules have stayed.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ09rOPw32o+k+q+hAQGcxAgAniqdn+Iq0VuNb7rPR2S7xBLILpj5/zDt
BCG4AS76bOovI7+UE/CFAl8BtEnMDDRUqWO8Kl3Ek7v4nAQNRhUQicDnM+415UFx
ge5Ip5+djpwAOUMdsHQ9RlBx+ezny+HMdd5HY9F8yu+BCoFAjrzCU3WYJ0BDWb1L
dmGG8m6z0xJEvo1jiDuGnAYsv6gHHSn87MnSwYbHOs1OnQ1NzQVmSrsDR2qY8YvY
qnBEufpklfMAZjTAlKRl9ceinZxsI3/rI9GtQk/qRTvHkGEprynB2cidwRxJRAQv
lXcEjc9Y8teql+iW6+VpQpi05VO2ztVGxmHBD+oBaKLcz2GHmKaqVQ==
=IvjT
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 14 09:31:09 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16033.1137101457.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 13 Oct 2005, at 22:10, Richard Thomas wrote:

> Rabellino Sergio wrote:
>
>
>> Ho do you feel about  mycode.c.old or mydocs.tar.gz, or mydata. 
>> 20051009.txt ???
>>
>> It's hard tell anyone that he can't send a project in development  
>> to someone else because there are double dotted filenames, without  
>> concerning
>> the real content.
>>
>> This was the start point for our discussion, then my doubt on that  
>> rule. Could  be a 'better performance' rule, but there are real  
>> attacks catched ONLY by that rule ?
>>
>> For now i've not found any attacks singularly catched by the  
>> double-dot rule, but...
>>
>>
> I've been wondering about this myself. I mean sure, block  
> report.doc.exe and hotpic.jpg.pif but is anything really gained by  
> blocking the examples listed by the previous poster? And I mean  
> don't just do some handwaving about "extra security", I'd like to  
> see a real explanation of the gain and preferably a couple of  
> examples.

Please remember that no-one is forcing any of this on you. Don't like  
them? Don't use them. The default rules are the ones I felt were  
worth having, some based on my own experience and some based on  
Microsoft's own lists of such things.

I wrote the double-extension trap rule as an example of what you  
could do with my rules system, rather than the simple extension- 
blockers provided with any of the commercial alternatives. It has  
turned out be rather useful, and I wouldn't want to be without it.

But if you don't see the reason for having some/all of the rules,  
just delete them. This whole conversation has become a bit pointless  
and circular, in my opinion.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ09s0fw32o+k+q+hAQEHcQgAoCImoo4yfPb2Gd3cz/yvI6c/4w8wEqQn
rcswIgo1d4qG2NLoTxy3riwlpKjAhYawUDghHBzXIaf2dWmEWpTmCfJ3Iod32tiB
ki4scnYecL7e2FjUQCD/5Sl0MtckS5RgyNcvUj/sQ2TMvxuTmbcCWzEc3zph2njR
g9VAYRrNGQV1uDH01VKrfGsv8VN/ACdCkpSXMo9f+wQxjW0ietY4fu7eeR6O3weJ
Ls7ktA7xE+2atXr9j7qne+tEkmfLvgAE6ZJmyYcZp+l9XribhGpaGcui2hV4JuBt
7ifFcY5udsoz+RNRrkpZvC2Ig997KNziPsO5nEU4S+Rqn5r5FIThjg==
=VSrE
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Fri Oct 14 11:23:19 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16034.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>On 13 Oct 2005, at 22:10, Richard Thomas wrote:
>
>  
>
>>Rabellino Sergio wrote:
>>
>>
>>    
>>
>>>Ho do you feel about  mycode.c.old or mydocs.tar.gz, or mydata. 
>>>20051009.txt ???
>>>
>>>It's hard tell anyone that he can't send a project in development  
>>>to someone else because there are double dotted filenames, without  
>>>concerning
>>>the real content.
>>>
>>>This was the start point for our discussion, then my doubt on that  
>>>rule. Could  be a 'better performance' rule, but there are real  
>>>attacks catched ONLY by that rule ?
>>>
>>>For now i've not found any attacks singularly catched by the  
>>>double-dot rule, but...
>>>
>>>
>>>      
>>>
>>I've been wondering about this myself. I mean sure, block  
>>report.doc.exe and hotpic.jpg.pif but is anything really gained by  
>>blocking the examples listed by the previous poster? And I mean  
>>don't just do some handwaving about "extra security", I'd like to  
>>see a real explanation of the gain and preferably a couple of  
>>examples.
>>    
>>
>
>Please remember that no-one is forcing any of this on you. Don't like  
>them? Don't use them. The default rules are the ones I felt were  
>worth having, some based on my own experience and some based on  
>Microsoft's own lists of such things.
>
>I wrote the double-extension trap rule as an example of what you  
>could do with my rules system, rather than the simple extension- 
>blockers provided with any of the commercial alternatives. It has  
>turned out be rather useful, and I wouldn't want to be without it.
>
>But if you don't see the reason for having some/all of the rules,  
>just delete them. This whole conversation has become a bit pointless  
>and circular, in my opinion.
>  
>
I was 'out of the window' to see all the opinions, to better understand 
all the various ideas around.
Remember Julian that for many users  your example or suggestion wired in 
the standard configuration,would be the best thing to do, so
a careful selection must be done.
Probably the double dot rule must be listed as usually, but a bit of 
criticism on the past choices would lead to a better comprehension of MS.

Thanks to all.

-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Fri Oct 14 12:02:50 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16035.1137101457.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Friday, October 14, 2005 3:24 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Best practice
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
>
> On 13 Oct 2005, at 18:18, Rick Cooper wrote:
>
> >> -----Original Message-----
> >> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> >> Behalf Of Leif Neland
> >> Sent: Thursday, October 13, 2005 8:41 AM
> >> To: MAILSCANNER@JISCMAIL.AC.UK
> >> Subject: Re: Best practice
> >>
> >>
> >> From: "Rick Cooper" <rcooper@DWFORD.COM>
> >> To: <MAILSCANNER@JISCMAIL.AC.UK>
> >> Sent: Thursday, October 13, 2005 3:03 PM
> >> Subject: Re: Best practice
> >>
<snip>

> > That has to do with an old vulnerability wherein you could place an
> > incorrect ending suffix such as txt to an executable and it would
> > fire off
> > rather than use notepad because it was aware of the actual file
> > type. I
> > don't think it really exists anymore. The normal double filter
> > would catch
> > something ending some.exe later down the expressions.
>
> There certainly was a vulnerability whereby if you had 3 extensions,
> and the 3rd one started at the 256th character in the filename then
> it would use the 2nd one. Something like that, but that is why I put
> in the "long filename" and "lots of spaces" rules.
> I never saw any patch which definitely said they had fixed it, so the
> rules have stayed.
>

I agree with keeping them as is. As the developer you have no idea what
kinds of hardware and software people are using and if someone is
comfortable removing something that doesn't apply to their situation, fine.
Heck I still had windows 95 based boxes in three locations until last year!
They were vender supplied for a cataloging program and we had no choice
about it. I think the fact that you add new checks and leave old is the
*perfect* way to do it.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Fri Oct 14 13:09:12 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16036.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dhawal Doshy wrote:

> Denis Beauchemin writes:
>
>> I was wondering about URIBL_PH_SURBL and discovered I only got 3 hits 
>> this month (didn't look at previous logs).
>> Is there some RBL more effective than this one targeted at phishing 
>> attempts?  I would like to score them big enough to get the mails 
>> high scoring and deleted.
>
>
> What do your clamav (assuming you are using it) stats for phishing 
> mails look like? fyi, bitdefender also detects phished mails.
> Anyways have a look at these and see if you can use them:
> http://www.ahbl.org/docs/rhsbl.php
> http://rhs.mailpolice.com/ (this one has already merged with ph.surbl)


I don't run Clamav mainly because at one point it detected malware where 
I didn't see any (but it was a long time ago and I don't remember what 
it was about).  But even if I did it wouldn't give me a pure phishing 
detection that could be used to make some phishing attempts get deleted.

I'm investigating the Netcraft solution.  Can anyone give their opinion 
on their RBL?

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Oct 14 14:01:41 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16037.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 14/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
(snip)
>
> I don't run Clamav mainly because at one point it detected malware where
> I didn't see any (but it was a long time ago and I don't remember what
> it was about).  But even if I did it wouldn't give me a pure phishing
> detection that could be used to make some phishing attempts get deleted.

Define "pure" in this context. Sure it missed the recent "nordea"
phish (swedish bank... c:a 4 million e-banking customers), but so
would most any solution (well, perhaps not Jules phishing net)... But
then, we're all still trying to get up off the floor from all the
rolling and laughing ... The silly buggers used a translation
program... Need one say more? ISTR we had a fun "autotranslation
thread" a while back, detailing most of all the woes one would have
with that approach.
Not that I'm complaining about their infinite stupidity:-).

Anyway, to my mind clamav is pretty darned close to getting most of
all known phishing _and_ is a very good virus detector... So why not
use it? Every AV has its flaws, so that it missed some few can't be a
reason to forego it.

> I'm investigating the Netcraft solution.  Can anyone give their opinion
> on their RBL?

Haven't used, but would be very interrested to hear this too... Always
interrested in possible improvements (provided one has the time to
implement them:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at GMAIL.COM  Fri Oct 14 14:55:08 2005
From: lbcadmin at GMAIL.COM (Information Services)
Date: Thu Jan 12 21:30:57 2006
Subject: MailWatch password (web user)
Message-ID: <mailman.16038.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I am trying to change the password for the MailWatch web user, but am
having problems in doing so.

I am running

CentOS 4.1
mysql-4.1.10a-2.RHEL4.1
mailwatch-1.0.1
mailscanner-4.44.1-1
phpMyAdmin-2.6.3-pl1


I have changed the password in:

MailWatch.pm
SQLBlackWhiteList.pm
conf.php

from the command line:

mysql mailscanner -u (user) -p
[changed the password]
GRANT ALL ON mailscanner.* TO xxx@localhost IDENTIFIED BY 'password';

flush privileges;
\q;

Then when I try to create a MailWatch Web User, I run into this problem

mysql mailscanner -u (user) -p
INSERT INTO users VALUES ('xxxx',md5('password'0,'xxxx','A','0');
ERROR 1062 (23000): Duplicate entry 'xxx' for key 1


So what do I need to do in order to change the password for this user?

Casey

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Fri Oct 14 15:16:34 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16039.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>On 14/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
>(snip)
>  
>
>>I don't run Clamav mainly because at one point it detected malware where
>>I didn't see any (but it was a long time ago and I don't remember what
>>it was about).  But even if I did it wouldn't give me a pure phishing
>>detection that could be used to make some phishing attempts get deleted.
>>    
>>
>
>Define "pure" in this context. Sure it missed the recent "nordea"
>phish (swedish bank... c:a 4 million e-banking customers), but so
>would most any solution (well, perhaps not Jules phishing net)... But
>then, we're all still trying to get up off the floor from all the
>rolling and laughing ... The silly buggers used a translation
>program... Need one say more? ISTR we had a fun "autotranslation
>thread" a while back, detailing most of all the woes one would have
>with that approach.
>Not that I'm complaining about their infinite stupidity:-).
>
>Anyway, to my mind clamav is pretty darned close to getting most of
>all known phishing _and_ is a very good virus detector... So why not
>use it? Every AV has its flaws, so that it missed some few can't be a
>reason to forego it.
>
>  
>
>>I'm investigating the Netcraft solution.  Can anyone give their opinion
>>on their RBL?
>>    
>>
>
>Haven't used, but would be very interrested to hear this too... Always
>interrested in possible improvements (provided one has the time to
>implement them:-).
>
>  
>

Glenn,

Clam didn't miss anything.  It detected something where there should be 
nothing. Bummer, I really can't remember what...  I guess I'll give it a 
try.

As for Netcraft, it'e being used by GoDaddy.com.  This article states 
that they move about 1 million emails per hour:

http://www.godaddy.com/gdshop/pressReleases/08_16_05_Joint_With_Netcraft_F.pdf


Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Russell at KNOWLEDGEIT.CO.UK  Fri Oct 14 15:26:58 2005
From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell)
Date: Thu Jan 12 21:30:57 2006
Subject: MailWatch password (web user)
Message-ID: <mailman.16040.1137101457.24926.mailscanner@lists.mailscanner.info>

 this is a sql query rather than another a mailscanner question,

 However,

   update users set password=md5('newpassword') where username='xxxx';

 .. Assuming the username field is "username" (Check this with "describe
users" from mysql)

Cheers,

Chris


-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Information Services
Sent: 14 October 2005 14:55
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: MailWatch password (web user)

I am trying to change the password for the MailWatch web user, but am
having problems in doing so.

I am running

CentOS 4.1
mysql-4.1.10a-2.RHEL4.1
mailwatch-1.0.1
mailscanner-4.44.1-1
phpMyAdmin-2.6.3-pl1


I have changed the password in:

MailWatch.pm
SQLBlackWhiteList.pm
conf.php

from the command line:

mysql mailscanner -u (user) -p
[changed the password]
GRANT ALL ON mailscanner.* TO xxx@localhost IDENTIFIED BY 'password';

flush privileges;
\q;

Then when I try to create a MailWatch Web User, I run into this problem

mysql mailscanner -u (user) -p
INSERT INTO users VALUES ('xxxx',md5('password'0,'xxxx','A','0');
ERROR 1062 (23000): Duplicate entry 'xxx' for key 1


So what do I need to do in order to change the password for this user?

Casey

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and dangerous content by the
Nexent Internet Anti Virus and Spam Tagging Service and is believed to
be clean.






The contents of this e-mail may be privileged and are confidential.
It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.

If received in error, please advise the sender, then delete it from your system.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Fri Oct 14 15:54:16 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16041.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:
>>
>>> I'm investigating the Netcraft solution.  Can anyone give their opinion
>>> on their RBL?
>>
>> Haven't used, but would be very interrested to hear this too... Always
>> interrested in possible improvements (provided one has the time to
>> implement them:-).
> 
> Glenn,
> 
> Clam didn't miss anything.  It detected something where there should be 
> nothing. Bummer, I really can't remember what...  I guess I'll give it a 
> try.
> 
> As for Netcraft, it'e being used by GoDaddy.com.  This article states 
> that they move about 1 million emails per hour:
> 

Shoot off a mail to sales at netcraft dot com, i did and got back a very 
detailed technical reply.

 From the reply "We can block arbitrary patterns, thereby coping with 
phishing attacks hosted on bank's sites, wildcard DNS, shared hosting 
systems & personalised urls". They also claim not to suffer from a 
geocities like problem (for instance: surbl and uribl haven't listed 
geocities for policy reasons, no fps) + they also take care of 
<buzzword>crosssite scripting frauds</buzzword>. Ask them for the 
commercials and see if it suits your budget.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at ELIQUID.COM  Fri Oct 14 15:57:20 2005
From: mailscanner at ELIQUID.COM (Wess Bechard)
Date: Thu Jan 12 21:30:57 2006
Subject: Unused File Checks Bug
Message-ID: <mailman.16042.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I came across this bug today and thought I would share it with all of
you.

While installing a new email system with MailScanner 4.46.2 and Postfix
2.1.5, I came across a bug when handling missing filetype and filename
configuration files for MailScanner.

To make a long bug report short, commenting out the filename and filetype
rules from the Mailscanner.conf, or simply configuring and using the
filename and filetype checks fixes the problem.  The only bug here is
that MailScanner reports that it is ignoring the missing files, and then
crashes and starts a mail check loop that runs forever.

If you would like to read the details, please continue below.


It seems that MailScanner writes warning to the log file that it is
skipping the filename and filetype checks, as it cannot find the files. 
This warning is the proper way to handle the missing files.

The problem is that after issuing a warning, MailScanner dies, and
restarts.

Example:

Message 5FA399E80F4.8A148 from 64.12.136.13 (scomp@aol.net) to eliquid.ca
is not spam, SpamAssassin (score=1.658, required 5, autolearn=disabled,
FAKED_UNDISC_RECIPS 0.56, HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28,
NO_REAL_NAME 0.18, URIBL_SBL 0.63)
Oct 13 11:49:22 email MailScanner[23356]: Spam Checks completed at 8525
bytes per second

Right here is where the child process has restarted...

Oct 13 11:49:23 email MailScanner[23356]: Virus and Content Scanning:
Starting
Oct 13 11:49:30 email MailScanner[23371]: MailScanner E-Mail Virus
Scanner version 4.46.2 starting...
Oct 13 11:49:30 email MailScanner[23371]: Cannot open filename-rules file
etc-dir%/filename.rules.conf, skipping
Oct 13 11:49:30 email MailScanner[23371]: Cannot open filename-rules file
etc-dir%/filetype.rules.conf, skipping
Oct 13 11:49:30 email MailScanner[23371]: Read 676 hostnames from the
phishing whitelist

This example also shows that MailScanner has indicated that it will skip
the filename/filetype rules.  You would naturally assume that MailScanner
should ignore anything else about these rules.


Since mail was looping through spam checks and dying, I turned on Debug
mode and found the problem by running check_mailscanner.

Right when MailScanner starts to process the checks, right after the
virus scanning, we find an error:

Can't use an undefined value as an ARRAY reference at
/opt/MailScanner/lib/MailScanner/Config.pm line 897.

Config.pm @ Line 875:

sub FilenameRulesValue {
  my($message) = @_;

  my($list,@filenamelist,$file,$listref,@totallist);

  # Get the list of filenames and split it
  $list = Value('filenamerules', $message);
  @filenamelist = split(" ", $list);

  # Now construct a list containing the concatenation of all the
allow-deny
  # rules
  #print STDERR "Filename rulesets are " . join(', ', @filenamelist) .
"\n";
  foreach $file (@filenamelist) {
    if (!exists($FilenameRules{$file})) {
      #print STDERR "Could not find filenamerules $file, forcing a
re-read.\n";
      # This filename has not been seen before, so compile it now.
      # Skip the file if it didn't exist, error already generated.
      next unless $FilenameRules{$file} =
ReadOneFilenameRulesFile($file);
    }
    $listref = $FilenameRules{$file};
    #print STDERR "listref = $listref\n";
    #print STDERR "listref = " . @{$listref} . "\n";
    push @totallist, @{$listref};         <--- Error occurs here
  }

  #print STDERR "Filename rules for message are\n" .
join("\n",@totallist) .
  #             "Filename rules for message ends.\n";
  return \@totallist;
}


Thanks folks.

Make sure to visit us on irc.freenode.net #mailscanner for the live
technical support community!

___________________________________________

Wess Bechard
Information Technology Manager
eliquidMEDIA International Inc.
Visit: www.eliquid.com
Office: 519.973.1930  -  1.800.561.7525
Fax: 519.253.0337
Cell: 519.791.9492
___________________________________________
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Fri Oct 14 16:04:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: Unused File Checks Bug
Message-ID: <mailman.16043.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Please see the thread entitledRe: Hangup on 4.46.2 when missing
filename/filetype rules
from earlier today.
I will post a new beta fixing this very soon.

In the mean time, you can just create a 1 line filename.rules.conf and
filetype.rules.conf containing
allow    .    -    -
and it will allow everything.

On 14 Oct 2005, at 15:57, Wess Bechard wrote:

      I came across this bug today and thought I would share it
      with all of you.

      While installing a new email system with MailScanner 4.46.2
      and Postfix 2.1.5, I came across a bug when handling missing
      filetype and filename configuration files for MailScanner.

      To make a long bug report short, commenting out the filename
      and filetype rules from the Mailscanner.conf, or simply
      configuring and using the filename and filetype checks fixes
      the problem.  The only bug here is that MailScanner reports
      that it is ignoring the missing files, and then crashes and
      starts a mail check loop that runs forever.

      If you would like to read the details, please continue below.


      It seems that MailScanner writes warning to the log file that
      it is skipping the filename and filetype checks, as it cannot
      find the files.  This warning is the proper way to handle the
      missing files.

      The problem is that after issuing a warning, MailScanner
      dies, and restarts.

      Example:

      Message 5FA399E80F4.8A148 from 64.12.136.13 (scomp@aol.net)
      to eliquid.ca is not spam, SpamAssassin (score=1.658,
      required 5, autolearn=disabled, FAKED_UNDISC_RECIPS 0.56,
      HTML_MESSAGE 0.00, MIME_HTML_MOSTLY 0.28, NO_REAL_NAME 0.18,
      URIBL_SBL 0.63)
      Oct 13 11:49:22 email MailScanner[23356]: Spam Checks
      completed at 8525 bytes per second

      Right here is where the child process has restarted...

      Oct 13 11:49:23 email MailScanner[23356]: Virus and Content
      Scanning: Starting
      Oct 13 11:49:30 email MailScanner[23371]: MailScanner E-Mail
      Virus Scanner version 4.46.2 starting...
      Oct 13 11:49:30 email MailScanner[23371]: Cannot open
      filename-rules file etc-dir%/filename.rules.conf, skipping
      Oct 13 11:49:30 email MailScanner[23371]: Cannot open
      filename-rules file etc-dir%/filetype.rules.conf, skipping
      Oct 13 11:49:30 email MailScanner[23371]: Read 676 hostnames
      from the phishing whitelist

      This example also shows that MailScanner has indicated that
      it will skip the filename/filetype rules.  You would
      naturally assume that MailScanner should ignore anything else
      about these rules.


      Since mail was looping through spam checks and dying, I
      turned on Debug mode and found the problem by running
      check_mailscanner.

      Right when MailScanner starts to process the checks, right
      after the virus scanning, we find an error:

      Can't use an undefined value as an ARRAY reference at
      /opt/MailScanner/lib/MailScanner/Config.pm line 897.

      Config.pm @ Line 875:

      sub FilenameRulesValue {
        my($message) = @_;

        my($list,@filenamelist,$file,$listref,@totallist);

        # Get the list of filenames and split it
        $list = Value('filenamerules', $message);
        @filenamelist = split(" ", $list);

        # Now construct a list containing the concatenation of all
      the allow-deny
        # rules
        #print STDERR "Filename rulesets are " . join(', ',
      @filenamelist) . "\n";
        foreach $file (@filenamelist) {
          if (!exists($FilenameRules{$file})) {
            #print STDERR "Could not find filenamerules $file,
      forcing a re-read.\n";
            # This filename has not been seen before, so compile it
      now.
            # Skip the file if it didn't exist, error already
      generated.
            next unless $FilenameRules{$file} =
      ReadOneFilenameRulesFile($file);
          }
          $listref = $FilenameRules{$file};
          #print STDERR "listref = $listref\n";
          #print STDERR "listref = " . @{$listref} . "\n";
          push @totallist, @{$listref};         <--- Error occurs
      here
        }

        #print STDERR "Filename rules for message are\n" .
      join("\n",@totallist) .
        #             "Filename rules for message ends.\n";
        return \@totallist;
      }


      Thanks folks.

      Make sure to visit us on irc.freenode.net #mailscanner for
      the live technical support community!

      ___________________________________________

      Wess Bechard
      Information Technology Manager
      eliquidMEDIA International Inc.
      Visit: www.eliquid.com
      Office: 519.973.1930  -  1.800.561.7525
      Fax: 519.253.0337
      Cell: 519.791.9492
      ___________________________________________
      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Fri Oct 14 16:17:15 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: Beta release 4.47.2
Message-ID: <mailman.16044.1137101457.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

I have just released another beta to tidy up a couple of issues.

- - Empty or non-existent filename.rules.conf or filetype.rules.conf  
were stopping MailScanner working. If you don't want to upgrade to  
this beta release, just create a 1 line file for each one containing  
"allow . - -" where each field is separated by a tab character.
- - The Maximum Attachments Per Message setting was not working properly.

Download as usual from www.mailscanner.info.

Feedback to the mailing list please. Let me know how you get on.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0/L/fw32o+k+q+hAQFgZwgAqAIXN8qjQ6WKkymeCHT9eycTmbtDAEAp
et4CXlK68m4okNayhswBa2EJFPDRcGdJCDsKS12OWa+cOW1GJ8gcZBBE4uedupl1
DYfsbaRgKSrX06vN/kDLZGYgpnTh6kt8ERb6o8XvQRprwvSBvRZDdF3LpXrks9In
teEbk1zRNV7pamYhHxoE0QGMpagpb6laJtyxKflOcL+MqD4tg8nseBr1f5rTlagG
Jm16sCn3dzGWbxbaf5Jf/GSmZ+hvVXYWb/ih/av6mpABtZTgXCpYLKUiduggfNiX
g5tdqmIy/3S6IGMi4oDdS1WiVgQZ6Uch4M7uveICH3Ly+AZ17QAaxQ==
=6JcD
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner at ELIQUID.COM  Fri Oct 14 16:36:36 2005
From: mailscanner at ELIQUID.COM (Wess Bechard)
Date: Thu Jan 12 21:30:57 2006
Subject: Beta release 4.47.2
Message-ID: <mailman.16045.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian,

Does this mean you got my message about the filename/type rules?  I
haven't seen it on the list yet, although its been mentioned on IRC.


On Fri, 2005-10-14 at 16:17 +0100, Julian Field wrote:

 -----BEGIN PGP SIGNED MESSAGE-----

I have just released another beta to tidy up a couple of issues.

- - Empty or non-existent filename.rules.conf or filetype.rules.conf  
were stopping MailScanner working. If you don't want to upgrade to  
this beta release, just create a 1 line file for each one containing  
"allow . - -" where each field is separated by a tab character.
- - The Maximum Attachments Per Message setting was not working properly.

Download as usual from www.mailscanner.info.

Feedback to the mailing list please. Let me know how you get on.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0/L/fw32o+k+q+hAQFgZwgAqAIXN8qjQ6WKkymeCHT9eycTmbtDAEAp
et4CXlK68m4okNayhswBa2EJFPDRcGdJCDsKS12OWa+cOW1GJ8gcZBBE4uedupl1
DYfsbaRgKSrX06vN/kDLZGYgpnTh6kt8ERb6o8XvQRprwvSBvRZDdF3LpXrks9In
teEbk1zRNV7pamYhHxoE0QGMpagpb6laJtyxKflOcL+MqD4tg8nseBr1f5rTlagG
Jm16sCn3dzGWbxbaf5Jf/GSmZ+hvVXYWb/ih/av6mpABtZTgXCpYLKUiduggfNiX
g5tdqmIy/3S6IGMi4oDdS1WiVgQZ6Uch4M7uveICH3Ly+AZ17QAaxQ==
=6JcD
-----END PGP SIGNATURE-----


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Fri Oct 14 17:14:53 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: Beta release 4.47.2
Message-ID: <mailman.16046.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes.Fix time about 20 minutes.
Not too bad for a busy Friday afternoon, even if I say so myself :-)

Haven't been on IRC for a while, day job is rather busy at the moment,
term started this week. n thousand new students on campus...

On 14 Oct 2005, at 16:36, Wess Bechard wrote:

      Julian,

      Does this mean you got my message about the filename/type
      rules?  I haven't seen it on the list yet, although its been
      mentioned on IRC.


      On Fri, 2005-10-14 at 16:17 +0100, Julian Field wrote:

 -----BEGIN PGP SIGNED MESSAGE-----

I have just released another beta to tidy up a couple of issues.

- - Empty or non-existent filename.rules.conf or filetype.rules.conf  
were stopping MailScanner working. If you don't want to upgrade to  
this beta release, just create a 1 line file for each one containing  
"allow . - -" where each field is separated by a tab character.
- - The Maximum Attachments Per Message setting was not working properly.

Download as usual from www.mailscanner.info.

Feedback to the mailing list please. Let me know how you get on.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ0/L/fw32o+k+q+hAQFgZwgAqAIXN8qjQ6WKkymeCHT9eycTmbtDAEAp
et4CXlK68m4okNayhswBa2EJFPDRcGdJCDsKS12OWa+cOW1GJ8gcZBBE4uedupl1
DYfsbaRgKSrX06vN/kDLZGYgpnTh6kt8ERb6o8XvQRprwvSBvRZDdF3LpXrks9In
teEbk1zRNV7pamYhHxoE0QGMpagpb6laJtyxKflOcL+MqD4tg8nseBr1f5rTlagG
Jm16sCn3dzGWbxbaf5Jf/GSmZ+hvVXYWb/ih/av6mpABtZTgXCpYLKUiduggfNiX
g5tdqmIy/3S6IGMi4oDdS1WiVgQZ6Uch4M7uveICH3Ly+AZ17QAaxQ==
=6JcD
-----END PGP SIGNATURE-----


      ------------------------ MailScanner list
      ------------------------
      To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
      'leave mailscanner' in the body of the email.
      Before posting, read the Wiki (http://wiki.mailscanner.info/)
      and the archives
      (http://www.jiscmail.ac.uk/lists/mailscanner.html).

      Support MailScanner development - buy the book off the
      website!


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From lbcadmin at GMAIL.COM  Fri Oct 14 17:33:50 2005
From: lbcadmin at GMAIL.COM (Information Services)
Date: Thu Jan 12 21:30:57 2006
Subject: MailWatch password (web user)
Message-ID: <mailman.16047.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Good point.  Thanks for replying though.  I did get it changed by
going through phpmyadmin.

Thanks

Casey

On 10/14/05, Chris Russell <Chris.Russell@knowledgeit.co.uk> wrote:
>  this is a sql query rather than another a mailscanner question,
>
>  However,
>
>    update users set password=md5('newpassword') where username='xxxx';
>
>  .. Assuming the username field is "username" (Check this with "describe
> users" from mysql)
>
> Cheers,
>
> Chris
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Information Services
> Sent: 14 October 2005 14:55
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MailWatch password (web user)
>
> I am trying to change the password for the MailWatch web user, but am
> having problems in doing so.
>
> I am running
>
> CentOS 4.1
> mysql-4.1.10a-2.RHEL4.1
> mailwatch-1.0.1
> mailscanner-4.44.1-1
> phpMyAdmin-2.6.3-pl1
>
>
> I have changed the password in:
>
> MailWatch.pm
> SQLBlackWhiteList.pm
> conf.php
>
> from the command line:
>
> mysql mailscanner -u (user) -p
> [changed the password]
> GRANT ALL ON mailscanner.* TO xxx@localhost IDENTIFIED BY 'password';
>
> flush privileges;
> \q;
>
> Then when I try to create a MailWatch Web User, I run into this problem
>
> mysql mailscanner -u (user) -p
> INSERT INTO users VALUES ('xxxx',md5('password'0,'xxxx','A','0');
> ERROR 1062 (23000): Duplicate entry 'xxx' for key 1
>
>
> So what do I need to do in order to change the password for this user?
>
> Casey
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and dangerous content by the
> Nexent Internet Anti Virus and Spam Tagging Service and is believed to
> be clean.
>
>
>
>
>
>
> The contents of this e-mail may be privileged and are confidential.
> It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.
>
> If received in error, please advise the sender, then delete it from your system.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Fri Oct 14 18:26:26 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:30:57 2006
Subject: OT: DNS problems
Message-ID: <mailman.16048.1137101457.24926.mailscanner@lists.mailscanner.info>

hello list,

Looks like i am having problem with resolving certain domains ONLY.Any 
pointers/things to check for would be helpful. This is weired problem,i can 
resolv this on other boxes but not on this one. 

Oct 14 10:09:50 asav sendmail[3378]: j9EH9UGR003378: ruleset=check_mail, 
arg1=<geisenreich@barwol.com>, relay=smtp.barwol.com [38.118.132.70] (may 
be forged), reject=451 4.1.8 Domain of sender address 
geisenreich@barwol.com does not resolve
Oct 14 10:09:50 asav sendmail[3378]: j9EH9UGR003378: 
from=<geisenreich@barwol.com>, size=14532, class=0, nrcpts=0, proto=ESMTP, 
daemon=MTA, relay=smtp.barwol.com [38.118.132.70] (may be forged)

cat /etc/resolv.conf
domain mydomain.com
nameserver 127.0.0.1

i changed it to mydomain.com for annonynimity but i have the actual name in 
the file

cat /etc/bind/named.conf
options {
        directory "/var/bind";
 
        // uncomment the following lines to turn on DNS forwarding,
        // and change the forwarding ip address(es) :
        //forward first;
        //forwarders {
        //      123.123.123.123;
        //      123.123.123.123;
        //};
 
        listen-on-v6 { none; };
        listen-on { 127.0.0.1; };
 
        // to allow only specific hosts to use the DNS server:
        allow-query {
                127.0.0.1;
        };
 
        // if you have problems and are behind a firewall:
        //query-source address * port 53;
        pid-file "/var/run/named/named.pid";
};
 
zone "." IN {
        type hint;
        file "named.ca";
};
 
zone "localhost" IN {
        type master;
        file "pri/localhost.zone";
        allow-update { none; };
        notify no;
};
 
zone "127.in-addr.arpa" IN {
        type master;
        file "pri/127.zone";
        allow-update { none; };
        notify no;
};
 
logging {
category lame-servers { null; };
 
};


dig doesnt return anything for this domain

dig MX barwol.com
 
; <<>> DiG 9.2.2-P1 <<>> MX barwol.com
;; global options:  printcmd
;; connection timed out; no servers could be reached

but i can resolv rest of the domains

dig MX google.com
 
; <<>> DiG 9.2.2-P1 <<>> MX google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30555
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 4, ADDITIONAL: 8
 
;; QUESTION SECTION:
;google.com.                    IN      MX
 
;; ANSWER SECTION:
google.com.             3600    IN      MX      10 smtp4.google.com.
google.com.             3600    IN      MX      10 smtp1.google.com.
google.com.             3600    IN      MX      10 smtp2.google.com.
google.com.             3600    IN      MX      10 smtp3.google.com.
 
;; AUTHORITY SECTION:
google.com.             345600  IN      NS      ns3.google.com.
google.com.             345600  IN      NS      ns4.google.com.
google.com.             345600  IN      NS      ns1.google.com.
google.com.             345600  IN      NS      ns2.google.com.
 
;; ADDITIONAL SECTION:
smtp1.google.com.       600     IN      A       216.239.57.25
smtp2.google.com.       600     IN      A       64.233.167.25
smtp3.google.com.       600     IN      A       64.233.183.25
smtp4.google.com.       600     IN      A       66.102.9.25
ns1.google.com.         345410  IN      A       216.239.32.10
ns2.google.com.         345410  IN      A       216.239.34.10
ns3.google.com.         345410  IN      A       216.239.36.10
ns4.google.com.         345410  IN      A       216.239.38.10
 
;; Query time: 16 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Oct 14 10:22:51 2005
;; MSG SIZE  rcvd: 316

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbergman at WTXS.NET  Fri Oct 14 18:40:37 2005
From: lbergman at WTXS.NET (Lewis Bergman)
Date: Thu Jan 12 21:30:57 2006
Subject: OT: DNS problems
Message-ID: <mailman.16049.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Venkata Achanta said:
> hello list,
>
> Looks like i am having problem with resolving certain domains ONLY.Any
> pointers/things to check for would be helpful. This is weired problem,i
> can
> resolv this on other boxes but not on this one.
>
> Oct 14 10:09:50 asav sendmail[3378]: j9EH9UGR003378: ruleset=check_mail,
> arg1=<geisenreich@barwol.com>, relay=smtp.barwol.com [38.118.132.70] (may
> be forged), reject=451 4.1.8 Domain of sender address
> geisenreich@barwol.com does not resolve
> Oct 14 10:09:50 asav sendmail[3378]: j9EH9UGR003378:
> from=<geisenreich@barwol.com>, size=14532, class=0, nrcpts=0, proto=ESMTP,
> daemon=MTA, relay=smtp.barwol.com [38.118.132.70] (may be forged)
>
Since it is a caching name server have you tried flushing the cache with
"rndc flush" or a named restart? Your cache may be poisened.

-- 
Lewis Bergman
Texas Communications
4309 Maple ST.
Abilene, TX 79602
325-691-3301

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Fri Oct 14 18:55:43 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:30:57 2006
Subject: OT: DNS problems
Message-ID: <mailman.16050.1137101457.24926.mailscanner@lists.mailscanner.info>

>Since it is a caching name server have you tried flushing the cache with
>"rndc flush" or a named restart? Your cache may be poisened.

Tried that but nothing changed.Thanks for the fast response.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Fri Oct 14 18:59:09 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16051.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:

>On 14/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
>(snip)
>  
>
>>I don't run Clamav mainly because at one point it detected malware where
>>I didn't see any (but it was a long time ago and I don't remember what
>>it was about).  But even if I did it wouldn't give me a pure phishing
>>detection that could be used to make some phishing attempts get deleted.
>>    
>>
>
>Define "pure" in this context. Sure it missed the recent "nordea"
>phish (swedish bank... c:a 4 million e-banking customers), but so
>would most any solution (well, perhaps not Jules phishing net)... But
>then, we're all still trying to get up off the floor from all the
>rolling and laughing ... The silly buggers used a translation
>program... Need one say more? ISTR we had a fun "autotranslation
>thread" a while back, detailing most of all the woes one would have
>with that approach.
>Not that I'm complaining about their infinite stupidity:-).
>
>Anyway, to my mind clamav is pretty darned close to getting most of
>all known phishing _and_ is a very good virus detector... So why not
>use it? Every AV has its flaws, so that it missed some few can't be a
>reason to forego it.
>  
>

Just enabled ClamAV on my servers.  About 5 minutes later I saw this 
message:
ClamAVModule::INFECTED:: Exploit.HTML.IFrame:: 
./j9EFjc3L008255/msg-4991-81.html

Then I remembered why I disabled Clam...  I cannot block all emails with 
IFrames...

There seems to be the --no-html flag.  I enabled it in clamav-wrapper.  
We'll see if it does what I hope (couldn't find much info about this).

Had to switch from clamavmodule to clamav, though...

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Fri Oct 14 19:11:34 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:57 2006
Subject: OT: DNS problems
Message-ID: <mailman.16052.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Have you tried doing a dig from the machine that can't resolve the name? I would make sure what the name server is really 
responding. If it can't resolve the name, then maybe it can't reach the authoritive server(s) for some reason.

Venkata Achanta wrote:
>>Since it is a caching name server have you tried flushing the cache with
>>"rndc flush" or a named restart? Your cache may be poisened.
> 
> 
> Tried that but nothing changed.Thanks for the fast response.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Fri Oct 14 19:37:16 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:30:57 2006
Subject: OT: DNS problems
Message-ID: <mailman.16053.1137101457.24926.mailscanner@lists.mailscanner.info>

named is running and responding but for some reason its not resolving that 
barwol.com domain while the rest of the machines can.

i changed /etc/resolv.conf to use to known good DNS servers and i am able 
to resolve that domain now

but still

Oct 14 11:22:12 asav sendmail[23818]: j9EILqQj023818: ruleset=check_mail, 
arg1=<dkatz@barwol.com>, relay=smtp.barwol.com [38.118.132.70] (may be 
forged), reject=451 4.1.8 Domain of sender address dkatz@barwol.com does 
not resolve
Oct 14 11:22:12 asav sendmail[23818]: j9EILqQj023818: 
from=<dkatz@barwol.com>, size=1058, class=0, nrcpts=0, proto=ESMTP, 
daemon=MTA, relay=smtp.barwol.com [38.118.132.70] (may be forged)

is something going on with sendmail then ?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct 14 23:12:24 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:57 2006
Subject: Best practice
Message-ID: <mailman.16054.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Matt Hampton spake the following on 10/13/2005 5:33 PM:
> Scott Silva wrote:
> 
>> But wouldn't blocking executables by filetype catch anything that could
>> be executable? Even if the filename is obscured?
>> The file command is pretty good with dos and windows executables, no
>> matter the extension. I usually catch the newer viruses here as their
>> signatures are written and distributed through the virus scanner
>> channels.
>>  
>>
> Still testing the code but I am implementing a safe filename/filetype
> function.  If the file extension ends .pdf (with anything before it) and
> "file" returns that it is a PDF allow it.  At the same time if something
> other than PDF is returned by "file" the attachment is is handled like a
> virus.......
> 
> Once I am happy with the code I'll post it..... (otherwise engaged at
> the moment - my daughter was born two days ago :-) )
> 
> matt
> 
Congratulations!!! Mine are 15 and 20, so I miss having a little one
around!!

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Sat Oct 15 01:04:05 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:57 2006
Subject: spam filtering ceased
Message-ID: <mailman.16055.1137101457.24926.mailscanner@lists.mailscanner.info>

Hi folks.
        
I looked around on gmane a bit for a solution to this, but I really only
found someone with the same question and no answers.  Googling for this
one seems messy, as I'm not sure what keywords to use this time.

Anyway, I run a mail server, and someone else was tasked with setting up
mailscanner on it.  He's on vacation, and doesn't appear to have any doc
written up.

This mail server, I'm told, has suddenly stopped doing antispam
filtering.

I tried killing and restarting all the sendmail's and mailscanner, but
that's not (necessarily) helping.

I'd really benefit from two things:
        
        1) A decision procedure for determining if antispam filtering is
        functional again.  For example, can I just search for a recent message
        with antispam headers, or is it more complicated than that?
        
        2) A procedure for determining what happened to the antispam
        filtering
        
I attempted "MailScanner -v" as mentioned in another post, but that just
said something about configuration file -v not existing.

I also attempted the lint-related spamassassin command mentioned in the
same post, but I recall the person who set this up saying that
spamassassin is used via a perl module, and I have no spamassassin's on my
$PATH.

Suggestions?

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at gmail.com  Sat Oct 15 10:47:53 2005
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16056.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 14/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
(snip)
> Just enabled ClamAV on my servers.  About 5 minutes later I saw this
> message:
> ClamAVModule::INFECTED:: Exploit.HTML.IFrame::
> ./j9EFjc3L008255/msg-4991-81.html
>
> Then I remembered why I disabled Clam...  I cannot block all emails with
> IFrames...
>
> There seems to be the --no-html flag.  I enabled it in clamav-wrapper.
> We'll see if it does what I hope (couldn't find much info about this).
>
> Had to switch from clamavmodule to clamav, though...

I might be completely wrong, but.... I *don't* use that flag, and it
only catches really bad iframes... Not like the MS thing that catch
*all* ...So far at least.
Did you check that the IFrame in question wasn't malicious?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 15 12:59:43 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:57 2006
Subject: spam filtering ceased
Message-ID: <mailman.16057.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you considered just upgrading to the latest versions of MailScanner 
and spamassassin?
It might well be the quickest way out of your trouble. But first make 
sure /usr/bin/perl points to the latest version of Perl that is 
installed on your machine. You don't want to install in 1 perl and then 
run another.

If you haven't got "MailScanner -v" working, then you have a pretty 
ancient version. If your SA is that old then an upgrade to the latest 
would help too. Upgrade SA using the ClamAV+SA package that I distribute 
on the MailScanner downloads page. It will save you a lot of time than 
doing it by hand.

Dan Stromberg wrote:

>Hi folks.
>        
>I looked around on gmane a bit for a solution to this, but I really only
>found someone with the same question and no answers.  Googling for this
>one seems messy, as I'm not sure what keywords to use this time.
>
>Anyway, I run a mail server, and someone else was tasked with setting up
>mailscanner on it.  He's on vacation, and doesn't appear to have any doc
>written up.
>
>This mail server, I'm told, has suddenly stopped doing antispam
>filtering.
>
>I tried killing and restarting all the sendmail's and mailscanner, but
>that's not (necessarily) helping.
>
>I'd really benefit from two things:
>        
>        1) A decision procedure for determining if antispam filtering is
>        functional again.  For example, can I just search for a recent message
>        with antispam headers, or is it more complicated than that?
>        
>        2) A procedure for determining what happened to the antispam
>        filtering
>        
>I attempted "MailScanner -v" as mentioned in another post, but that just
>said something about configuration file -v not existing.
>
>I also attempted the lint-related spamassassin command mentioned in the
>same post, but I recall the person who set this up saying that
>spamassassin is used via a perl module, and I have no spamassassin's on my
>$PATH.
>
>Suggestions?
>
>Thanks!
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1DvMRH2WUcUFbZUEQIGsACg9px8SS/hr5oFg+DAhJbwl2q09CAAn2a+
AzNrE4hWK8bHRcph3xZVmnkD
=CQMR
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmaluski at n1ety.com  Sat Oct 15 16:35:54 2005
From: dmaluski at n1ety.com (Dean Maluski)
Date: Thu Jan 12 21:30:57 2006
Subject: Mailwatch &SQLWhitelist
Message-ID: <mailman.16058.1137101457.24926.mailscanner@lists.mailscanner.info>

I just got mailwatch working, sortof.
I altered /etc/MailScanner.conf
to support 
Is Definitely Spam = &SQLBlacklist and 

Is Definitely Not Spam = &SQLWhitelist.
I added a test sender to SQLblacklist via web interface and sure enough
it worked. I also have been creating whitelist entries.
Those don't seem to be working. At least they are not showing up in
weblist as green.
I will have to sift through instructions again but I think that
whitelist would work tyhe same as blacklist without any major changes or
something I did that was stupid possibly.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sat Oct 15 22:17:40 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:57 2006
Subject: OT: Need proofreading for MailScanner article
Message-ID: <mailman.16059.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

	I've written an article about MailScanner, to be published in a free 
magazine.  I'm not paid for that.  I would appreciate if some of you 
could proofread my text before I send it to the editor, to ensure 
accuracy and that my English is ok (english is not my mother tongue). 
It is about 3 pages long.  Please contact me off-list, stating what 
format you prefer: Word, PDF or an URL to a html format.  If you have 
Acrobat (not just the reader), you could write me your 
comments/corrections as "comments".  In word you can use the 
proofreading feature to show your corrections and add comments.

Regards,
-- 
Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sat Oct 15 22:38:01 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16060.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> On 14/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
> (snip)
>> Just enabled ClamAV on my servers.  About 5 minutes later I saw this
>> message:
>> ClamAVModule::INFECTED:: Exploit.HTML.IFrame::
>> ./j9EFjc3L008255/msg-4991-81.html
>>
>> Then I remembered why I disabled Clam...  I cannot block all emails with
>> IFrames...
>>
>> There seems to be the --no-html flag.  I enabled it in clamav-wrapper.
>> We'll see if it does what I hope (couldn't find much info about this).
>>
>> Had to switch from clamavmodule to clamav, though...
> 
> I might be completely wrong, but.... I *don't* use that flag, and it
> only catches really bad iframes... Not like the MS thing that catch
> *all* ...So far at least.
> Did you check that the IFrame in question wasn't malicious?

I agree, I don't think it catches all IFRAMEs...

> 
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Sun Oct 16 02:44:30 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:57 2006
Subject: Phishing RBL?
Message-ID: <mailman.16061.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ugo Bellavance wrote:
> Glenn Steen wrote:
>> On 14/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
>> (snip)
>>> Just enabled ClamAV on my servers.  About 5 minutes later I saw this
>>> message:
>>> ClamAVModule::INFECTED:: Exploit.HTML.IFrame::
>>> ./j9EFjc3L008255/msg-4991-81.html
>>>
>>> Then I remembered why I disabled Clam...  I cannot block all emails 
>>> with
>>> IFrames...
>>>
>>> There seems to be the --no-html flag.  I enabled it in clamav-wrapper.
>>> We'll see if it does what I hope (couldn't find much info about this).
>>>
>>> Had to switch from clamavmodule to clamav, though...
>>
>> I might be completely wrong, but.... I *don't* use that flag, and it
>> only catches really bad iframes... Not like the MS thing that catch
>> *all* ...So far at least.
>> Did you check that the IFrame in question wasn't malicious?
>
> I agree, I don't think it catches all IFRAMEs...
>
OK, then can someone point me to some documentation about that feature?

Thanks!

Denis
PS: I think it was malicious (it was part of an infected email)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Sun Oct 16 02:56:44 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:57 2006
Subject: MailScanner-MRTG timeout error message
Message-ID: <mailman.16062.1137101457.24926.mailscanner@lists.mailscanner.info>

Hello,

I'm getting an error in the emails that MailScanner-MRTG sends after
running.

(7 times total per email)
Timeout: No Response from localhost:161

Is there a MailScanner-MRTG user mailing list? I could only find an
announce list.

I am using the latest version of MSMRTG and it is building (some) graphs
even though this error is being reported.



Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sun Oct 16 02:45:02 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:58 2006
Subject: OT: Need proofreading for MailScanner article
Message-ID: <mailman.16063.1137101457.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi again,

	There are already enough persons to proofread.  I'll contact the list 
again for the 2nd proofreading round.  Thanks a lot everyone!


-- 
Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Sun Oct 16 04:24:44 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16064.1137101458.24926.mailscanner@lists.mailscanner.info>

Hello,

Well I got my new MS box up and running tonight and I was able to send
inbound one email successfully. All further attempts never came through.
The strange part is that maillog says it's delivered successfully.
"Uninfected: Delivered 1 message". Another strange thing is that I can
send emails out with no problem.

(MS is acting as a gateway in front of Exchange 2000.)

When I downed my new MS box and brought back up my old one everything
started flowing normally again. I've checked (and rechecked) my setup in
/etc/mail to no avail. What am I missing?

One last thing is that I use the Message Tracking feature of Exchange to
see if it had actually received any email from my new box and it hadn't
(even though MS reported in /var/log/maillog that the message was
delivered).

I have not changed any settings on the Exchange box nor did I change any
ip information on the new/old MS boxes. The way I worked it out was by
changing the ip address of the old box and then changing the new box to
the appropriate ip address. (To get them back to normal I did the
opposite of course.)


Thanks!
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Sun Oct 16 05:54:13 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:58 2006
Subject: spam filtering ceased
Message-ID: <mailman.16065.1137101458.24926.mailscanner@lists.mailscanner.info>

On Sat, 2005-10-15 at 12:59 +0100, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Have you considered just upgrading to the latest versions of MailScanner 
> and spamassassin?

I've considered it, but then this is a production system, and I've never
upgraded or installed MailScanner before...

> It might well be the quickest way out of your trouble. But first make 
> sure /usr/bin/perl points to the latest version of Perl that is 
> installed on your machine. You don't want to install in 1 perl and then 
> run another.

Hmmmmm:

        meter-root) type -all perl
        perl is /dcs/bin/perl
        perl is /bin/perl
        perl is /usr/bin/perl
        meter-root) /dcs/bin/perl -v
        
        This is perl, v5.8.1 built for sun4-solaris
        
        Copyright 1987-2003, Larry Wall
        
        Perl may be copied only under the terms of either the Artistic License or the
        GNU General Public License, which may be found in the Perl 5 source kit.
        
        Complete documentation for Perl, including FAQ lists, should be found on
        this system using `man perl' or `perldoc perl'.  If you have access to the
        Internet, point your browser at http://www.perl.com/, the Perl Home Page.
        
        meter-root) /usr/bin/perl -v
        
        This is perl, version 5.005_03 built for sun4-solaris
        
        Copyright 1987-1999, Larry Wall
        
        Perl may be copied only under the terms of either the Artistic License or the
        GNU General Public License, which may be found in the Perl 5.0 source kit.
        
        Complete documentation for Perl, including FAQ lists, should be found on
        this system using `man perl' or `perldoc perl'.  If you have access to the
        Internet, point your browser at http://www.perl.com/, the Perl Home Page.
        
        meter-root) 

> If you haven't got "MailScanner -v" working, then you have a pretty 
> ancient version. If your SA is that old then an upgrade to the latest 
> would help too. Upgrade SA using the ClamAV+SA package that I distribute 
> on the MailScanner downloads page. It will save you a lot of time than 
> doing it by hand.

I like the idea of upgrading, but having never done a mailscanner
upgrade or install, it doesn't sound safe enough to be a quick fix.  I'd
have to go configure the software on some other test host first.

Are there any other possibilities?

> Dan Stromberg wrote:
> 
> >Hi folks.
> >        
> >I looked around on gmane a bit for a solution to this, but I really only
> >found someone with the same question and no answers.  Googling for this
> >one seems messy, as I'm not sure what keywords to use this time.
> >
> >Anyway, I run a mail server, and someone else was tasked with setting up
> >mailscanner on it.  He's on vacation, and doesn't appear to have any doc
> >written up.
> >
> >This mail server, I'm told, has suddenly stopped doing antispam
> >filtering.
> >
> >I tried killing and restarting all the sendmail's and mailscanner, but
> >that's not (necessarily) helping.
> >
> >I'd really benefit from two things:
> >        
> >        1) A decision procedure for determining if antispam filtering is
> >        functional again.  For example, can I just search for a recent message
> >        with antispam headers, or is it more complicated than that?
> >        
> >        2) A procedure for determining what happened to the antispam
> >        filtering
> >        
> >I attempted "MailScanner -v" as mentioned in another post, but that just
> >said something about configuration file -v not existing.
> >
> >I also attempted the lint-related spamassassin command mentioned in the
> >same post, but I recall the person who set this up saying that
> >spamassassin is used via a perl module, and I have no spamassassin's on my
> >$PATH.
> >
> >Suggestions?
> >
> >Thanks!
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >  
> >
> 
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
> 
> iQA/AwUBQ1DvMRH2WUcUFbZUEQIGsACg9px8SS/hr5oFg+DAhJbwl2q09CAAn2a+
> AzNrE4hWK8bHRcph3xZVmnkD
> =CQMR
> -----END PGP SIGNATURE-----
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Oct 16 11:20:29 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: spam filtering ceased
Message-ID: <mailman.16066.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dan Stromberg wrote:

>On Sat, 2005-10-15 at 12:59 +0100, Julian Field wrote:
>  
>
>>-----BEGIN PGP SIGNED MESSAGE-----
>>Hash: SHA1
>>
>>Have you considered just upgrading to the latest versions of MailScanner 
>>and spamassassin?
>>    
>>
>
>I've considered it, but then this is a production system, and I've never
>upgraded or installed MailScanner before...
>
>  
>
>>It might well be the quickest way out of your trouble. But first make 
>>sure /usr/bin/perl points to the latest version of Perl that is 
>>installed on your machine. You don't want to install in 1 perl and then 
>>run another.
>>    
>>
>
>Hmmmmm:
>
>        meter-root) type -all perl
>        perl is /dcs/bin/perl
>        perl is /bin/perl
>        perl is /usr/bin/perl
>        meter-root) /dcs/bin/perl -v
>        
>        This is perl, v5.8.1 built for sun4-solaris
>        
>        
>        meter-root) /usr/bin/perl -v
>        
>        This is perl, version 5.005_03 built for sun4-solaris
>  
>
By default, MailScanner will always use /usr/bin/perl. But anything that 
looks for perl in your path may well pick up /dcs/bin/perl. Having these 
2 different is very dangerous and the cause of a whole host of problems. 
Consider replacing /usr/bin/perl with a link to /dcs/bin/perl. And who 
put perl in /bin? It doesn't belong there.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1IpbhH2WUcUFbZUEQJi7ACguNxBD8MDqMpYHjnDz1Ou7XevAAkAn1or
FbXbocHa6SV4agiGsO8Vth5P
=wAUk
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sun Oct 16 12:22:36 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:58 2006
Subject: Phishing RBL?
Message-ID: <mailman.16067.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 16/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
> Ugo Bellavance wrote:
> > Glenn Steen wrote:
> >> On 14/10/05, Denis Beauchemin <Denis.Beauchemin@usherbrooke.ca> wrote:
> >> (snip)
> >>> Just enabled ClamAV on my servers.  About 5 minutes later I saw this
> >>> message:
> >>> ClamAVModule::INFECTED:: Exploit.HTML.IFrame::
> >>> ./j9EFjc3L008255/msg-4991-81.html
> >>>
> >>> Then I remembered why I disabled Clam...  I cannot block all emails
> >>> with
> >>> IFrames...
> >>>
> >>> There seems to be the --no-html flag.  I enabled it in clamav-wrapper.
> >>> We'll see if it does what I hope (couldn't find much info about this).
> >>>
> >>> Had to switch from clamavmodule to clamav, though...
> >>
> >> I might be completely wrong, but.... I *don't* use that flag, and it
> >> only catches really bad iframes... Not like the MS thing that catch
> >> *all* ...So far at least.
> >> Did you check that the IFrame in question wasn't malicious?
> >
> > I agree, I don't think it catches all IFRAMEs...
> >
> OK, then can someone point me to some documentation about that feature?
>
> Thanks!
>
> Denis
> PS: I think it was malicious (it was part of an infected email)

Ah yes, and those it really should pick up, now shouldn't it;).

Haven't looked for docs, but have had it running for a while (a year
more or less), and unlike you I don't allow IFrames at all (well, some
financial newsletter senders have been WL'd for IFrames). It is the
very few really dangerous ones that Clamav picks up, never the more or
less harmless ones picked up by MailScanner.

I'd imagine asking at a relevant clamav mailing-list would give the
fastest/best info.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From fabienpenso at GMAIL.COM  Sun Oct 16 13:21:02 2005
From: fabienpenso at GMAIL.COM (Fabien Penso)
Date: Thu Jan 12 21:30:58 2006
Subject: First message - Keep X-*-MailScanner* headers?
Message-ID: <mailman.16068.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi everyone, hi julian,

I am a currently happy new user of Mailscanner. I was looking for a
better alternative to amavis and I guess I found it.

I looked into the FAQ but I didn't find an answer to the following.
I'd like to keep the X-*-MailScanner* in the quarantined emails, is
there an option for that ? The idea is to insert in database the
quarantined email so users can see them through a web interface, and
see what scored it did get.

I'd also like to have a X-*-MailScanner-To: which would make my life
easier to see who the mail was for, and so who should be allowed to
see it through the web interface.

Thanks.

--
http://penso.info/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Oct 16 13:50:48 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: First message - Keep X-*-MailScanner* headers?
Message-ID: <mailman.16069.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The archive is intentionally a clean copy of the original messages in 
their untouched form.

However, take a look at the "Quarantine Modified Body" setting, it may 
do what you are looking for.

The neatest web interface by far is MailWatch, take a look at it.

Fabien Penso wrote:

>Hi everyone, hi julian,
>
>I am a currently happy new user of Mailscanner. I was looking for a
>better alternative to amavis and I guess I found it.
>
>I looked into the FAQ but I didn't find an answer to the following.
>I'd like to keep the X-*-MailScanner* in the quarantined emails, is
>there an option for that ? The idea is to insert in database the
>quarantined email so users can see them through a web interface, and
>see what scored it did get.
>
>I'd also like to have a X-*-MailScanner-To: which would make my life
>easier to see who the mail was for, and so who should be allowed to
>see it through the web interface.
>
>Thanks.
>
>--
>http://penso.info/
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1JMqRH2WUcUFbZUEQIV8QCg9zC9IFLvNdXBHacrG567w7vARjEAoOZ4
RRi6u0wAVjhk4ANMgB5ZKsO7
=Q/O+
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From fabienpenso at GMAIL.COM  Sun Oct 16 15:38:59 2005
From: fabienpenso at GMAIL.COM (Fabien Penso)
Date: Thu Jan 12 21:30:58 2006
Subject: First message - Keep X-*-MailScanner* headers?
Message-ID: <mailman.16070.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> However, take a look at the "Quarantine Modified Body" setting, it may
> do what you are looking for.

It is not, but after installing mailwatch I got that informations
anyway. I also now understood how I can get the same result using
similar technics.

Thanks,

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sun Oct 16 15:18:55 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:58 2006
Subject: MailScanner-MRTG timeout error message
Message-ID: <mailman.16071.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Hello,
> 
> I'm getting an error in the emails that MailScanner-MRTG sends after
> running.
> 
> (7 times total per email)
> Timeout: No Response from localhost:161

Everytime it is run, or only once in a while?  It happens on my servers 
when they're overloaded.  This only means that it could not connect to 
the snmp agent in a timely manner.

> 
> Is there a MailScanner-MRTG user mailing list? I could only find an
> announce list.

I think there is  a list on sourceforge for that.

> 
> I am using the latest version of MSMRTG and it is building (some) graphs
> even though this error is being reported.

As I said, if you have very busy servers and you don't get those 
messages often, don't worry.

> 
> 
> 
> Thanks,
> Chris.
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rpotter at RPCS.NET  Sun Oct 16 19:40:50 2005
From: rpotter at RPCS.NET (Richard Potter)
Date: Thu Jan 12 21:30:58 2006
Subject: OT: DNS problems
Message-ID: <mailman.16072.1137101458.24926.mailscanner@lists.mailscanner.info>

On Fri, Oct 14, 2005 at 07:37:16PM +0100, Venkata Achanta wrote:

> named is running and responding but for some reason its not resolving that 
> barwol.com domain while the rest of the machines can.
> 
> i changed /etc/resolv.conf to use to known good DNS servers and i am able 
> to resolve that domain now
> 
> but still
> 
> Oct 14 11:22:12 asav sendmail[23818]: j9EILqQj023818: ruleset=check_mail, 
> arg1=<dkatz@barwol.com>, relay=smtp.barwol.com [38.118.132.70] (may be 
> forged), reject=451 4.1.8 Domain of sender address dkatz@barwol.com does 
> not resolve
> Oct 14 11:22:12 asav sendmail[23818]: j9EILqQj023818: 
> from=<dkatz@barwol.com>, size=1058, class=0, nrcpts=0, proto=ESMTP, 
> daemon=MTA, relay=smtp.barwol.com [38.118.132.70] (may be forged)
> 
> is something going on with sendmail then ?

Yes and No. This is almost always a DNS error that sendmail gets picky 
about.

A quick check of the domain at http://www.dnsreport.com will probably 
lead you in the right direction.


Cheers!
-- 
Richard Potter

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sun Oct 16 23:30:08 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16073.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Hello,
> 
> Well I got my new MS box up and running tonight and I was able to send
> inbound one email successfully. All further attempts never came through.
> The strange part is that maillog says it's delivered successfully.
> "Uninfected: Delivered 1 message". Another strange thing is that I can
> send emails out with no problem.
> 
> (MS is acting as a gateway in front of Exchange 2000.)
> 
> When I downed my new MS box and brought back up my old one everything
> started flowing normally again. I've checked (and rechecked) my setup in
> /etc/mail to no avail. What am I missing?
> 
> One last thing is that I use the Message Tracking feature of Exchange to
> see if it had actually received any email from my new box and it hadn't
> (even though MS reported in /var/log/maillog that the message was
> delivered).
> 
> I have not changed any settings on the Exchange box nor did I change any
> ip information on the new/old MS boxes. The way I worked it out was by
> changing the ip address of the old box and then changing the new box to
> the appropriate ip address. (To get them back to normal I did the
> opposite of course.)
> 
> 
> Thanks!
> Chris.
> 
Maybe running a packet sniffer could help see where it 'delivered' the 
undelivered mail.

Regards,

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Oct 17 00:19:12 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:30:58 2006
Subject: Beta release 4.47.2
Message-ID: <mailman.16074.1137101458.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

> I have just released another beta to tidy up a couple of issues.
>
> - - Empty or non-existent filename.rules.conf or filetype.rules.conf
> were stopping MailScanner working. If you don't want to upgrade to
> this beta release, just create a 1 line file for each one containing
> "allow . - -" where each field is separated by a tab character.
> - - The Maximum Attachments Per Message setting was not working properly.
>
> Download as usual from www.mailscanner.info.
>
> Feedback to the mailing list please. Let me know how you get on.

Could you add a check to the phising update script to check if people do 
need updates?

Find Phishing Fraud = no

Then i guess that updater isnt of any use either. :)

Thanks,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Mon Oct 17 00:25:49 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16075.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

"Uninfected: Delivered 1 message" is from MailScanner, not the MTA. If 
it was really delivered, there should be another message from the MTA 
that says it was delivered. I believe that the message from MailScanner 
means it was put in the output queue for the MTA to pickup and deliver 
(at least if sendmail is the MTA). Then it's up to the MTA to actually 
deliver the message.

I would check your input and output queues for the email you tried to 
send through.

Ugo Bellavance wrote:

> Chris W. Parker wrote:
>
>> Hello,
>>
>> Well I got my new MS box up and running tonight and I was able to send
>> inbound one email successfully. All further attempts never came through.
>> The strange part is that maillog says it's delivered successfully.
>> "Uninfected: Delivered 1 message". Another strange thing is that I can
>> send emails out with no problem.
>>
>> (MS is acting as a gateway in front of Exchange 2000.)
>>
>> When I downed my new MS box and brought back up my old one everything
>> started flowing normally again. I've checked (and rechecked) my setup in
>> /etc/mail to no avail. What am I missing?
>>
>> One last thing is that I use the Message Tracking feature of Exchange to
>> see if it had actually received any email from my new box and it hadn't
>> (even though MS reported in /var/log/maillog that the message was
>> delivered).
>>
>> I have not changed any settings on the Exchange box nor did I change any
>> ip information on the new/old MS boxes. The way I worked it out was by
>> changing the ip address of the old box and then changing the new box to
>> the appropriate ip address. (To get them back to normal I did the
>> opposite of course.)
>>
>>
>> Thanks!
>> Chris.
>>
> Maybe running a packet sniffer could help see where it 'delivered' the 
> undelivered mail.
>
> Regards,
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From richard.gray at DNS.CO.UK  Mon Oct 17 11:54:58 2005
From: richard.gray at DNS.CO.UK (Gray, Richard)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16076.1137101458.24926.mailscanner@lists.mailscanner.info>

> >>
> >> I have not changed any settings on the Exchange box nor 
> did I change 
> >> any ip information on the new/old MS boxes. The way I 
> worked it out 
> >> was by changing the ip address of the old box and then 
> changing the 
> >> new box to the appropriate ip address. (To get them back 
> to normal I 
> >> did the opposite of course.)
> >>
> >>
> >> Thanks!
> >> Chris.
> >>
> > Maybe running a packet sniffer could help see where it 
> 'delivered' the 
> > undelivered mail.
> >

I've actually noticed some slightly strange behaviour in exchange
regarding the message tracking feature. We had a problem where if a
message was quarantined, it would send the decontaminated message out.
If I went and located the message in quarantine and copied it into exims
delivery queue, exim would pick the message up and deliver it, but the
exchange server would have no record of having received it.

I was never able to tie this down to anything specific, and we ended up
fixing it by not sending through notifications rather than the defanged
message. Just something to be aware about if you are working on this.

R

-----------------------
This email from dns has been validated by dnsMSS(TM) Managed Email Security and is free from all known viruses.

For further information contact email-integrity@dns.co.uk

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 17 12:04:06 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16077.1137101458.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 17 Oct 2005, at 11:54, Gray, Richard wrote:

>>>>
>>>> I have not changed any settings on the Exchange box nor
>>>>
>> did I change
>>
>>>> any ip information on the new/old MS boxes. The way I
>>>>
>> worked it out
>>
>>>> was by changing the ip address of the old box and then
>>>>
>> changing the
>>
>>>> new box to the appropriate ip address. (To get them back
>>>>
>> to normal I
>>
>>>> did the opposite of course.)
>>>>
>>>>
>>>> Thanks!
>>>> Chris.
>>>>
>>>>
>>> Maybe running a packet sniffer could help see where it
>>>
>> 'delivered' the
>>
>>> undelivered mail.
>>>
>>>
>
> I've actually noticed some slightly strange behaviour in exchange
> regarding the message tracking feature. We had a problem where if a
> message was quarantined, it would send the decontaminated message out.
> If I went and located the message in quarantine and copied it into  
> exims
> delivery queue, exim would pick the message up and deliver it, but the
> exchange server would have no record of having received it.
>
> I was never able to tie this down to anything specific, and we  
> ended up
> fixing it by not sending through notifications rather than the  
> defanged
> message. Just something to be aware about if you are working on this.

Switch off Exchange's duplicate message detection and try it again.  
The cleaned message will have the same message-id: as the original  
message, which might be causing you trouble.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ1OFKfw32o+k+q+hAQEFDwf/aew3nkm0tM78ig90nInyJDtm70IFYuf1
pgUCyFSj2/+GtFfd0GEs2VNNBpbnv5usPa+AEKN2ZaroxYLHWB7KEAJqDmYBG5A4
noXFeITIL8e3oyJGsI8BX8txalmBVQQB+53GgUjKBINy2BQGI+8akOGZ7ykMjyl1
1WmzYIErDTS0kunFD/pD573x4xXpEjW+SAXpF/00JU/UarI8kFYQT2RwEniVeVo4
2XFzaU7FbC6uvlOPCj+9i//uE36gwBAtpJWq6Ja4C89Z3T2U3hrYeHdSdl8dWVeI
BagkBgbPbblpqkUaKU94ueNWzkJHnoC6bo2/vRvLomfTHDT/HUesgw==
=muH/
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 17 16:28:27 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:58 2006
Subject: Mailwatch &SQLWhitelist
Message-ID: <mailman.16078.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dean Maluski spake the following on 10/15/2005 8:35 AM:
> I just got mailwatch working, sortof.
> I altered /etc/MailScanner.conf
> to support 
> Is Definitely Spam = &SQLBlacklist and 
> 
> Is Definitely Not Spam = &SQLWhitelist.
> I added a test sender to SQLblacklist via web interface and sure enough
> it worked. I also have been creating whitelist entries.
> Those don't seem to be working. At least they are not showing up in
> weblist as green.
> I will have to sift through instructions again but I think that
> whitelist would work tyhe same as blacklist without any major changes or
> something I did that was stupid possibly.
> 
Try and restart MailScanner and tail -f the maillog. You can look for
the startup loading of the black and whitelists to see if the whitelist
is loading. If blacklists are working, I would think that either there
is a typo in MailScanner.conf, or invalid whitelist entries.
For instance, you can not wildcard a domain with "@somedomain.com"
because the ampersand seems to be invalid if not in a single address.
"user@somedomain.com" is valid, but for an entire domain you need
"somedomain.com".
Also look for another "Is Definitely Not Spam =" entry that is not
commented out.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Mon Oct 17 18:31:03 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16079.1137101458.24926.mailscanner@lists.mailscanner.info>

Dennis Willson <mailto:taz@TAZ-MANIA.COM>
    on Sunday, October 16, 2005 4:26 PM said:

> "Uninfected: Delivered 1 message" is from MailScanner, not the MTA. If
> it was really delivered, there should be another message from the MTA
> that says it was delivered.

I'm using sendmail. Do you know what the message should say?

> I believe that the message from
> MailScanner means it was put in the output queue for the MTA to
> pickup and deliver (at least if sendmail is the MTA). Then it's up to
> the MTA to actually deliver the message.
> 
> I would check your input and output queues for the email you tried to
> send through.

Ahh... I looked in my output queue and I have a bunch of emails in
there. Looks like they never left my machine.

I made a change in MailScanner.conf that is probably the culprit. I
changed the output queue to /var/spool/mqueue.out (from
/var/spool/mqueue) simply because it made more sense to me than the
original location. I assumed that changing it in MailScanner.conf would
also make sendmail aware of the change but it seems not to be the case.

I looked through sendmail.mc but didn't find any setting to change the
queue. However, in sendmail.mc I *did* find:

# queue directory
O QueueDirectory=/var/spool/mqueue

Is there something I need to add to sendmail.mc to rebuild the .cf file
or can I modify directly the .cf file?


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jd at BARITEC.COM  Mon Oct 17 19:04:09 2005
From: jd at BARITEC.COM (JD Doelitzsch)
Date: Thu Jan 12 21:30:58 2006
Subject: clamav-wrapper bash:not found.
Message-ID: <mailman.16080.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Im using Fedora 4 just installed clamav and MailScanner, and I updated the
virus.scanners.conf to reflect the clamav installation in /usr/local/lib for
clamscan etc. The clamav-wrapper is still giving me the not found error. Any
other references im missing? Clamscan works fine by the way.

-JD

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Mon Oct 17 19:17:51 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16081.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:

>Dennis Willson <mailto:taz@TAZ-MANIA.COM>
>    on Sunday, October 16, 2005 4:26 PM said:
>
>  
>
>>"Uninfected: Delivered 1 message" is from MailScanner, not the MTA. If
>>it was really delivered, there should be another message from the MTA
>>that says it was delivered.
>>    
>>
>
>I'm using sendmail. Do you know what the message should say?
>
>  
>
>>I believe that the message from
>>MailScanner means it was put in the output queue for the MTA to
>>pickup and deliver (at least if sendmail is the MTA). Then it's up to
>>the MTA to actually deliver the message.
>>
>>I would check your input and output queues for the email you tried to
>>send through.
>>    
>>
>
>Ahh... I looked in my output queue and I have a bunch of emails in
>there. Looks like they never left my machine.
>
>I made a change in MailScanner.conf that is probably the culprit. I
>changed the output queue to /var/spool/mqueue.out (from
>/var/spool/mqueue) simply because it made more sense to me than the
>original location. I assumed that changing it in MailScanner.conf would
>also make sendmail aware of the change but it seems not to be the case.
>
>I looked through sendmail.mc but didn't find any setting to change the
>queue. However, in sendmail.mc I *did* find:
>
># queue directory
>O QueueDirectory=/var/spool/mqueue
>
>Is there something I need to add to sendmail.mc to rebuild the .cf file
>or can I modify directly the .cf file?
>  
>
Chris,

Why don't you start sendmail with this parameter:
-oQ/var/spool/mqueue.out (or -OQueueDirectory=/var/spool/mqueue.out)

Look into /etc/init.d/MailScanner (if you are on a Linux box) for:
        $SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) \
                  -OPidFile=$OUTPID

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 17 19:21:37 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: clamav-wrapper bash:not found.
Message-ID: <mailman.16082.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Change it to /usr/local and not /usr/local/lib.

JD Doelitzsch wrote:

>Im using Fedora 4 just installed clamav and MailScanner, and I updated the
>virus.scanners.conf to reflect the clamav installation in /usr/local/lib for
>clamscan etc. The clamav-wrapper is still giving me the not found error. Any
>other references im missing? Clamscan works fine by the way.
>
>-JD
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1PrsRH2WUcUFbZUEQJpDwCg3xxwDKgqGLmkpdFD+JM469QbjC8AoKiv
XzlxwWE55YR+37wuLwW35bwj
=zfYi
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 17 19:21:40 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: clamav-wrapper bash:not found.
Message-ID: <mailman.16083.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Change it to /usr/local and not /usr/local/lib.

JD Doelitzsch wrote:

>Im using Fedora 4 just installed clamav and MailScanner, and I updated the
>virus.scanners.conf to reflect the clamav installation in /usr/local/lib for
>clamscan etc. The clamav-wrapper is still giving me the not found error. Any
>other references im missing? Clamscan works fine by the way.
>
>-JD
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1PrtRH2WUcUFbZUEQKGowCdGImhQNU5xv8V5kcu7K6Ar8EbpecAnj7J
AD3rMkKWYuzZ5exNLHgt17Sj
=tcV/
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Mon Oct 17 19:21:58 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:30:58 2006
Subject: clamav-wrapper bash:not found.
Message-ID: <mailman.16084.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

JD Doelitzsch wrote:

>Im using Fedora 4 just installed clamav and MailScanner, and I updated the
>virus.scanners.conf to reflect the clamav installation in /usr/local/lib for
>clamscan etc. The clamav-wrapper is still giving me the not found error. Any
>other references im missing? Clamscan works fine by the way.
>  
>
JD,

You shouldn't call this script.  Call this one: 
/etc/cron.hourly/update_virus_scanners (or /usr/sbin/update_virus_scanners).

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jd at BARITEC.COM  Mon Oct 17 19:42:45 2005
From: jd at BARITEC.COM (JD Doelitzsch)
Date: Thu Jan 12 21:30:58 2006
Subject: FW: clamav-wrapper bash:not found.
Message-ID: <mailman.16085.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Sorry, I made a typo. I meant /usr/local/bin which is where clamscan and
freshclam resides, not lib. If i change to /usr/local does the script
automatically look in */bin?

-JD

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
Behalf Of Julian Field
Sent: Monday, October 17, 2005 11:22 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: clamav-wrapper bash:not found.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Change it to /usr/local and not /usr/local/lib.

JD Doelitzsch wrote:

>Im using Fedora 4 just installed clamav and MailScanner, and I updated the
>virus.scanners.conf to reflect the clamav installation in /usr/local/lib
for
>clamscan etc. The clamav-wrapper is still giving me the not found error.
Any
>other references im missing? Clamscan works fine by the way.
>
>-JD
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>

- --
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1PrtRH2WUcUFbZUEQKGowCdGImhQNU5xv8V5kcu7K6Ar8EbpecAnj7J
AD3rMkKWYuzZ5exNLHgt17Sj
=tcV/
-----END PGP SIGNATURE-----

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Mon Oct 17 20:08:59 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:58 2006
Subject: spam filtering ceased
Message-ID: <mailman.16086.1137101458.24926.mailscanner@lists.mailscanner.info>

On Sun, 2005-10-16 at 11:20 +0100, Julian Field wrote:

> By default, MailScanner will always use /usr/bin/perl. But anything that 
> looks for perl in your path may well pick up /dcs/bin/perl. Having these 
> 2 different is very dangerous and the cause of a whole host of problems. 
> Consider replacing /usr/bin/perl with a link to /dcs/bin/perl. And who 
> put perl in /bin? It doesn't belong there.

Hi Julian.

Thanks for your comments.

I'm reluctant to replace /usr/bin/perl with a symlink to /dcs/bin/perl,
because /usr/bin/perl is the Sun version, and I'm concerned that there
might be a perl script that ships with the OS that isn't compatibile
with /dcs/bin/perl.

/bin and /usr/bin are the same directory usually on most Sun's.

Would it be sufficient to make sure the $PATH as known by MailScanner
does not include /dcs/bin/perl?

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Mon Oct 17 20:25:04 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:30:58 2006
Subject: spam filtering ceased
Message-ID: <mailman.16087.1137101458.24926.mailscanner@lists.mailscanner.info>

Hi,

FWIW, when I cold-install Solaris 9 or 10 onto a system, I don't
install either the SUNW perl packages, the SUNW sendmail package,
or some other unwanted packages (like apache).  You don't need 
them for the OS to work properly, and they are out-of-date relative 
to the public-domain releases anyway.  Then I install the
public-domain versions.

Come on, be brave.  Do a "cp /dcs/bin/perl /dcs/bin/perl.orig" to
CYA before replacing with a symlink.

Jeff Earickson
Colby College

On Mon, 17 Oct 2005, Dan Stromberg wrote:

> Date: Mon, 17 Oct 2005 12:08:59 -0700
> From: Dan Stromberg <strombrg@DCS.NAC.UCI.EDU>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: spam filtering ceased
> 
> On Sun, 2005-10-16 at 11:20 +0100, Julian Field wrote:
>
>> By default, MailScanner will always use /usr/bin/perl. But anything that
>> looks for perl in your path may well pick up /dcs/bin/perl. Having these
>> 2 different is very dangerous and the cause of a whole host of problems.
>> Consider replacing /usr/bin/perl with a link to /dcs/bin/perl. And who
>> put perl in /bin? It doesn't belong there.
>
> Hi Julian.
>
> Thanks for your comments.
>
> I'm reluctant to replace /usr/bin/perl with a symlink to /dcs/bin/perl,
> because /usr/bin/perl is the Sun version, and I'm concerned that there
> might be a perl script that ships with the OS that isn't compatibile
> with /dcs/bin/perl.
>
> /bin and /usr/bin are the same directory usually on most Sun's.
>
> Would it be sufficient to make sure the $PATH as known by MailScanner
> does not include /dcs/bin/perl?
>
> Thanks!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Mon Oct 17 21:29:37 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:58 2006
Subject: spam filtering ceased
Message-ID: <mailman.16088.1137101458.24926.mailscanner@lists.mailscanner.info>

LOL :)

I used to do this stuff without thinking that much about it, like
copying a tcsh overtop of an Ultrix system's csh, but then I got chewed
out by a senior admin...

On Mon, 2005-10-17 at 15:25 -0400, Jeff A. Earickson wrote:
> Hi,
> 
> FWIW, when I cold-install Solaris 9 or 10 onto a system, I don't
> install either the SUNW perl packages, the SUNW sendmail package,
> or some other unwanted packages (like apache).  You don't need 
> them for the OS to work properly, and they are out-of-date relative 
> to the public-domain releases anyway.  Then I install the
> public-domain versions.
> 
> Come on, be brave.  Do a "cp /dcs/bin/perl /dcs/bin/perl.orig" to
> CYA before replacing with a symlink.
> 
> Jeff Earickson
> Colby College
> 
> On Mon, 17 Oct 2005, Dan Stromberg wrote:
> 
> > Date: Mon, 17 Oct 2005 12:08:59 -0700
> > From: Dan Stromberg <strombrg@DCS.NAC.UCI.EDU>
> > Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: spam filtering ceased
> > 
> > On Sun, 2005-10-16 at 11:20 +0100, Julian Field wrote:
> >
> >> By default, MailScanner will always use /usr/bin/perl. But anything that
> >> looks for perl in your path may well pick up /dcs/bin/perl. Having these
> >> 2 different is very dangerous and the cause of a whole host of problems.
> >> Consider replacing /usr/bin/perl with a link to /dcs/bin/perl. And who
> >> put perl in /bin? It doesn't belong there.
> >
> > Hi Julian.
> >
> > Thanks for your comments.
> >
> > I'm reluctant to replace /usr/bin/perl with a symlink to /dcs/bin/perl,
> > because /usr/bin/perl is the Sun version, and I'm concerned that there
> > might be a perl script that ships with the OS that isn't compatibile
> > with /dcs/bin/perl.
> >
> > /bin and /usr/bin are the same directory usually on most Sun's.
> >
> > Would it be sufficient to make sure the $PATH as known by MailScanner
> > does not include /dcs/bin/perl?
> >
> > Thanks!
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Mon Oct 17 21:57:25 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:58 2006
Subject: New MS install is acting very strangely (misconfiguration
    somewhere)
Message-ID: <mailman.16089.1137101458.24926.mailscanner@lists.mailscanner.info>

Denis Beauchemin <mailto:Denis.Beauchemin@USHERBROOKE.CA>
    on Monday, October 17, 2005 11:18 AM said:

> Why don't you start sendmail with this parameter:
> -oQ/var/spool/mqueue.out (or -OQueueDirectory=/var/spool/mqueue.out)
> 
> Look into /etc/init.d/MailScanner (if you are on a Linux box) for:
>         $SENDMAIL $([ -n "$QUEUETIME" ] && echo -q$QUEUETIME) \
>                   -OPidFile=$OUTPID

I decided to just go with the default directory instead and get used to
it. Mail is flowing properly now.


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gdoris at ROGERS.COM  Mon Oct 17 22:50:01 2005
From: gdoris at ROGERS.COM (Gerry Doris)
Date: Thu Jan 12 21:30:58 2006
Subject: Mailwatch &SQLWhitelist
Message-ID: <mailman.16090.1137101458.24926.mailscanner@lists.mailscanner.info>

On Mon, 2005-10-17 at 08:28 -0700, Scott Silva wrote:
> Dean Maluski spake the following on 10/15/2005 8:35 AM:
> > I just got mailwatch working, sortof.
> > I altered /etc/MailScanner.conf
> > to support 
> > Is Definitely Spam = &SQLBlacklist and 
> > 
> > Is Definitely Not Spam = &SQLWhitelist.
> > I added a test sender to SQLblacklist via web interface and sure enough
> > it worked. I also have been creating whitelist entries.
> > Those don't seem to be working. At least they are not showing up in
> > weblist as green.
> > I will have to sift through instructions again but I think that
> > whitelist would work tyhe same as blacklist without any major changes or
> > something I did that was stupid possibly.
> > 
> Try and restart MailScanner and tail -f the maillog. You can look for
> the startup loading of the black and whitelists to see if the whitelist
> is loading. If blacklists are working, I would think that either there
> is a typo in MailScanner.conf, or invalid whitelist entries.
> For instance, you can not wildcard a domain with "@somedomain.com"
> because the ampersand seems to be invalid if not in a single address.
> "user@somedomain.com" is valid, but for an entire domain you need
> "somedomain.com".
> Also look for another "Is Definitely Not Spam =" entry that is not
> commented out.
> 
As a follow up question...

Can you enable both the MailScanner whitelist/blacklist and the
MailWatch SQLWhite/Black lists at the same time.

I've been using MailScanner's whitelist/blacklists for some time now but
it is convenient to be able to just click on email in MailWatch to add
it to the SQL lists.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vinet138 at YAHOO.COM  Mon Oct 17 22:53:03 2005
From: vinet138 at YAHOO.COM (Bill Smith)
Date: Thu Jan 12 21:30:58 2006
Subject: dcc-dccproc
Message-ID: <mailman.16091.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Guys,
 
I have been to this site http://www.rhyolite.com/anti-spam/dcc/ and find
it impossible to find dcc-dccproc.tar.Z
Can anyone send me the absolute link please.
 
Cheers,
 
Bill

________________________________________________________________________________
Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mkettler at EVI-INC.COM  Mon Oct 17 23:25:37 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:30:58 2006
Subject: dcc-dccproc
Message-ID: <mailman.16092.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Bill Smith wrote:
> Hi Guys,
>  
> I have been to this site http://www.rhyolite.com/anti-spam/dcc/ and find
> it impossible to find dcc-dccproc.tar.Z
> Can anyone send me the absolute link please.
>  

Are you sure that's what you want? The fact that there's no link to the package,
and only a link to dcc.tar.Z suggests that they want to discourage people from
just getting the dccproc package, and want people to get the whole dcc package
instead.


If it's really what you want, you can get it at:

http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 17 23:22:59 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:58 2006
Subject: Mailwatch &SQLWhitelist
Message-ID: <mailman.16093.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Gerry Doris spake the following on 10/17/2005 2:50 PM:
> On Mon, 2005-10-17 at 08:28 -0700, Scott Silva wrote:
> 
>>Dean Maluski spake the following on 10/15/2005 8:35 AM:
>>
>>>I just got mailwatch working, sortof.
>>>I altered /etc/MailScanner.conf
>>>to support 
>>>Is Definitely Spam = &SQLBlacklist and 
>>>
>>>Is Definitely Not Spam = &SQLWhitelist.
>>>I added a test sender to SQLblacklist via web interface and sure enough
>>>it worked. I also have been creating whitelist entries.
>>>Those don't seem to be working. At least they are not showing up in
>>>weblist as green.
>>>I will have to sift through instructions again but I think that
>>>whitelist would work tyhe same as blacklist without any major changes or
>>>something I did that was stupid possibly.
>>>
>>
>>Try and restart MailScanner and tail -f the maillog. You can look for
>>the startup loading of the black and whitelists to see if the whitelist
>>is loading. If blacklists are working, I would think that either there
>>is a typo in MailScanner.conf, or invalid whitelist entries.
>>For instance, you can not wildcard a domain with "@somedomain.com"
>>because the ampersand seems to be invalid if not in a single address.
>>"user@somedomain.com" is valid, but for an entire domain you need
>>"somedomain.com".
>>Also look for another "Is Definitely Not Spam =" entry that is not
>>commented out.
>>
> 
> As a follow up question...
> 
> Can you enable both the MailScanner whitelist/blacklist and the
> MailWatch SQLWhite/Black lists at the same time.
> 
> I've been using MailScanner's whitelist/blacklists for some time now but
> it is convenient to be able to just click on email in MailWatch to add
> it to the SQL lists.
> 
AFAIK it is one or the other, but you could manually add the entries
from MailScanners files if you need them.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 17 23:24:56 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:58 2006
Subject: dcc-dccproc
Message-ID: <mailman.16094.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Bill Smith spake the following on 10/17/2005 2:53 PM:
> Hi Guys,
>  
> I have been to this site http://www.rhyolite.com/anti-spam/dcc/ and find
> it impossible to find dcc-dccproc.tar.Z
> Can anyone send me the absolute link please.
>  
> Cheers,
>  
> Bill
> 
> ------------------------------------------------------------------------
> Yahoo! Music Unlimited - Access over 1 million songs. Try it free.
> <http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=36035/*http://music.yahoo.com/unlimited/>
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*
http://www.rhyolite.com/anti-spam/dcc/source/dcc.tar.Z
All source is in the tarball.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Oct 17 23:50:07 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:30:58 2006
Subject: dcc-dccproc
Message-ID: <mailman.16095.1137101458.24926.mailscanner@lists.mailscanner.info>

Hi!

> I have been to this site http://www.rhyolite.com/anti-spam/dcc/ and find it impossible to find dcc-dccproc.tar.Z
> Can anyone send me the absolute link please.

Did you ever hear about google. Its really usefull, you should try it. 
cough cough.

http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Tue Oct 18 00:05:58 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:58 2006
Subject: dcc-dccproc
Message-ID: <mailman.16096.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Raymond Dijkxhoorn spake the following on 10/17/2005 3:50 PM:
> Hi!
> 
>> I have been to this site http://www.rhyolite.com/anti-spam/dcc/ and
>> find it impossible to find dcc-dccproc.tar.Z
>> Can anyone send me the absolute link please.
> 
> 
> Did you ever hear about google. Its really usefull, you should try it.
> cough cough.
> 
> http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccproc.tar.Z
> 
> Bye,
> Raymond.
> 
Moot point as all links get the same source tarball.
Just different names.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Tue Oct 18 00:09:53 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:58 2006
Subject: Mailwatch &SQLWhitelist
Message-ID: <mailman.16097.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva spake the following on 10/17/2005 3:22 PM:
> Gerry Doris spake the following on 10/17/2005 2:50 PM:
> 
>>On Mon, 2005-10-17 at 08:28 -0700, Scott Silva wrote:
>>
>>
>>>Dean Maluski spake the following on 10/15/2005 8:35 AM:
>>>
>>>
>>>>I just got mailwatch working, sortof.
>>>>I altered /etc/MailScanner.conf
>>>>to support 
>>>>Is Definitely Spam = &SQLBlacklist and 
>>>>
>>>>Is Definitely Not Spam = &SQLWhitelist.
>>>>I added a test sender to SQLblacklist via web interface and sure enough
>>>>it worked. I also have been creating whitelist entries.
>>>>Those don't seem to be working. At least they are not showing up in
>>>>weblist as green.
>>>>I will have to sift through instructions again but I think that
>>>>whitelist would work tyhe same as blacklist without any major changes or
>>>>something I did that was stupid possibly.
>>>>
>>>
>>>Try and restart MailScanner and tail -f the maillog. You can look for
>>>the startup loading of the black and whitelists to see if the whitelist
>>>is loading. If blacklists are working, I would think that either there
>>>is a typo in MailScanner.conf, or invalid whitelist entries.
>>>For instance, you can not wildcard a domain with "@somedomain.com"
>>>because the ampersand seems to be invalid if not in a single address.
>>>"user@somedomain.com" is valid, but for an entire domain you need
>>>"somedomain.com".
>>>Also look for another "Is Definitely Not Spam =" entry that is not
>>>commented out.
>>>
>>
>>As a follow up question...
>>
>>Can you enable both the MailScanner whitelist/blacklist and the
>>MailWatch SQLWhite/Black lists at the same time.
>>
>>I've been using MailScanner's whitelist/blacklists for some time now but
>>it is convenient to be able to just click on email in MailWatch to add
>>it to the SQL lists.
>>
> 
> AFAIK it is one or the other, but you could manually add the entries
> from MailScanners files if you need them.
> 
> 
But I think you could enable the SQLBlacklist and the MailScanner
Whitelist, or the SQLWhitelist and MailScanner Blacklist.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmaluski at n1ety.com  Tue Oct 18 01:46:35 2005
From: dmaluski at n1ety.com (Dean Maluski)
Date: Thu Jan 12 21:30:58 2006
Subject: Mailwatch &SQLWhitelist
Message-ID: <mailman.16098.1137101458.24926.mailscanner@lists.mailscanner.info>

On Mon, 2005-10-17 at 17:50, Gerry Doris wrote:
> On Mon, 2005-10-17 at 08:28 -0700, Scott Silva wrote:
> > Dean Maluski spake the following on 10/15/2005 8:35 AM:
> > > I just got mailwatch working, sortof.
> > > I altered /etc/MailScanner.conf
> > > to support 
> > > Is Definitely Spam = &SQLBlacklist and 
> > > 
> > > Is Definitely Not Spam = &SQLWhitelist.
> > > I added a test sender to SQLblacklist via web interface and sure enough
> > > it worked. I also have been creating whitelist entries.
> > > Those don't seem to be working. At least they are not showing up in
> > > weblist as green.
> > > I will have to sift through instructions again but I think that
> > > whitelist would work tyhe same as blacklist without any major changes or
> > > something I did that was stupid possibly.
> > > 
> > Try and restart MailScanner and tail -f the maillog. You can look for
> > the startup loading of the black and whitelists to see if the whitelist
> > is loading. If blacklists are working, I would think that either there
> > is a typo in MailScanner.conf, or invalid whitelist entries.
> > For instance, you can not wildcard a domain with "@somedomain.com"
> > because the ampersand seems to be invalid if not in a single address.
> > "user@somedomain.com" is valid, but for an entire domain you need
> > "somedomain.com".
> > Also look for another "Is Definitely Not Spam =" entry that is not
> > commented out.
> > 
> As a follow up question...
> 
> Can you enable both the MailScanner whitelist/blacklist and the
> MailWatch SQLWhite/Black lists at the same time.
> 
> I've been using MailScanner's whitelist/blacklists for some time now but
> it is convenient to be able to just click on email in MailWatch to add
> it to the SQL lists.
> 
Yesterday after I rebooted mailscanner was working fine, I did a grep of
log and it seemed OK but I wasn't getting any updates in mailwatch list.
I put it aside as I had other things to do. Last night when I got back
to it everything was working fine and has been all day today. 
I'll play around with various whitelist and blacklist settings and let
you know. For now they are both OK using sql setting on both.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jflowers at EZO.NET  Tue Oct 18 02:50:15 2005
From: jflowers at EZO.NET (Jim Flowers)
Date: Thu Jan 12 21:30:58 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16099.1137101458.24926.mailscanner@lists.mailscanner.info>

I have a 4.42.9 MailScanner setup on a FreeBSD 5.4-RELEASE system that has
just quit working after several months without a problem.  It just stops
processing every couple of hours with no errors indicated in the logs. 
Restarting MailScanner starts it working again.

It has also started throwing bus-fault errors when it is running:

Oct 17 10:49:58 mxgf1 kernel: pid 85142 (perl5.8.6), uid 0: exited on signal 10

pid 85142 is a child of a current Mailscanner process 84516:

84516  ??  S      0:05.06 /usr/bin/perl -I/usr/local/lib/MailScanner
/usr/local/libexec/MailScanner/MailScanner
/usr/local/etc/MailScanner/MailScanner.conf (perl5.8.6)

and in terminating prematurely, it leaves a work file:

-rw-------  1 root    wheel     91387 Oct 17 10:49
/tmp/spamassassin.85142.xbLbt4.tmp

Although signal 10 specifies a bus fault with a core dump, there is no sign
of a .core file anywhere.  Rebuilding and reinstalling perl did not resolve
the problem.

Although modified for MailWatch, that functionality is working correctly and
returning to the unmodified version still has the same problem.

Is there any reason to expect that this problem is hardware related or is it
more likely to be something that changed in the execution of the child
spawned by the MailScanner Perl script?

Where should I look in troubleshooting this further?

Thank you.
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 18 08:55:50 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: clamav-wrapper bash:not found.
Message-ID: <mailman.16100.1137101458.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Yes.
As someone else said, you should always upgrade your virus scanners  
by calling update_virus_scanners, don't ever call the autoupdate  
script yourself, you will probably get the command line wrong.

On 17 Oct 2005, at 19:42, JD Doelitzsch wrote:

> Sorry, I made a typo. I meant /usr/local/bin which is where  
> clamscan and
> freshclam resides, not lib. If i change to /usr/local does the script
> automatically look in */bin?
>
> -JD
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Monday, October 17, 2005 11:22 AM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: clamav-wrapper bash:not found.
>
>
> * PGP Bad Signature, Signed by a unverified key: 10/17/05 at 19:21:41
>
> Change it to /usr/local and not /usr/local/lib.
>
> JD Doelitzsch wrote:
>
>
>> Im using Fedora 4 just installed clamav and MailScanner, and I  
>> updated the
>> virus.scanners.conf to reflect the clamav installation in /usr/ 
>> local/lib
>>
> for
>
>> clamscan etc. The clamav-wrapper is still giving me the not found  
>> error.
>>
> Any
>
>> other references im missing? Clamscan works fine by the way.
>>
>> -JD
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>>
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> * Julian Field <Jules@jules.fm>
> * 0x1415B654 - Unverified (L)
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ1SqiPw32o+k+q+hAQEVYQgAkUS4zRRxC4wFu9Fjyl3LetR/wgcFagmT
GIBMIHzwhics6s1GzzoEaNozjB1K+CKa11pF04/rwCBU9j2owI0hxBBlNAUANEnk
kLf+kd8e8VIvzpoEL13dviQ4gUmcH6DxBobOlGXzHVLTeibE0NkCCKE5JISYuAQo
QlHz2wMu8+zTtDp0VVmzZ7S+1CrgqdeKhqkA383hYx0vJ40u7L9yQiRpV1C9qBmV
p4UYCxieBBB18s6/RptIMdzgtNcaOOCLFg2loUaBcPsdAf6q9nshZZNiWSUnG0mS
8oJxR08wCrG5zSdp2vTox1WsYscrd35lmxpEsVgXMO3amISbaojslg==
=pj1j
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From tac.forums at GMAIL.COM  Tue Oct 18 12:23:31 2005
From: tac.forums at GMAIL.COM (TAC Forums)
Date: Thu Jan 12 21:30:58 2006
Subject: Feature request to make the 'archive mail' fuction smarter. :-)
Message-ID: <mailman.16101.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi

Not sure if there is a way to solve this problem, but any ideas would
be welcome. :-)

We've enabled a feature in MailScanner called 'Archive Mail' which is
forwarded to an e-mail ID.... say ABC@domain.com

However, if someone send an email TO a person, say X and a copy CC to
Y, then the ID ABC@domain.com receives two copies.

Is there a way the system can figure out that actually just one
archive copy is sufficient since it's the same message being sent to
two different people on the same server.

Regards
--
TAC Support Team

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 18 13:13:03 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:58 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16102.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 18/10/05, Jim Flowers <jflowers@ezo.net> wrote:
> I have a 4.42.9 MailScanner setup on a FreeBSD 5.4-RELEASE system that has
> just quit working after several months without a problem.  It just stops
> processing every couple of hours with no errors indicated in the logs.
> Restarting MailScanner starts it working again.
>
> It has also started throwing bus-fault errors when it is running:
>
> Oct 17 10:49:58 mxgf1 kernel: pid 85142 (perl5.8.6), uid 0: exited on signal 10
>
> pid 85142 is a child of a current Mailscanner process 84516:
>
> 84516  ??  S      0:05.06 /usr/bin/perl -I/usr/local/lib/MailScanner
> /usr/local/libexec/MailScanner/MailScanner
> /usr/local/etc/MailScanner/MailScanner.conf (perl5.8.6)
>
> and in terminating prematurely, it leaves a work file:
>
> -rw-------  1 root    wheel     91387 Oct 17 10:49
> /tmp/spamassassin.85142.xbLbt4.tmp
>
> Although signal 10 specifies a bus fault with a core dump, there is no sign
> of a .core file anywhere.  Rebuilding and reinstalling perl did not resolve
> the problem.
>
> Although modified for MailWatch, that functionality is working correctly and
> returning to the unmodified version still has the same problem.
>
> Is there any reason to expect that this problem is hardware related or is it
> more likely to be something that changed in the execution of the child
> spawned by the MailScanner Perl script?
>
> Where should I look in troubleshooting this further?
>
> Thank you.
>

Just a bit of general advice:
As you know, bus errors in just means that an attempt was
(incorrectly) made to write to read-only memory (while a segment
violation means you're trying to write to someone elses memory). So to
answer your last question first...
Yes. It might be bad hardware (memory likely, or possibly a swaparea
going bad), but then you might be seeing this for other processes...
Use a memory tester (like memtest86, if you're on that type of HW),
it's cheaper than replacing all the memory (the Big Blue way of doing
service:-).
If the tester OKs the memory, you can move on to the more likely
culprit(s)... Either the program (perl? An AV-child?) or a lib it
depends on have been updated to a ... bum version... Look hard at all
the components and all the updates you did at the time it started
happening.

As to why you don't get cores... well, do you allow corefiles for the
user in question?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 18 13:22:47 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:58 2006
Subject: Feature request to make the 'archive mail' fuction smarter. :-)
Message-ID: <mailman.16103.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 18/10/05, TAC Forums <tac.forums@gmail.com> wrote:
> Hi
>
> Not sure if there is a way to solve this problem, but any ideas would
> be welcome. :-)
>
> We've enabled a feature in MailScanner called 'Archive Mail' which is
> forwarded to an e-mail ID.... say ABC@domain.com
>
> However, if someone send an email TO a person, say X and a copy CC to
> Y, then the ID ABC@domain.com receives two copies.
>
> Is there a way the system can figure out that actually just one
> archive copy is sufficient since it's the same message being sent to
> two different people on the same server.
>
> Regards
> --
> TAC Support Team

How could it? The splitting is done *well before MS gets it*... Sure,
for a mailstore server of some kind, like M-Sexchange, it's rather
simple to determine this (although I'm pretty sure that M-Sex doesn't
do this... The mails end up in different mailstores after all), but
that is not what you've got here. MS don't have any "memory" to speak
of:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Tue Oct 18 16:06:00 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:30:58 2006
Subject: Feature request to make the 'archive mail' fuction smarter. :-)
Message-ID: <mailman.16104.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

---- Original Message ----
From: "TAC Forums" <tac.forums@GMAIL.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Tuesday, October 18, 2005 1:23 PM
Subject: Feature request to make the 'archive mail' fuction smarter. :-)

> Hi
>
> Not sure if there is a way to solve this problem, but any ideas would
> be welcome. :-)
>
> We've enabled a feature in MailScanner called 'Archive Mail' which is
> forwarded to an e-mail ID.... say ABC@domain.com
>
> However, if someone send an email TO a person, say X and a copy CC to
> Y, then the ID ABC@domain.com receives two copies.

Serves him right for snooping in other peoples mail :-)

Anyway, perhaps the Archive Mail line in MailScanner.cfg could be made a 
custom function, which looked up the message-id in the MailWatch database 
(or its own database) and returned "none" if the message-id had been seen 
before.

(Not sure if the mail is logged to the MailWatch database at once, or at the 
end of the batch. If the latter is the case, it wouldn't work, as the 
duplicate messages are most probably in the same batch)

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From a.peacock at CHIME.UCL.AC.UK  Tue Oct 18 16:35:07 2005
From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock)
Date: Thu Jan 12 21:30:58 2006
Subject: SpamAssassin and SQL
Message-ID: <mailman.16105.1137101458.24926.mailscanner@lists.mailscanner.info>

Hi,

Those configuration options are considered privileged settings by 
SpamAssassin, and as such cannot be set in a user preferences config 
file.

The MailScanner file 'spam.assassin.prefs.conf' effectively acts like 
the SpamAssassin user preferences file for the MailScanner process.  

These settings need to be set in the SpamAssassin local.cf file which 
is usually found in /etc/mail/spamassassin.

> I would like to know if its possible to make the MailScanner read 
the
> user configurations in the spamassassin via sql.
>  I put in the spam.assassin.prefs.conf to maje it call the sql.
> 
> 
> user_scores_dsn DBI:mysql:antispam:localhost
> user_scores_sql_username antispam
> user_scores_sql_password xxxxx
> 
> but it keeps ignoring it.
> 
> In the Amavis, I can run it without problems. But I hate Amavis. I
> love MailScanner :)
> 
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words: 'leave
> mailscanner' in the body of the email. Before posting, read the Wiki
> (http://wiki.mailscanner.info/) and the archives
> (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 


-- 
Anthony Peacock       
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
"In the beginning of a change, the patriot is a brave and 
scarce man, hated and scorned. When the cause succeeds, however, 
the timid join him...for then it costs nothing to be a 
patriot." -Mark Twain

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 18 16:43:56 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:58 2006
Subject: Feature request to make the 'archive mail' fuction smarter. :-)
Message-ID: <mailman.16106.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 18/10/05, Leif Neland <mailscanner-user@neland.dk> wrote:
> ---- Original Message ----
> From: "TAC Forums" <tac.forums@GMAIL.COM>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Tuesday, October 18, 2005 1:23 PM
> Subject: Feature request to make the 'archive mail' fuction smarter. :-)
>
> > Hi
> >
> > Not sure if there is a way to solve this problem, but any ideas would
> > be welcome. :-)
> >
> > We've enabled a feature in MailScanner called 'Archive Mail' which is
> > forwarded to an e-mail ID.... say ABC@domain.com
> >
> > However, if someone send an email TO a person, say X and a copy CC to
> > Y, then the ID ABC@domain.com receives two copies.
>
> Serves him right for snooping in other peoples mail :-)
>
> Anyway, perhaps the Archive Mail line in MailScanner.cfg could be made a
> custom function, which looked up the message-id in the MailWatch database
> (or its own database) and returned "none" if the message-id had been seen
> before.
>
> (Not sure if the mail is logged to the MailWatch database at once, or at the
> end of the batch. If the latter is the case, it wouldn't work, as the
> duplicate messages are most probably in the same batch)
>
> Leif
>
End of the batch I'd imagine, from the "looked up last" thing:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From algorges at GMAIL.COM  Tue Oct 18 17:30:51 2005
From: algorges at GMAIL.COM (ASA)
Date: Thu Jan 12 21:30:58 2006
Subject: SpamAssassin and SQL
Message-ID: <mailman.16107.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I would like to know if its possible to make the MailScanner read the user 
configurations in the spamassassin via sql.
 I put in the spam.assassin.prefs.conf to maje it call the sql.


user_scores_dsn DBI:mysql:antispam:localhost
user_scores_sql_username antispam
user_scores_sql_password xxxxx

but it keeps ignoring it.

In the Amavis, I can run it without problems. But I hate Amavis. I love 
MailScanner :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 18 18:23:59 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: Fwd: Abwesenheitsnotiz: Bus Faults Error 10 with Perl
Message-ID: <mailman.16108.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have temporarily disabled his list delivery. He will receive a 
notification that this was done, and so he can enable it again when he 
returns.

Glenn Steen wrote:

>Hi Jules,
>
>Could you zap Mr Lotter a bit with that sweet little LART?
>Or just bump him off the list.
>
>---------- Forwarded message ----------
>From: Lotter, Albrecht (LNG-MUE) <Albrecht.Lotter@lexisnexis.de>
>Date: 18-Oct-2005 14:14
>Subject: Abwesenheitsnotiz: Bus Faults Error 10 with Perl
>To: Glenn Steen <glenn.steen@gmail.com>
>
>
>I'm out of the office until 23rd of October with limited acesss to my email.
>If you need immediate attention please contact Paul Homann, -337.
>
>### German ###
>
>Ich bin bis 23. Oktober außer Haus und habe nur eingeschränkten Zugriff auf
>meine E-Mail. Bitte wenden sie sich in dringenden Fällen an Paul Homann,
>-337
>
>
>
>--
>-- Glenn
>email: glenn < dot > steen < at > gmail < dot > com
>work: glenn < dot > steen < at > ap1 < dot > se
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1UvsBH2WUcUFbZUEQIcVwCfQMJGZrplak2ORW+OF9pJdEGUHpkAoMDM
H+YuUpoH1a6zVTz8/VYhN7Zm
=fmDW
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Tue Oct 18 19:07:28 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:58 2006
Subject: Fwd: Abwesenheitsnotiz: Bus Faults Error 10 with Perl
Message-ID: <mailman.16109.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/18/2005 10:23 AM:
> I have temporarily disabled his list delivery. He will receive a 
> notification that this was done, and so he can enable it again when he 
> returns.
> 
> Glenn Steen wrote:
> 
> 
>>>Hi Jules,
>>>
>>>Could you zap Mr Lotter a bit with that sweet little LART?
>>>Or just bump him off the list.

One of the advantages of reading through GMANE. It seems to kill all the
vacation messages.
Now if it would just post faster....
-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Tue Oct 18 19:45:57 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:58 2006
Subject: Fwd: Abwesenheitsnotiz: Bus Faults Error 10 with Perl
Message-ID: <mailman.16110.1137101458.24926.mailscanner@lists.mailscanner.info>

On Tue, 2005-10-18 at 11:07 -0700, Scott Silva wrote:
> Julian Field spake the following on 10/18/2005 10:23 AM:
> > I have temporarily disabled his list delivery. He will receive a 
> > notification that this was done, and so he can enable it again when he 
> > returns.
> > 
> > Glenn Steen wrote:
> > 
> > 
> >>>Hi Jules,
> >>>
> >>>Could you zap Mr Lotter a bit with that sweet little LART?
> >>>Or just bump him off the list.
> 
> One of the advantages of reading through GMANE. It seems to kill all the
> vacation messages.
> Now if it would just post faster....

Interesting.

I tried to use this list through gmane before I subscribed recently, but
I got a bounce from the list saying that whatever address gmane wanted
to use for posting wasn't subscribed.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Tue Oct 18 19:56:18 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:58 2006
Subject: Fwd: Abwesenheitsnotiz: Bus Faults Error 10 with Perl
Message-ID: <mailman.16111.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dan Stromberg spake the following on 10/18/2005 11:45 AM:
> On Tue, 2005-10-18 at 11:07 -0700, Scott Silva wrote:
> 
>>Julian Field spake the following on 10/18/2005 10:23 AM:
>>
>>>I have temporarily disabled his list delivery. He will receive a 
>>>notification that this was done, and so he can enable it again when he 
>>>returns.
>>>
>>>Glenn Steen wrote:
>>>
>>>
>>>
>>>>>Hi Jules,
>>>>>
>>>>>Could you zap Mr Lotter a bit with that sweet little LART?
>>>>>Or just bump him off the list.
>>
>>One of the advantages of reading through GMANE. It seems to kill all the
>>vacation messages.
>>Now if it would just post faster....
> 
> 
> Interesting.
> 
> I tried to use this list through gmane before I subscribed recently, but
> I got a bounce from the list saying that whatever address gmane wanted
> to use for posting wasn't subscribed.
> 
You have to subscribe, and then turn off mail after. That way you can post.
If you are just lurking, you don't have to subscribe.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jflowers at EZO.NET  Tue Oct 18 20:14:35 2005
From: jflowers at EZO.NET (Jim Flowers)
Date: Thu Jan 12 21:30:58 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16112.1137101458.24926.mailscanner@lists.mailscanner.info>

Additional Information
----------------------
1. Disabling SpamAssassin eliminates the bus fault error.

2. Enabling Spamassassin with DCC, Razor, Pyzor turned off still has the bus
fault error.

3. Rebuilding Perl 5.8.6, and upgrading SpamAssasin to 3.1.0, MailScanner to
4.44.6 did not eliminate the bus fault errors.

4. Upgrading to Perl 5.8.7 and reinstalling all the perl modules did not
eliminate the bus fault errors.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 18 21:16:52 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:58 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16113.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 18/10/05, Jim Flowers <jflowers@ezo.net> wrote:
> Additional Information
> ----------------------
> 1. Disabling SpamAssassin eliminates the bus fault error.
>
> 2. Enabling Spamassassin with DCC, Razor, Pyzor turned off still has the bus
> fault error.
>
> 3. Rebuilding Perl 5.8.6, and upgrading SpamAssasin to 3.1.0, MailScanner to
> 4.44.6 did not eliminate the bus fault errors.
>
> 4. Upgrading to Perl 5.8.7 and reinstalling all the perl modules did not
> eliminate the bus fault errors.
>

Hmmm, (wild guess) could it perhaps be related to the resolver/DNS?
I presume you've checked that you've only got one SA(?)...
I think you're on the right track though... Just a question of
continuing with SA troubleshooting (mainly "turning things off" (worst
case, rule by rule) and seeing when the SIGBUSes stop).
The above pretty much rules out HW, but I think you knew that too:-).
Then again, running some memory tester periodically is not a _bad_ idea.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jflowers at EZO.NET  Tue Oct 18 21:30:45 2005
From: jflowers at EZO.NET (Jim Flowers)
Date: Thu Jan 12 21:30:58 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16114.1137101458.24926.mailscanner@lists.mailscanner.info>

Forgot to mention: Ran the memtest86 1 pass with no errors.

One significant thing, I am running a sister ship that is (or was) an exact
duplicate via dump/restore with identical hardware that has never had these
kinds of problems.

I think maybe recloning the disk before doing a rule-by-rule debug.

Incidently, thanks for the response.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From naolson at GMAIL.COM  Tue Oct 18 22:27:56 2005
From: naolson at GMAIL.COM (Nathan Olson)
Date: Thu Jan 12 21:30:58 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16115.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

1 pass is often not enough to catch bad memory.

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From craig at WESTPRESS.COM  Tue Oct 18 22:36:13 2005
From: craig at WESTPRESS.COM (Craig Daters)
Date: Thu Jan 12 21:30:58 2006
Subject: Turn off "{Spam not delivered}" messages?
Message-ID: <mailman.16116.1137101458.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am going crazy! I cannot locate which directive shuts off the "{Spam 
not delivered}" message to recipients when they receive spam? I have 
gone through MailScanner.conf time and time again, and I know I am 
passing over it every time. Could someone please slap me across the 
face or something? :)

- ---
Craig Daters (craig@westpress.com)
Systems Administrator

West Press
1663 West Grant Road
Tucson, Arizona 85745

(520) 624-4939 x208
(520) 624-2715 fax
www.westpress.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ1Vq3BBVT8XLuTbnEQJ0tQCg6fzMjm9MTsaHdTQ905zp5m62LP4An0oZ
ioOjkKE+xyL+iaP1FpHbIybm
=cjS/
-----END PGP SIGNATURE-----


--
Please note: It is the policy of West Press that all e-mail
sent to and from any @westpress.com address may be recorded
and monitored. Unless it is West Press related business,
please do not send any material of a private, personal,
or confidential nature to this or any @westpress.com
e-mail address.

This message has been scanned for UCE (spam), viruses,
and dangerous content, and is believed to be clean 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lists at HBCS.ORG  Wed Oct 19 00:10:30 2005
From: lists at HBCS.ORG (Dave Coults)
Date: Thu Jan 12 21:30:58 2006
Subject: Turn off "{Spam not delivered}" messages?
Message-ID: <mailman.16117.1137101458.24926.mailscanner@lists.mailscanner.info>

On Tue, 18 Oct 2005 14:36:13 -0700, Craig Daters <craig@WESTPRESS.COM> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>I am going crazy! I cannot locate which directive shuts off the "{Spam
>not delivered}" message to recipients when they receive spam? I have
>gone through MailScanner.conf time and time again, and I know I am
>passing over it every time. Could someone please slap me across the
>face or something? :)

If it's being sent to whom the spam was intended for, it's in the "What to
do with spam" section - "Spam Actions".

>
>- ---
>Craig Daters (craig@westpress.com)
>Systems Administrator

Dave C
NetAdmin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Wed Oct 19 02:36:35 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:58 2006
Subject: Turn off "{Spam not delivered}" messages?
Message-ID: <mailman.16118.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Coults wrote:
> On Tue, 18 Oct 2005 14:36:13 -0700, Craig Daters <craig@WESTPRESS.COM> wrote:
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I am going crazy! I cannot locate which directive shuts off the "{Spam
>> not delivered}" message to recipients when they receive spam? I have
>> gone through MailScanner.conf time and time again, and I know I am
>> passing over it every time. Could someone please slap me across the
>> face or something? :)
> 
> If it's being sent to whom the spam was intended for, it's in the "What to
> do with spam" section - "Spam Actions".

Or the "High Scoring Spam Actions"

> 
>> - ---
>> Craig Daters (craig@westpress.com)
>> Systems Administrator
> 
> Dave C
> NetAdmin
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Oct 19 09:13:02 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:58 2006
Subject: Turn off "{Spam not delivered}" messages?
Message-ID: <mailman.16119.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 18/10/05, Craig Daters <craig@westpress.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I am going crazy! I cannot locate which directive shuts off the "{Spam
> not delivered}" message to recipients when they receive spam? I have
> gone through MailScanner.conf time and time again, and I know I am
> passing over it every time. Could someone please slap me across the
> face or something? :)
>
If it's just the change to the subject line, I imagine the section about
"Changes to the Subject: line" is where you should be looking;)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From t.d.lee at DURHAM.AC.UK  Wed Oct 19 12:41:31 2005
From: t.d.lee at DURHAM.AC.UK (David Lee)
Date: Thu Jan 12 21:30:58 2006
Subject: phishing whitelist via DNS
Message-ID: <mailman.16120.1137101458.24926.mailscanner@lists.mailscanner.info>

Julian: Last week we briefly discussed the possibility of doing the 
"phishing.safe.sites.conf" information via DNS, so that it could be 
maintained between releases and also follow more closely the methodology 
of RBL blacklists.

I have cobbled together a quick "proof of concept" implementation:
1. loaded our DNS with data derived from a recent copy of the file;
2. patched "Message.pm" ("InPhishingWhitelist" subroutine; based on
    4.47.1);
3. written a little driver program to call "InPhishingWhitelist" (loops on
    stdin: the domain name to be checked).

Doubtless it needs more work (it doesn't yet handle the subtlety of a 
couple of ":81"-like entries in your data; you would probably want to 
rework it for interaction with the "REMOVE" option).  And certainly the 
DNS zonename would have to change (something under "mailscanner.info"?).

Attached are the Message.pm patch and the driver program.  (The DNS data 
should, of course, be visible via DNS.)

Enjoy.

-- 

:  David Lee                                I.T. Service          :
:  Senior Systems Programmer                Computer Centre       :
:                                           Durham University     :
:  http://www.dur.ac.uk/t.d.lee/            South Road            :
:                                           Durham DH1 3LE        :
:  Phone: +44 191 334 2752                  U.K.                  :

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!
    [ Part 2, "Message.pm patch"  Text/PLAIN (Name: "Message.pm.patch")  ]
    [ 32 lines. ]
    [ Unable to print this part. ]


    [ Part 3, "Driver program"  Text/PLAIN (Name: "test.pl")  6 lines. ]
    [ Unable to print this part. ]


From ugob at CAMO-ROUTE.COM  Wed Oct 19 13:06:32 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:58 2006
Subject: Previous message
Message-ID: <mailman.16121.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen <mailto:glenn.steen@gmail.com> wrote:
> On 18/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
>> On 18/10/05, Ugo Bellavance <ugob@camo-route.com> wrote:
>>> Hi Glenn,
>>> 
>>>         Sorry to send an "empty" message.
>>> 
>>> That was revision 3 of my article.
>>> 
>>> Thanks,
>>> 
>>> --
>>> Ugo Bellavance
>>> Administrateur de système/réseau
>>> Camo-route inc.
>>> Tél.: (514) 593-5811 / Télec.: (514) 593-5611
>>> Courriel: ugob@camo-route.com
>>> Site web: http://www.camo-route.com
>>> Placement en ligne: https://placement.emploiquebec.net/
>>> 
>> 
>> OK, here goes (I'll just put the comments in here.... I detest word,
>> so I don't handle it that well, and all the changes might be made in
>> (snippety-snip) 
> 
> Did you get the reply with my changes? Were they approximately in the
> general direction you needed/wanted?

Yes, absolutely.  I just didn't have time to look at it in details yet.

Thanks a lot,

Ugo

> Yeah, I'm a sucker for feedback:-)

Eheh,

Ugo

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Wed Oct 19 13:48:19 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:58 2006
Subject: Previous message
Message-ID: <mailman.16122.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ugo Bellavance wrote:
> Glenn Steen <mailto:glenn.steen@gmail.com> wrote:
>> On 18/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
>>> On 18/10/05, Ugo Bellavance <ugob@camo-route.com> wrote:
>>>> Hi Glenn,
>>>>
>>>>         Sorry to send an "empty" message.
>>>>
>>>> That was revision 3 of my article.
>>>>
>>>> Thanks,
>>>>
>>>> --
>>>> Ugo Bellavance
>>>> Administrateur de système/réseau
>>>> Camo-route inc.
>>>> Tél.: (514) 593-5811 / Télec.: (514) 593-5611
>>>> Courriel: ugob@camo-route.com
>>>> Site web: http://www.camo-route.com
>>>> Placement en ligne: https://placement.emploiquebec.net/
>>>>
>>> OK, here goes (I'll just put the comments in here.... I detest word,
>>> so I don't handle it that well, and all the changes might be made in
>>> (snippety-snip) 
>> Did you get the reply with my changes? Were they approximately in the
>> general direction you needed/wanted?
> 
> Yes, absolutely.  I just didn't have time to look at it in details yet.
> 
> Thanks a lot,
> 
> Ugo
> 
>> Yeah, I'm a sucker for feedback:-)
> 
> Eheh,
> 
> Ugo
> 

Hmmm, how come this reply ended up on the mailing list?

Well, please just ignore this thread.

Thanks,

Ugo

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From craig at WESTPRESS.COM  Wed Oct 19 16:03:12 2005
From: craig at WESTPRESS.COM (Craig Daters)
Date: Thu Jan 12 21:30:58 2006
Subject: Turn off "{Spam not delivered}" messages?
Message-ID: <mailman.16123.1137101458.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Oct 18, 2005, at 2:36 PM, Craig Daters wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I am going crazy! I cannot locate which directive shuts off the "{Spam
> not delivered}" message to recipients when they receive spam? I have
> gone through MailScanner.conf time and time again, and I know I am
> passing over it every time. Could someone please slap me across the
> face or something? :)

Thanks for all your help guys. It was in the "Spam Actions" directive. 
I had appended a "notify" action at the end per a request from some 
employee. It is driving others crazy, so I guess I will have to put it 
into a ruleset. Though I have not heard anything from the "one" that I 
need to release anything, so maybe I'll just shut it off....

- - Craig

- ---
Craig Daters (craig@westpress.com)
Systems Administrator

West Press
1663 West Grant Road
Tucson, Arizona 85745

(520) 624-4939 x208
(520) 624-2715 fax
www.westpress.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQA/AwUBQ1ZgORBVT8XLuTbnEQL8qgCgow9yTfjLEqnuUZ3JVWvAYiRUXqsAn0v8
hf3GNbZ75An14CgzfhXG8i+v
=ch+R
-----END PGP SIGNATURE-----


--
Please note: It is the policy of West Press that all e-mail
sent to and from any @westpress.com address may be recorded
and monitored. Unless it is West Press related business,
please do not send any material of a private, personal,
or confidential nature to this or any @westpress.com
e-mail address.

This message has been scanned for UCE (spam), viruses,
and dangerous content, and is believed to be clean 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Wed Oct 19 18:02:17 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16124.1137101458.24926.mailscanner@lists.mailscanner.info>

Hello,

I had an email come in today with a negative score of 2.60. I searched
the archives and read that it's probably because the email was found on
a (some) RBL(s). I think this is in fact the reason it was marked as
spam.

1. If an email gets a negative score shouldn't it NOT be considered
spam, even if it does reach 'Spam Lists To Be Spam = 1'? In this case it
is a legitimate piece of mail that usually isn't found on the two lists
(SORBS-DNSBL and SORBS-SPAM).

2. I can't be sure of why it got a negative spam score because it wasn't
included in the mail headers and it's not in the maillog either. Notice
below that the line that USUALLY shows the scores and rules that were
tripped is cutoff. (I marked the line with ***) It just says "to
swatgear.com is" and that's it.

Oct 18 11:05:06 localhost sendmail[24018]: j9II55g5024018:
from=<abc@hotmail.com>, size=2188, class=0, nrcpts=1,
msgid=<BAY104-F34DD7766D08FCE76EDD471BB7
10@phx.gbl>, proto=ESMTP, daemon=MTA,
relay=bay104-f34.bay104.hotmail.com [65.54.175.44]
Oct 18 11:05:06 localhost sendmail[24018]: j9II55g5024018:
to=<xyz@swatgear.com>, delay=00:00:01, mailer=esmtp, pri=32188,
stat=queued
Oct 18 11:05:11 localhost MailScanner[22139]: New Batch: Scanning 1
messages, 2683 bytes
Oct 18 11:05:11 localhost MailScanner[22139]: Spam Checks: Starting
Oct 18 11:05:14 localhost MailScanner[22139]: RBL checks: j9II55g5024018
found in SORBS-DNSBL, SORBS-SPAM
*** Oct 18 11:05:17 localhost MailScanner[22139]: Message j9II55g5024018
from 65.54.175.44 (abc@hotmail.com) to swatgear.com is
Oct 18 11:05:17 localhost MailScanner[22139]: Spam Checks: Found 1 spam
messages
Oct 18 11:05:17 localhost MailScanner[22139]: Spam Actions: message
j9II55g5024018 actions are deliver
Oct 18 11:05:18 localhost MailScanner[22139]: Virus and Content
Scanning: Starting

I've since whitelisted this email address in the hopes that even if it
does get found in an RBL (or two or three) it will not have the spam
message added to the subject. Is this true?

And some output from 'MailScanner -v':

This is CentOS release 4.1 (Final)
This is Perl version 5.008005 (5.8.5)
This is MailScanner version 4.46.2


Thanks!
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Wed Oct 19 18:16:27 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16125.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Hello,
> 
> I had an email come in today with a negative score of 2.60. I searched
> the archives and read that it's probably because the email was found on
> a (some) RBL(s). I think this is in fact the reason it was marked as
> spam.

Yes, spam lists in MailScanner.conf will cause the message to be marked as spam,
no matter what the spamassassin score is. They are absolute.

> 
> 1. If an email gets a negative score shouldn't it NOT be considered
> spam, even if it does reach 'Spam Lists To Be Spam = 1'? In this case it
> is a legitimate piece of mail that usually isn't found on the two lists
> (SORBS-DNSBL and SORBS-SPAM).

No. If you trust a DNSBL enough to use it as a MailScanner spam list, then you
should trust it all the time.

If the DNSBL isn't sufficiently accurate for you to trust it, it shouldn't be in
the spam lists, instead it should be called by SA and factored into the score.

> > 2. I can't be sure of why it got a negative spam score because it wasn't
> included in the mail headers and it's not in the maillog either. Notice
> below that the line that USUALLY shows the scores and rules that were
> tripped is cutoff. (I marked the line with ***) It just says "to
> swatgear.com is" and that's it.

That's weird, but I don't know why that would happen.

> I've since whitelisted this email address in the hopes that even if it
> does get found in an RBL (or two or three) it will not have the spam
> message added to the subject. Is this true?

If you whitelisted it using MailScanner's whitelist, yes. If you used
SpamAssassin's whitelist (whitelist_from, etc) then no.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 19 18:23:20 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16126.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Edit /usr/lib/MailScanner/MailScanner/RBLs.pm.
Right at the bottom of the file, edit the last few lines so that they 
look like this:

- -----SNIP-----
  # The return from the pipe is a measure of how spammy it was
  MailScanner::Log::InfoLog("RBL checks: %s found in %s", $message->{id},
                            join(', ', @HitList))
    if @HitList && MailScanner::Config::Value('logspam');
  MailScanner::Log::DebugLog("RBL Checks: returned $PipeReturn");

  # No point actually using $PipeReturn, as we want to get a
  # useful result even when the child never reached its exit()
  #$PipeReturn = $PipeReturn>>8;
  # JKF 3/10/2005
  my $temp = @HitList;
  $temp = $temp + 0;
  return ($temp, join(', ', @HitList));
}

1;
- -----SNIP-----

The new bit is the JKF 3/10/2005 bit. This gets around a Perl bug, the 
same one has happened several times before. This should fix it for you.

Note that you will of course need to restart MailScanner after making 
this change. Before you do this, it is worth syntax-checking your new 
file to be sure you haven't missed a ";" or anything like that:
    perl -c RBLs.pm
That shouldn't output anything much at all. If that is okay, then do a 
"service MailScanner restart".


Chris W. Parker wrote:

>Hello,
>
>I had an email come in today with a negative score of 2.60. I searched
>the archives and read that it's probably because the email was found on
>a (some) RBL(s). I think this is in fact the reason it was marked as
>spam.
>
>1. If an email gets a negative score shouldn't it NOT be considered
>spam, even if it does reach 'Spam Lists To Be Spam = 1'? In this case it
>is a legitimate piece of mail that usually isn't found on the two lists
>(SORBS-DNSBL and SORBS-SPAM).
>
>2. I can't be sure of why it got a negative spam score because it wasn't
>included in the mail headers and it's not in the maillog either. Notice
>below that the line that USUALLY shows the scores and rules that were
>tripped is cutoff. (I marked the line with ***) It just says "to
>swatgear.com is" and that's it.
>
>Oct 18 11:05:06 localhost sendmail[24018]: j9II55g5024018:
>from=<abc@hotmail.com>, size=2188, class=0, nrcpts=1,
>msgid=<BAY104-F34DD7766D08FCE76EDD471BB7
>10@phx.gbl>, proto=ESMTP, daemon=MTA,
>relay=bay104-f34.bay104.hotmail.com [65.54.175.44]
>Oct 18 11:05:06 localhost sendmail[24018]: j9II55g5024018:
>to=<xyz@swatgear.com>, delay=00:00:01, mailer=esmtp, pri=32188,
>stat=queued
>Oct 18 11:05:11 localhost MailScanner[22139]: New Batch: Scanning 1
>messages, 2683 bytes
>Oct 18 11:05:11 localhost MailScanner[22139]: Spam Checks: Starting
>Oct 18 11:05:14 localhost MailScanner[22139]: RBL checks: j9II55g5024018
>found in SORBS-DNSBL, SORBS-SPAM
>*** Oct 18 11:05:17 localhost MailScanner[22139]: Message j9II55g5024018
>from 65.54.175.44 (abc@hotmail.com) to swatgear.com is
>Oct 18 11:05:17 localhost MailScanner[22139]: Spam Checks: Found 1 spam
>messages
>Oct 18 11:05:17 localhost MailScanner[22139]: Spam Actions: message
>j9II55g5024018 actions are deliver
>Oct 18 11:05:18 localhost MailScanner[22139]: Virus and Content
>Scanning: Starting
>
>I've since whitelisted this email address in the hopes that even if it
>does get found in an RBL (or two or three) it will not have the spam
>message added to the subject. Is this true?
>
>And some output from 'MailScanner -v':
>
>This is CentOS release 4.1 (Final)
>This is Perl version 5.008005 (5.8.5)
>This is MailScanner version 4.46.2
>
>
>Thanks!
>Chris.
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1aBCRH2WUcUFbZUEQKnwQCgjhkmwCc5xVvvQ7tGhX8x99cbiaUAoIPZ
I3R4z3u33vSDVhTbSVoFvoVA
=arLi
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Wed Oct 19 18:31:30 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16127.1137101458.24926.mailscanner@lists.mailscanner.info>

Matt Kettler <mailto:mkettler@EVI-INC.COM>
    on Wednesday, October 19, 2005 10:16 AM said:

> No. If you trust a DNSBL enough to use it as a MailScanner spam list,
> then you should trust it all the time.
> 
> If the DNSBL isn't sufficiently accurate for you to trust it, it
> shouldn't be in the spam lists, instead it should be called by SA and
> factored into the score.

Good point.

How do I get SA involved?

> If you whitelisted it using MailScanner's whitelist, yes. If you used
> SpamAssassin's whitelist (whitelist_from, etc) then no.

OK good. I will be using MailScanner's whitelist.


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Wed Oct 19 19:33:29 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16128.1137101458.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailto:MailScanner@ECS.SOTON.AC.UK>
    on Wednesday, October 19, 2005 10:23 AM said:

> Edit /usr/lib/MailScanner/MailScanner/RBLs.pm.
> Right at the bottom of the file, edit the last few lines so that they
> look like this:
[snip]
> The new bit is the JKF 3/10/2005 bit. This gets around a Perl bug, the
> same one has happened several times before. This should fix it for
> you. 
[snip]
>     perl -c RBLs.pm
> That shouldn't output anything much at all. If that is okay, then do a
> "service MailScanner restart".

I made the change you suggested, checked RBLs.pm for syntax errors, and
restarted MailScanner but the logs are still being cut off*. Here is an
example of one that just happened.

Oct 19 11:24:29 localhost MailScanner[8077]: New Batch: Scanning 1
messages, 6385 bytes
Oct 19 11:24:29 localhost MailScanner[8077]: Spam Checks: Starting
Oct 19 11:24:29 localhost MailScanner[8077]: RBL checks: j9JIOG0p008056
found in SORBS-DNSBL, SORBS-SPAM
Oct 19 11:24:32 localhost MailScanner[8077]: Message j9JIOG0p008056 from
199.181.134.25 (bouncesb@q.go.com) to swatgear.com is
Oct 19 11:24:32 localhost MailScanner[8077]: Spam Checks: Found 1 spam
messages
Oct 19 11:24:32 localhost MailScanner[8077]: Spam Actions: message
j9JIOG0p008056 actions are deliver


Chris.

* That is what the change to RBLs.pm was supposed to fix right?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Wed Oct 19 19:35:43 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16129.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Matt Kettler <mailto:mkettler@EVI-INC.COM>
>     on Wednesday, October 19, 2005 10:16 AM said:
> 
> 
>>No. If you trust a DNSBL enough to use it as a MailScanner spam list,
>>then you should trust it all the time.
>>
>>If the DNSBL isn't sufficiently accurate for you to trust it, it
>>shouldn't be in the spam lists, instead it should be called by SA and
>>factored into the score.
> 
> 
> Good point.
> 
> How do I get SA involved?

SA should check the SORBS lists by default, provided you have Net::DNS installed
and you haven't disabled network tests.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 19 20:07:53 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16130.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry, there was another chunk of the patch I should have mentioned too, 
forgot about that. It's all in the latest beta anyway, so give that a 
try please.

Chris W. Parker wrote:

>Julian Field <mailto:MailScanner@ECS.SOTON.AC.UK>
>    on Wednesday, October 19, 2005 10:23 AM said:
>
>  
>
>>Edit /usr/lib/MailScanner/MailScanner/RBLs.pm.
>>Right at the bottom of the file, edit the last few lines so that they
>>look like this:
>>    
>>
>[snip]
>  
>
>>The new bit is the JKF 3/10/2005 bit. This gets around a Perl bug, the
>>same one has happened several times before. This should fix it for
>>you. 
>>    
>>
>[snip]
>  
>
>>    perl -c RBLs.pm
>>That shouldn't output anything much at all. If that is okay, then do a
>>"service MailScanner restart".
>>    
>>
>
>I made the change you suggested, checked RBLs.pm for syntax errors, and
>restarted MailScanner but the logs are still being cut off*. Here is an
>example of one that just happened.
>
>Oct 19 11:24:29 localhost MailScanner[8077]: New Batch: Scanning 1
>messages, 6385 bytes
>Oct 19 11:24:29 localhost MailScanner[8077]: Spam Checks: Starting
>Oct 19 11:24:29 localhost MailScanner[8077]: RBL checks: j9JIOG0p008056
>found in SORBS-DNSBL, SORBS-SPAM
>Oct 19 11:24:32 localhost MailScanner[8077]: Message j9JIOG0p008056 from
>199.181.134.25 (bouncesb@q.go.com) to swatgear.com is
>Oct 19 11:24:32 localhost MailScanner[8077]: Spam Checks: Found 1 spam
>messages
>Oct 19 11:24:32 localhost MailScanner[8077]: Spam Actions: message
>j9JIOG0p008056 actions are deliver
>
>
>Chris.
>
>* That is what the change to RBLs.pm was supposed to fix right?
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1aZiRH2WUcUFbZUEQI45ACgtP84cQZSGS+tU18tebfQ+8PFp/8AnRsr
E8yPojVC6NXxDEdOj3Ld2+RB
=CuKA
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Wed Oct 19 20:21:10 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:58 2006
Subject: "spam" with negative score. What settings do I need to change?
Message-ID: <mailman.16131.1137101458.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailto:MailScanner@ECS.SOTON.AC.UK>
    on Wednesday, October 19, 2005 12:08 PM said:

> Sorry, there was another chunk of the patch I should have mentioned
> too, forgot about that. It's all in the latest beta anyway, so give
> that a try please.

Thanks. I'll just wait till it goes stable.


Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Wed Oct 19 21:25:19 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:30:58 2006
Subject: [Mailwatch-users] Memory Bloat
Message-ID: <mailman.16132.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

This has nothing to do with Logging.... It has to do with custom functions for "Is Definitely Not Spam" and "Is Definitely Spam". 
Are all custom functions only done by the logger? And then why do I see the initialization code run for all custom functions for 
each of the MailScanner children? I know its allocating the HASH tables and populating them from the database each and every time. 
Are you saying that it's overwriting the previous one each time so there's only one copy in memory? If so why not just test for the 
existence of the previous one before going through all that?

Dennis

Glenn Steen wrote:
> On 19/10/05, Dennis Willson <taz@taz-mania.com> wrote:
> 
>>Well I believe I have found something that causes MailWatch to use way more memory than it really needs. I'm just learning Perl so
>>maybe I'm wrong here and if so someone please explain it to me...
>>
>>Setup: MailScanner configured to have 10 children
>>        MailWatch configured with 50 whitelist entries and 50 blacklist entries
>>
>>Each MailScanner child starts its own copy of MailWatches SQLBlackWhite.pm which reads the 100 total blacklist/whitelist entries.
>>Since there are 10 children total this means the 100 blacklist/whitelist entries are duplicated in memory 10 times making it take up
>>1000 entiries worth of memory for only 100 actual entires. This multiples out very quickly.
>>
>>Provided this is true and there isn't something I'm missing, where there's really only one copy (which I doubt since watching the
>>logs show each child invoking and creating its own copy of the list), is there a way in Perl to have "shared" memory?
>>
>>One other question is.. If using a proper connection pool to the database, individual queries should be plenty fast enough to keep
>>up with an MTA processing mail. Why not just do the database queries "on the fly"? This would also get the latest updates instantly
>>instead of waiting for MailScanner to restart its children or the SQLBlackWhite.pm to reload its HASH.
>>
>>Just some thoughts...
>>
>>Dennis
>>
> 
> Use "ps"... How many logging children do you see?
> That's right, of all spawned children just one (is supposed to)
> survive. And if (or rather when) that one dies, one of the MS children
> will spawn a new one. Perhaps a bit confusing, but rather elegant in
> its own way;-)
> 
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Mailwatch-users mailing list
> Mailwatch-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/mailwatch-users

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Oct 19 22:37:44 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:58 2006
Subject: [Mailwatch-users] Memory Bloat
Message-ID: <mailman.16133.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 19/10/05, Dennis Willson <taz@taz-mania.com> wrote:
> This has nothing to do with Logging.... It has to do with custom functions for "Is Definitely Not Spam" and "Is Definitely Spam".
> Are all custom functions only done by the logger? And then why do I see the initialization code run for all custom functions for
> each of the MailScanner children? I know its allocating the HASH tables and populating them from the database each and every time.
> Are you saying that it's overwriting the previous one each time so there's only one copy in memory? If so why not just test for the
> existence of the previous one before going through all that?
>
> Dennis
>
> Glenn Steen wrote:
> > On 19/10/05, Dennis Willson <taz@taz-mania.com> wrote:
> >
> >>Well I believe I have found something that causes MailWatch to use way more memory than it really needs. I'm just learning Perl so
> >>maybe I'm wrong here and if so someone please explain it to me...
> >>
> >>Setup: MailScanner configured to have 10 children
> >>        MailWatch configured with 50 whitelist entries and 50 blacklist entries
> >>
> >>Each MailScanner child starts its own copy of MailWatches SQLBlackWhite.pm which reads the 100 total blacklist/whitelist entries.
> >>Since there are 10 children total this means the 100 blacklist/whitelist entries are duplicated in memory 10 times making it take up
> >>1000 entiries worth of memory for only 100 actual entires. This multiples out very quickly.
> >>
> >>Provided this is true and there isn't something I'm missing, where there's really only one copy (which I doubt since watching the
> >>logs show each child invoking and creating its own copy of the list), is there a way in Perl to have "shared" memory?
> >>
> >>One other question is.. If using a proper connection pool to the database, individual queries should be plenty fast enough to keep
> >>up with an MTA processing mail. Why not just do the database queries "on the fly"? This would also get the latest updates instantly
> >>instead of waiting for MailScanner to restart its children or the SQLBlackWhite.pm to reload its HASH.
> >>
> >>Just some thoughts...
> >>
> >>Dennis
> >>
> >
> > Use "ps"... How many logging children do you see?
> > That's right, of all spawned children just one (is supposed to)
> > survive. And if (or rather when) that one dies, one of the MS children
> > will spawn a new one. Perhaps a bit confusing, but rather elegant in
> > its own way;-)
> >
> > --
> > -- Glenn
> > email: glenn < dot > steen < at > gmail < dot > com
> > work: glenn < dot > steen < at > ap1 < dot > se
> >

Brainshutdown. Sorry.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From digital.java at GMAIL.COM  Wed Oct 19 22:28:43 2005
From: digital.java at GMAIL.COM (Joe Young)
Date: Thu Jan 12 21:30:58 2006
Subject: I have am issue with 'Allow Script Tags' rule.
Message-ID: <mailman.16134.1137101458.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have am issue with 'Allow Script Tags' rule. The ruleset that I
created is not working. Here is the rule with in Mailscanner.conf:
Allow Script Tags = %rules-dir%/strlg.script.blocking.rules

Here is the contents of %rules-dir%/strlg.script.blocking.rules
----
FromorTo:     default         disarm
From:   joe@naos.sterling.net      yes
----

When I send this test email through our filtering server, MailScanner
disarms the script. What am I doing wrong?


<MailScannerScript20482 SCRIPT language=JavaScript>
//ord=Math.random()*10000000000000000;
document.write('<SCRIPT LANGUAGE="JavaScript"
SRC="http://ad.doubleclick.net/adj/FootwearNews/newsletter;ord=#random##time##millisecond#?"><\/SCRIPT>');
</MailScannerScript20482>
<NOSCRIPT><A
href="http://ad.doubleclick.net/jump/FootwearNews/newsletter;ord=#random##time##millisecond#?"
target=_blank><IMG height=60 alt=""
src="http://ad.doubleclick.net/ad/FootwearNews/newsletter;ord=#random##time##millisecond#?"
width=468 border=0></A> </NOSCRIPT><!-- End ad tag --> <TABLE width=450>
  <TBODY>
  <TR>


Also, I am running on
Linux arwen.sterling.net 2.6.9-11.ELsmp #1 SMP Wed Jun 8 17:54:20 CDT
2005 i686 i686 i386 GNU/
Linux
This is CentOS release 4.0 (Final)
This is Perl version 5.008005 (5.8.5)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Wed Oct 19 22:50:13 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:59 2006
Subject: I have am issue with 'Allow Script Tags' rule.
Message-ID: <mailman.16135.1137101458.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Wednesday, October 19, 2005 4:29
PM:

> I have am issue with 'Allow Script Tags' rule. The ruleset
> that I created is not working. Here is the rule with in
> Mailscanner.conf:
> Allow Script Tags = %rules-dir%/strlg.script.blocking.rules
> 
> Here is the contents of %rules-dir%/strlg.script.blocking.rules
> ----
> FromorTo:     default         disarm
> From:   joe@naos.sterling.net      yes
> ----
> 
> When I send this test email through our filtering server,
> MailScanner disarms the script. What am I doing wrong?
> 
> 


The default rule should be the LAST rule, not the first.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Wed Oct 19 23:43:37 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:30:59 2006
Subject: Overloading Rulesets and Postfix Error
Message-ID: <mailman.16136.1137101459.24926.mailscanner@lists.mailscanner.info>

Hi All

I think I have just found another 'feature' of Postfix and  
MailScanner's integration. I was putting together some rulesets as  
per here http://wiki.mailscanner.info/doku.php? 
id=documentation:configuration:rulesets:overloading for one of my  
virtual domains. I first tested it on one of my local domains, no  
problem but when I have come to change it over it fails. I started  
doing some digging and it would appear that MailScanner doesn't quite  
understand who the recipient (To:) is.

To explain further, with virtual alias domains Postfix uses the  
Trivial rewrite service to sanitise mail and expand virtual alias  
addresses before it queues the message (Just after the smtpd process  
has received it). This results in MailScanner receiving messages with  
To: addresses like <user>@virtual1.com, <user>@somewhere_else.com.  
This can be seen in postmaster notifications and sender reports as  
the To: line has both addresses. Julian fixed a long time ago reports  
showing the same address twice but these are different as one is the  
alias and the other the real address that the message is being  
relayed to.

I believe it is this that is screwing up my ruleset as the To: works  
fine for real addresses and even hosted virtual addresses but it just  
won't work for virtual aliases. I have tried to put   
<user>@virtual1.com, <user>@somewhere_else.com in the ruleset but  
MailScanner doesn't like the space between the ',' and the second  
address. It doesn't match with out the space.

Can any one disprove my theory and have this working with Postfix to  
prove I have my ruleset wrong? If not can anyone think of a solution  
(I code like a sysadmin so taking apart Julian's excellent work is  
not an option for me :-( )?

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mark at PRESLING.COM  Thu Oct 20 04:13:26 2005
From: mark at PRESLING.COM (Mark Presling)
Date: Thu Jan 12 21:30:59 2006
Subject: Archive format and how to resend
Message-ID: <mailman.16137.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi All,

I have a MailScanner setup with Postfix as the MTA. I have been 
archiving email for a while now and suddenly need to recover some email 
for a client who has managed to loose the last 3 days worth of email 
through a config problem.

wha:/var/spool/MailScanner/archive# ll 20051020
total 17M
-rw-------  1 postfix postfix 2.4K Oct 20 06:08 002862E812A.14E0C
-rw-------  1 postfix postfix 1.3K Oct 20 05:47 002D42E812A.069C9
-rw-------  1 postfix postfix 2.0K Oct 20 06:10 020F62E812A.66F55
-rw-------  1 postfix postfix 2.3K Oct 20 05:44 02C142E812A.2DD34
-rw-------  1 postfix postfix 2.2K Oct 20 07:01 02E472E812A.EC424
-rw-------  1 postfix postfix 1.5K Oct 20 13:07 03D7D29C004.65F7E
...

wha:/var/spool/MailScanner/archive/20051020# file 002862E812A.14E0C
002862E812A.14E0C: data

wha:/var/spool/MailScanner/archive/20051020# head 002862E812A.14E0C
C?           2157             283               1               0T
1129741677S0snd_pcm_hw_params_set_buffer_size_first@skim.comAclient_address=219.139.21.39A%message_origin=unknown[219.139.21.39]Ahelo_name=-1209795080Aprotocol_name=SMTPOhayley@presling.comRhayley@presling.comMN4Received: from -1209795080 (unknown [219.139.21.39])N7   by wha.presling.com (Postfix) with SMTP id 002862E812ANB    for <hayley@presling.com>; Thu, 20 Oct 2005 06:07:57 +1300 (NZDT)N3Received: from skim.com (-1209937336 [-1209789520])N1 by google.com (Qmailv1) with ESMTP id A5D3A67DB1N;   for <hayley@presling.com>; Wed, 19 Oct 2005 13:02:25 -0400N%Date: Wed, 19 Oct 2005 13:02:25 -0400N?From: Doctor <snd_pcm_hw_params_set_buffer_size_first@skimX-Priority: 3N0Message-ID: <8895310132.20051019130225@skim.com>N To: Hayley <hayley@presling.com>N+Subject: The Ultimate Online PharmaceuticalNMIME-Version: 1.0N$Content-Type: multipart/alternative;N%     boundary="----------82AB3CB11188FA5"N7X-Virus-Scanned: by amavisd-milter (http://amavis.org/)NN,This is a multi-part messagein MIME format.NN-----------82AB3CB11188FA5Nâ^Ö^ÒContent-Type: text/plainNContent-Transfer-Encoding: 7bitNN


OK. So from that it looks as though MailScanner just makes a straight 
copy of the Postfix message from the hold queue. I have a single Postfix 
instance that puts the message into the hold queue for MailScanner to 
pick up.

What I want to know is how do I resend that file? I have been searching 
the net and the mail archives etc for a while and can't find any info. I 
guess someone must have needed to do this before.

Any suggestions? I have tried copying those files directly into the 
postfix maildrop dir, back into the hold dir, into the incoming dir... 
but neither Postfix or MailScanner picks them up.

Any help would be appreciated. I'm sure it's a simple thing to do.

Cheers,
Mark

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "mark.vcf")  2 lines. ]
    [ Unable to print this part. ]


From mark at PRESLING.COM  Thu Oct 20 04:51:46 2005
From: mark at PRESLING.COM (Mark Presling)
Date: Thu Jan 12 21:30:59 2006
Subject: Archive format and how to resend
Message-ID: <mailman.16138.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

After more poking around in the wiki I found a page about releasing 
emails from quarantine at 
http://wiki.mailscanner.info/doku.php?id=documentation:configuration:mta:postfix:how_to:release_quarantined_mail

I found that the key ingredient that I was missing appears to have been 
that the file permission must be changed:

Releasing an email from quarantine is a simple matter of replacing the
queue file back into the Postfix queue, so that it gets sent. The
permissions on the file are wrong, however and must be changed. 

# chmod 700 <filename>


Doing that fixed it. I never would have guessed that! Sorry for spamming 
the list.

Mark

Mark Presling wrote:

> Hi All,
>
> I have a MailScanner setup with Postfix as the MTA. I have been 
> archiving email for a while now and suddenly need to recover some 
> email for a client who has managed to loose the last 3 days worth of 
> email through a config problem.
>
> wha:/var/spool/MailScanner/archive# ll 20051020
> total 17M
> -rw-------  1 postfix postfix 2.4K Oct 20 06:08 002862E812A.14E0C
> -rw-------  1 postfix postfix 1.3K Oct 20 05:47 002D42E812A.069C9
> -rw-------  1 postfix postfix 2.0K Oct 20 06:10 020F62E812A.66F55
> -rw-------  1 postfix postfix 2.3K Oct 20 05:44 02C142E812A.2DD34
> -rw-------  1 postfix postfix 2.2K Oct 20 07:01 02E472E812A.EC424
> -rw-------  1 postfix postfix 1.5K Oct 20 13:07 03D7D29C004.65F7E
> ...
>
> wha:/var/spool/MailScanner/archive/20051020# file 002862E812A.14E0C
> 002862E812A.14E0C: data
>
> wha:/var/spool/MailScanner/archive/20051020# head 002862E812A.14E0C
> C?           2157             283               1               0T
> 1129741677S0snd_pcm_hw_params_set_buffer_size_first@skim.comAclient_address=219.139.21.39A%message_origin=unknown[219.139.21.39]Ahelo_name=-1209795080Aprotocol_name=SMTPOhayley@presling.comRhayley@presling.comMN4Received: 
> from -1209795080 (unknown [219.139.21.39])N7   by wha.presling.com 
> (Postfix) with SMTP id 002862E812ANB    for <hayley@presling.com>; 
> Thu, 20 Oct 2005 06:07:57 +1300 (NZDT)N3Received: from skim.com 
> (-1209937336 [-1209789520])N1 by google.com (Qmailv1) with ESMTP id 
> A5D3A67DB1N;   for <hayley@presling.com>; Wed, 19 Oct 2005 13:02:25 
> -0400N%Date: Wed, 19 Oct 2005 13:02:25 -0400N?From: Doctor 
> <snd_pcm_hw_params_set_buffer_size_first@skimX-Priority: 
> 3N0Message-ID: <8895310132.20051019130225@skim.com>N To: Hayley 
> <hayley@presling.com>N+Subject: The Ultimate Online 
> PharmaceuticalNMIME-Version: 1.0N$Content-Type: 
> multipart/alternative;N%     
> boundary="----------82AB3CB11188FA5"N7X-Virus-Scanned: by 
> amavisd-milter (http://amavis.org/)NN,This is a multi-part messagein 
> MIME format.NN-----------82AB3CB11188FA5Nâ^Ö^ÒContent-Type: 
> text/plainNContent-Transfer-Encoding: 7bitNN
>
>
> OK. So from that it looks as though MailScanner just makes a straight 
> copy of the Postfix message from the hold queue. I have a single 
> Postfix instance that puts the message into the hold queue for 
> MailScanner to pick up.
>
> What I want to know is how do I resend that file? I have been 
> searching the net and the mail archives etc for a while and can't find 
> any info. I guess someone must have needed to do this before.
>
> Any suggestions? I have tried copying those files directly into the 
> postfix maildrop dir, back into the hold dir, into the incoming dir... 
> but neither Postfix or MailScanner picks them up.
>
> Any help would be appreciated. I'm sure it's a simple thing to do.
>
> Cheers,
> Mark
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/X-VCARD (charset: UTF-8 "Internet-standard Unicode") ]
    [ (Name: "mark.vcf")  2 lines. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Thu Oct 20 08:45:30 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: I have am issue with 'Allow Script Tags' rule.
Message-ID: <mailman.16139.1137101459.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 19 Oct 2005, at 22:50, Mike Kercher wrote:

> MailScanner mailing list <> scribbled on Wednesday, October 19,  
> 2005 4:29
> PM:
>
>
>> I have am issue with 'Allow Script Tags' rule. The ruleset
>> that I created is not working. Here is the rule with in
>> Mailscanner.conf:
>> Allow Script Tags = %rules-dir%/strlg.script.blocking.rules
>>
>> Here is the contents of %rules-dir%/strlg.script.blocking.rules
>> ----
>> FromorTo:     default         disarm
>> From:   joe@naos.sterling.net      yes
>> ----
>>
>> When I send this test email through our filtering server,
>> MailScanner disarms the script. What am I doing wrong?
>>
>>
>>
>
>
> The default rule should be the LAST rule, not the first.

That shouldn't actually make any difference. Is he restarting/ 
reloading MailScanner after the change? Is this the envelope From  
address, as you must remember MailScanner doesn't use the Header  
From: address.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ1dLJfw32o+k+q+hAQESUAf+N2wHoXVOHkFlueL5omMPyPRwQDHsWNu4
UwgGwC1FBKA0OZkbY3w+nSgRbGCA+Yec6++dsPYoV3zhVpalqJ0PkHYhfhOriz+h
WqYMOy+np6VcHzuE0XjuAL9ma3fyauWdf/ZXLIQwH7r8+VsXQaE49qeqzogesMVA
3rVVaVSiQvCXiaYavWcJ2nOd5o8EsUyT4gBdX6MuMbgpRqfi6RwZ5O8Mq2DNhlm0
b3roMGTOs+6R1sECUZYclunoSXdD3L6rD998+l8B20Mh8PhXZAE2fo4Q/C+kfSm1
FYuzCnjFdhPR16f6fSuTTv3KXTD1+JuozXrdmxgVtzL/knKXmdRaVA==
=J5Ck
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmehler26 at woh.rr.com  Thu Oct 20 14:36:49 2005
From: dmehler26 at woh.rr.com (Dave)
Date: Thu Jan 12 21:30:59 2006
Subject: foreign spam
Message-ID: <mailman.16140.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,
    I've got a recurring issue. I'm getting spam that's foreign, has unusual 
symbols in the from, subject, and don't even try to open it. I'd like to get 
rid of this, it's definitely not english, i don't know what it is. I'm also 
seeing issues where spam should have been stopped but it was delivered. This 
box has been running freebsd, postfix, ms, and sa with all the ports up2date 
for quite a while, i'm not sure why i'm seeing this now and would love to 
stop it.
Thanks.
Dave.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Thu Oct 20 14:26:58 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:59 2006
Subject: RHEL3 -> RHEL4 upgrade?
Message-ID: <mailman.16141.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris Stone wrote:
> On Wednesday 20 July 2005 11:21 am, Ugo Bellavance wrote:
>> 	Anyone successfully upgraded a MailScanner (dedicated) server running
>> RHEL3 (or a clone) to RHEL4?
> 
> I upgraded one from WhiteBox to CentOS 3 and then to CentOS 4 without any 
> problems. Just followed notes on the CentOS web site for doing this - pretty 
> straightforward.
> 
> Chris
> 

Chris, could you elaborate a bit on this?  About how much time did it 
take?  What was your upgrade method?  What is your setup?

Anyone have an experience of RHEL3 -> RHEL4 upgrade of a MailScanner 
server to report?

Thanks,
-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From adrik at SALESMANAGER.NL  Thu Oct 20 15:00:25 2005
From: adrik at SALESMANAGER.NL (Adri Koppes)
Date: Thu Jan 12 21:30:59 2006
Subject: foreign spam
Message-ID: <mailman.16142.1137101459.24926.mailscanner@lists.mailscanner.info>

Dave,

If you are confident you will only receive English language emails, you
could add:

ok_locales en
ok_languages en

to your local.cf in the SpammAssassin config directory.
You can also extend this with more languages or charsets. See the SA
documentation.
If you are using SA 3.10, make sureyou have enabled the TextCat plugin
in v310.pre.

Adri.


> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Dave
> Sent: Thursday, October 20, 2005 15:37
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: foreign spam
> 
> Hello,
>     I've got a recurring issue. I'm getting spam that's 
> foreign, has unusual symbols in the from, subject, and don't 
> even try to open it. I'd like to get rid of this, it's 
> definitely not english, i don't know what it is. I'm also 
> seeing issues where spam should have been stopped but it was 
> delivered. This box has been running freebsd, postfix, ms, 
> and sa with all the ports up2date for quite a while, i'm not 
> sure why i'm seeing this now and would love to stop it.
> Thanks.
> Dave.
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Thu Oct 20 15:14:17 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:30:59 2006
Subject: foreign spam
Message-ID: <mailman.16143.1137101459.24926.mailscanner@lists.mailscanner.info>

Dave <> said on 20 October 2005 14:37:

> Hello,
>     I've got a recurring issue. I'm getting spam that's foreign, has
> unusual symbols in the from, subject, and don't even try to open it.
> I'd like to get rid of this, it's definitely not english, i don't
> know what it is. I'm also seeing issues where spam should have been
> stopped but it was delivered. This box has been running freebsd,
> postfix, ms, and sa with all the ports up2date for quite a while, i'm
> not sure why i'm seeing this now and would love to stop it. Thanks.  
> Dave.
> 

Are you using any custom SA rules?




Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Thu Oct 20 16:14:50 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:59 2006
Subject: RHEL3 -> RHEL4 upgrade?
Message-ID: <mailman.16144.1137101459.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Thursday, October 20, 2005 8:27 AM:

> Chris Stone wrote:
>> On Wednesday 20 July 2005 11:21 am, Ugo Bellavance wrote:
>>> 	Anyone successfully upgraded a MailScanner (dedicated) server
>>> running
>>> RHEL3 (or a clone) to RHEL4?
>> 
>> I upgraded one from WhiteBox to CentOS 3 and then to CentOS
> 4 without
>> any problems. Just followed notes on the CentOS web site for doing
>> this - pretty straightforward.
>> 
>> Chris
>> 
> 
> Chris, could you elaborate a bit on this?  About how much
> time did it take?  What was your upgrade method?  What is your setup?
> 
> Anyone have an experience of RHEL3 -> RHEL4 upgrade of a
> MailScanner server to report?
> 
> Thanks,

I did an upgrade from FC2 to CentOS 4.2 this morning.  There were only a few
dependency issues.  I removed a couple of offending RPM's, did a yum update
and after downloading about 1300 packages, the install went smoothly.

I had to install the EL kernel-smp manually since the stock FC2 kernel was
more recent, but other than that, the system rebooted into CentOS4.2 without
issue.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Thu Oct 20 16:52:35 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:59 2006
Subject: FYI: dccproc vs dccifd
Message-ID: <mailman.16145.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Here is a discussion I has on the DCC mailing list with DCC's author:

 > long time if there was a clear-cut advantage to run dccifd instead of
 > dccproc on a mail server.  In my case, MailScanner calls SpamAssassin,
 > which in turn calls DCC.  I usually use DCCifd on the servers I
 > maintain, but I haven't done any real performance tests.  I know that > a
 > daemon like DCCifd is usually faster than a single process because it 
 >  is
 > always in memory, but I've been told that since dccproc is called very
 > often, the process of paging in/out shouldn't be very slow.  Comments?

dccproc involves a fork() and exec() and then sending the message through
a pipe to the child process and receiving the answer.
dccifd need only send the message over UNIX domain socket to a daemon
and receiving the answer.

Dccproc must open, validate, and mmap() the whiteclnt and whiteclnt.dccw
files, while dccifd caches open files and mmap() regions.
Dccproc also creates creates a socket to talk to the DCC server while
dccifd caches open sockets.

I must admit that I've been too lazy to do obvious tests.

Vernon Schryver

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Thu Oct 20 17:33:32 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:30:59 2006
Subject: feature request
Message-ID: <mailman.16146.1137101459.24926.mailscanner@lists.mailscanner.info>

1. I've been asked to implement a form of disclaimer for outgoing email
(I know I know). However, my setup is quite complex and some mail will
traverse more than one relay. In this case, the message gets signed with
the inline signature more than once. Can the first sig be detected and
signing skipped?

2. also related to this subject. I'm relaying mail for many different
domains but I'd really only like to sign mail destined for non-managed
domains ie external mail. Is it possible to implement sets in the rules
so that I can group all my domains into a set and turn off signing for
mail destined there with one statement?

DOMAINS="one.domain.org two.domain.com another.ac.uk"
To:	$DOMAINS	no
From:	$DOMAINS	yes

or similar?

Actually, having written this down, a solution to 2 would solve 1 as
well (for me).

GREG

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From vachanta at GMAIL.COM  Thu Oct 20 17:52:29 2005
From: vachanta at GMAIL.COM (Venkata Achanta)
Date: Thu Jan 12 21:30:59 2006
Subject: E-mail encryption
Message-ID: <mailman.16147.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation/2003JANETCERTConfere
nce_files/frame.htm

see slide 14

Encrypted E-Mail

^ÕCan selectively enforce or ban use of encrypted email between addresses 
^ÕWill save public keys from email messages allowing future automatic 
encryption to be implemented if needed

Is anybody using these features ? If yes, can you share your experiences 
about this feature especially the "automatic encryption".

Thanks much,
Venkata Achanta

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From phachey at CITY.CORNWALL.ON.CA  Thu Oct 20 17:40:00 2005
From: phachey at CITY.CORNWALL.ON.CA (Philip Hachey)
Date: Thu Jan 12 21:30:59 2006
Subject: OT: Using DCC for greylisting
Message-ID: <mailman.16148.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

For anyone else that would also like to run DCC at the MTA (sendmail) level
using the dccm milter instead of having SpamAssassin call dccifd and/or
would like to use dccm as their greylist milter, the below account of what I
did to achieve this should help.  Note that dccm is a sendmail milter, and
so this is not applicable to other MTAs.

I'm not about to argue the merits of doing this beyond my intentions stated
in my previous email (see botoom).  This is merely to assist those who've
already decided for themselves that this is what they want.  As an added
bonus, the "broken pipe" messages in my maillog that were common with SA's
use of dccifd have disappeared.

Starting System
===============
WhiteBox 3 (clone of RedHat Enterprise 3)
MailScanner-4.46.2-2
Mail-SpamAssassin-3.1.0
perl-5.8.7
sendmail-8.13.4
dcc-1.3.20 (Original installation of dcc only had dccifd enabled, which was
used by SA's DCC plugin to trigger DCC_CHECK scores)

Disable DCC in SA
=================
- In /etc/mail/spamassassin/v310.pre:
* Comment out ^Óloadplugin Mail::SpamAssassin::Plugin::DCC^Ô

- In /etc/MailScanner/spam.assassin.prefs.conf:
* Comment out or remove the 'dcc_' lines (which, I know, isn't strictly
necessary since the plugin is disabled)

- Stop dcc service ('ps -e' should no longer show dccifd running)

SpamAssassin Rules
==================
Now that SA's DCC plugin is disabled, prepare SpamAssassin to recognize and
score DCC based on the headers that will be added by dccm:

Create a file called dccm_header.cf in your custom rules folder containing
the following lines (or just add these lines to the end of your
/etc/MailScanner/spam.assassin.prefs.conf):

# This ruleset created to detect and use DCCM milter inserted headers
# instead of the SpamAssassin DCC plugin

full     DCC_CHECK_HDR /^X-DCC-(?:[^:]{1,80}-)?Metrics:.*bulk/m
describe DCC_CHECK_HDR Use of 'dccm' header to mimic DCC_CHECK
score    DCC_CHECK_HDR 0 1.37 0 2.17

Make and Install DCC
====================
- Fetch and unpack the dcc source from http://www.rhyolite.com/anti-spam/dcc/

**I installed DCC in /usr/local/dcc.  You may wish to retain the default
path of /var/dcc**

- Where <sendmail-build-path> is the build path from your installation of
sendmail 8.13, run:
# ./configure --homedir=/usr/local/dcc --with-sendmail=<sendmail-build-path>
# make
# make install

# cp -p misc/dcc.m4 /usr/share/sendmail-cf/feature/
[IMPORTANT: make sure the date stamp of the above
/usr/share/sendmail-cf/feature/dcc.m4 in the sendmail feature directory
corresponds with the build time]

- In /usr/local/dcc/dcc_conf:
* Change ^ÓDCCM_ENABLE^Ô to ^Óon^Ô
* Change ^ÓDCCM_ARGS^Ô FROM [blank] TO ^Ó-aIGNORE^Ô
* Change ^ÓDCCM_REJECT_AT^Ô FROM [blank] TO 999999
* Change ^ÓDCCIFD_ENABLE^Ô to ^Óoff^Ô
- If you want to use dccm to do greylisting, then also:
* Change ^ÓGREY_ENABLE^Ô from [blank] to ^Óon^Ô
* Change ^ÓGREY_CLIENT_ARGS^Ô from [blank] to ^Óon^Ô

- Optionally, in /usr/local/dcc/whiteclnt add "ok  env_to" lines for your
local domain postmaster(s)

Start DCC
=========

- Start the dcc service.  'ps -e' should show dccm.  dccd will also be
present if you have enabled greylisting.

- If using greylisting, then run:
# cdcc info
If the greylist server is listed as not responding, then run
# cdcc "add localhost greylist 32768 <secret>"
where <secret> can be found in /usr/local/dcc/ids
and restart dcc

Reconfigure Sendmail to use dccm
================================
- Insert before ^ÓMAILER^Ô lines in /etc/mail/sendmail.mc:
FEATURE(dcc)dnl

- Run 'make -C /etc/mail' or whatever you use to update sendmail.cf from
sendmail.mc

- Restart MailScanner and sendmail

- Monitor your maillog for a while to verify that greylisting is happening
(if enabled), that X-DCC headers are being added by dccm and DCC_CHECK_HDR
is being triggered in SA by bulk mail

OPTIONAL: Add Logwatch filters
==============================
For this, I'm using logwatch-7.0-2:

Create a file called /etc/logwatch/conf/services/sendmail.conf containing:
------
$Sendmail_Detail = 5

$Sendmail_MatchFilter = "                                            \
   # Filter and count how many times a DCC header is added by 'dccm' \
   if ($ThisLine =~ /Milter change \(add\): header: X-DCC-/) {       \
      $MilterHeaderCount{"X-DCC: total"}++;                          \
      if ($ThisLine =~ /bulk/) {                                     \
          $MilterHeaderCount{"X-DCC: bulk"}++;                       \
      }                                                              \
      $ThisLine = "DEBUG: ";                                         \
   }                                                                 \
                                                                     \
   # Filter and count how many messages were greylist embargoed            
                       \
   if ($ThisLine =~ /stat=mail .{14} from (\d{1,3}\.){1,3}\d{1,3} temporary
greylist embargoed/) { \
      $ThisLine = "DEBUG: ";                                               
                       \
   }"
------

All done,
Philip J. Hachey

---------------
On Fri, 7 Oct 2005 15:12:31 -0400, Philip Hachey
<PHachey@CITY.CORNWALL.ON.CA> wrote:

>I'm about to go ahead and reconfigure DCC so that 1) it runs at the MTA
>level and 2) acts as greylist milter for Sendmail.
>
>Running DCC at the MTA level (as a daemon) should be more efficient than
>having SpamAssassin call dccifd -- and I still plan on SpamAssassin using
>DCC in it's scoring which is fine, since SA looks for the presence of  a
>DCC added header (basing it's scores on that) and only queries dccifd if
>there isn't one (or for reporting).
>
>My main motivation for running DCC at MTA is to use it's greylisting.  If
>there's anyone here who has some experience with DCC greylist features,
>would you be so kind as to share your experience?  Were there any issues
>with SpamAssassin or MailScanner?  How does it compare with other greylist
>implementations?
>
>Thanks,
>----------------------------------
>Philip J. Hachey, BCS(High Hons)
>Programmer-Analyst
>City of Cornwall

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 20 18:11:09 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: feature request
Message-ID: <mailman.16149.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This is all in the book :-)
You have bought your copy, haven't you?

Greg Matthews wrote:

>1. I've been asked to implement a form of disclaimer for outgoing email
>(I know I know). However, my setup is quite complex and some mail will
>traverse more than one relay. In this case, the message gets signed with
>the inline signature more than once. Can the first sig be detected and
>signing skipped?
>  
>
Set "Sign Messages Already Processed = no" and set the %org-name% the 
same in all your MailScanners. It uses the presence of the 
X-%org-name%-MailScanner: header to work out if it still needs signing. 
It's about the only time MailScanner uses the contents of a header to 
affect processing.

>2. also related to this subject. I'm relaying mail for many different
>domains but I'd really only like to sign mail destined for non-managed
>domains ie external mail. Is it possible to implement sets in the rules
>so that I can group all my domains into a set and turn off signing for
>mail destined there with one statement?
>
>DOMAINS="one.domain.org two.domain.com another.ac.uk"
>To:	$DOMAINS	no
>From:	$DOMAINS	yes
>
>or similar?
>  
>
Yes. Create a file called, for example, /etc/MailScanner/domain.list and 
put this in it:
one.domain.org
two.domain.com
another.ac.uk

Then in the ruleset use this:
To: /etc/MailScanner/domain.list no
From: /etc/MailScanner/domain.list yes

It's not true ruleset nesting, it is just using a list of address 
patterns to save you having to write multiple rules yourself. It is 
implemented by generating a rule for every address pattern listed in 
your domain.list file. So they can be anything allowed in an address 
pattern, domain names, email addresses, perl regexps, etc, etc...

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1fPrhH2WUcUFbZUEQLLSgCgnG+VbAsamng1R+bEBjB2Cr2SPpoAoI/B
XzHrV5KFK9mEV+WnxIXiGnFr
=iKGM
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 20 18:23:16 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: E-mail encryption
Message-ID: <mailman.16150.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Venkata Achanta wrote:

>http://www.sng.ecs.soton.ac.uk/mailscanner/Presentation/2003JANETCERTConfere
>nce_files/frame.htm
>
>see slide 14
>  
>
Good heavens! Somebody read one of my presentations! If you want the 
source of the presentations, then look in 
"www.sng.ecs.soton.ac.uk/mailscanner/Presentations" (capital P).

>Encrypted E-Mail
>
>^ÕCan selectively enforce or ban use of encrypted email between addresses 
>^ÕWill save public keys from email messages allowing future automatic 
>encryption to be implemented if needed
>
>Is anybody using these features ? If yes, can you share your experiences 
>about this feature especially the "automatic encryption".
>  
>
This is code I wrote for 1 site a long time ago, and it is currently 
disabled with a comment.
Edit SweepContent.pm and look for "ExtractPublicKeys". You will find a 
call to that which is commented out. Remove the # from that line and the 
"if" line below it.

In MailScanner.conf add 2 options:
Archive Public Keys = yes
Public Key Archive Dir = /var/spool/MailScanner/keys
and do
mkdir /var/spool/MailScanner/keys
and make sure that the "Run As User" can read+write the directory.

Then restart MailScanner and it will start generating files in that 
directory named after the date and the sender address, each containing 
the data extracted from the message.

I hope that all works.

Can someone put this into the wiki please?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1fShRH2WUcUFbZUEQJTwgCeKSqotIZP5phXCrbE5o2He/zImtwAn3Hj
phIe5z+r83rvI51uGI1Wgqo1
=eQVE
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Oct 20 18:25:24 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:59 2006
Subject: Feature request
Message-ID: <mailman.16151.1137101459.24926.mailscanner@lists.mailscanner.info>

Hello,

I'd like know if it's possible to delete a message that has N or more
recipients that do not appear in /etc/mail/access. I just got an email
that scored only a 6.23 (regular spam is at 5, high spam is at 11) but
of the six recipients on the email only one of them was valid. The other
addresses were just dictionary type attack addresses (as opposed to
former employees' addresses).

With an option like 'Delete On Invalid Recipient Count = N' in place MS
could have deleted this email even though it scored below the high spam
score (which I have set to delete).

In my environment I could safely set it to something low like 2 and
still be confident that I wouldn't be cutting out any legitimate email.

Or perhaps this is already possible with a custom SA rule or a milter?


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmehler26 at woh.rr.com  Thu Oct 20 18:36:20 2005
From: dmehler26 at woh.rr.com (Dave)
Date: Thu Jan 12 21:30:59 2006
Subject: foreign spam
Message-ID: <mailman.16152.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,
    Thanks for the replies. I am using sa 3.1.0 as an fbsd port. I'm also 
using ms-4.4.6 latest port also.
Upon suggestions i've added:

ok_locales en
ok_languages en

to my local.cf file and enabled the textcat plugin. I noticed bayes, or 
maybe it was pyzor or razor2 can't remember which was disabled, was this 
done intentionally? This is a mostly out of the box install, and for not 
customizing very much aside from tweaking some spam scores and altering the 
subject of spam messages sa 3.1 in combination with mailscanner makes one 
h*ll of a antispam tool! I have not written any custom spam rules as my 
existing setup catches a majority of it, though if anyone has any they'd 
like to share i am open to them.
I've got two unrelated questions, but does anyone have an entry for the 
website name, particularly one that has a spam policy page? I'd like to put 
up one, but have no idea how to say it. I hate spam, says the obvious, but 
if someone legit hits it i'd like the page to be semi-informative while not 
allowing spammers a wayaround. Secondly, what spamlists are the best? I know 
there's a lot of them, which ones catch the most, i'm looking for free ones 
with good reputations.
Any other suggestions welcome.
Thanks a lot.
Dave.



----- Original Message ----- 
From: "Michele Neylon :: Blacknight Solutions" <michele@BLACKNIGHT.IE>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, October 20, 2005 10:14 AM
Subject: Re: foreign spam


> Dave <> said on 20 October 2005 14:37:
>
>> Hello,
>>     I've got a recurring issue. I'm getting spam that's foreign, has
>> unusual symbols in the from, subject, and don't even try to open it.
>> I'd like to get rid of this, it's definitely not english, i don't
>> know what it is. I'm also seeing issues where spam should have been
>> stopped but it was delivered. This box has been running freebsd,
>> postfix, ms, and sa with all the ports up2date for quite a while, i'm
>> not sure why i'm seeing this now and would love to stop it. Thanks.
>> Dave.
>>
>
> Are you using any custom SA rules?
>
>
>
>
> Mr Michele Neylon
> Blacknight Solutions
> Quality Business Hosting & Colocation
> http://www.blacknight.ie/
> Tel. 1850 927 280
> Intl. +353 (0) 59  9183072
> UK: 0870 163 0607
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 59  9164239
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website! 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 20 18:52:12 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: Feature request
Message-ID: <mailman.16153.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris W. Parker wrote:

>Hello,
>
>I'd like know if it's possible to delete a message that has N or more
>recipients that do not appear in /etc/mail/access. I just got an email
>that scored only a 6.23 (regular spam is at 5, high spam is at 11) but
>of the six recipients on the email only one of them was valid. The other
>addresses were just dictionary type attack addresses (as opposed to
>former employees' addresses).
>
>With an option like 'Delete On Invalid Recipient Count = N' in place MS
>could have deleted this email even though it scored below the high spam
>score (which I have set to delete).
>  
>
Unfortunately MailScanner has no way of accurately determining what a 
vaid/invalid address is. Relying on an access file isn't very good for 
general systems. How much spam is sent as multiple recipients on 1 
message? I think most is done 1 recipient per message.

I would think a modification to milter-ahead would be better. The author 
of that milter is always open to good suggestions, so try asking him to 
write it for you. Google will find his address (or ask 
Steve.Swaney@fsl.com).

>In my environment I could safely set it to something low like 2 and
>still be confident that I wouldn't be cutting out any legitimate email.
>
>Or perhaps this is already possible with a custom SA rule or a milter?
>  
>
If you can produce a db or list then it is a very simple custom 
function, tie it to Required SpamAssassin Score and/or Spam Actions.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1fZTBH2WUcUFbZUEQK+8gCgsO+QP8otUDzZzQhF31IiCq8bekIAn3/1
972h1fQp0LyEDh4R1jdNPZs4
=yT2i
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 20 19:00:16 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: foreign spam
Message-ID: <mailman.16154.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just use the default set that SpamAssassin uses. If you are using the 
"Spam List" setting in MailScanner.conf, don't put more than one or two 
in there as it will slow things down (unless of course you use that to 
avoid running SpamAssassin completely on messages in those RBLs). Many 
people advise not using that setting at all, just let SpamAssassin do 
all that processing for you as it produces better results. I really 
don't mind if you don't use every feature I have ever written :-)

Personally, I use
    Spam List = ORDB-RBL SBL+XBL

The "should I use Spam List or shouldn't I" debate has been played out 
many times. If you trust an RBL (such as SBL+XBL), you can use that to 
avoid running SpamAssassin completely on quite a few of your messages. 
Which saves you quite a lot of time. But if you are deleting any spam 
matching an RBL, you might as well do it in the MTA and stop the message 
ever coming in at all.

Hourses for courses :-)

Jules.

Dave wrote:

> Secondly, what spamlists are the best? I know there's a lot of them, 
> which ones catch the most, i'm looking for free ones with good 
> reputations.
>
>
> ----- Original Message ----- From: "Michele Neylon :: Blacknight 
> Solutions" <michele@BLACKNIGHT.IE>
> To: <MAILSCANNER@JISCMAIL.AC.UK>
> Sent: Thursday, October 20, 2005 10:14 AM
> Subject: Re: foreign spam
>
>
>> Dave <> said on 20 October 2005 14:37:
>>
>>> Hello,
>>>     I've got a recurring issue. I'm getting spam that's foreign, has
>>> unusual symbols in the from, subject, and don't even try to open it.
>>> I'd like to get rid of this, it's definitely not english, i don't
>>> know what it is. I'm also seeing issues where spam should have been
>>> stopped but it was delivered. This box has been running freebsd,
>>> postfix, ms, and sa with all the ports up2date for quite a while, i'm
>>> not sure why i'm seeing this now and would love to stop it. Thanks.
>>> Dave.
>>>
>>
>> Are you using any custom SA rules?
>>
>>
>>
>>
>> Mr Michele Neylon
>> Blacknight Solutions
>> Quality Business Hosting & Colocation
>> http://www.blacknight.ie/
>> Tel. 1850 927 280
>> Intl. +353 (0) 59  9183072
>> UK: 0870 163 0607
>> Direct Dial: +353 (0)59 9183090
>> Fax. +353 (0) 59  9164239
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website! 
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1fbMRH2WUcUFbZUEQLpjwCfRi/PluQyHCoVsHvMf/JvU0MxoIgAoPMU
wbTv9A6KgADXS1pLk1VoStPF
=4o0I
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jflowers at EZO.NET  Thu Oct 20 19:25:42 2005
From: jflowers at EZO.NET (Jim Flowers)
Date: Thu Jan 12 21:30:59 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16155.1137101459.24926.mailscanner@lists.mailscanner.info>

Overnight memeory passes 57 with 0 errors.

I believe there was a correlation between spamassassin timeouts and the
bus-fault errors but that's as far as I got.  Too much time spent on this
already.

Copied known good hard disk from another machine and installed in this
machine and all is working correctly so far.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Oct 20 19:37:09 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:59 2006
Subject: Feature request
Message-ID: <mailman.16156.1137101459.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailto:MailScanner@ECS.SOTON.AC.UK>
    on Thursday, October 20, 2005 10:52 AM said:

> Unfortunately MailScanner has no way of accurately determining what a
> vaid/invalid address is.

Oohh yeah. I didn't realize before but that must be because the MTA
either rejects or accepts the mail before MS even sees. Got it.

> Relying on an access file isn't very good for
> general systems. How much spam is sent as multiple recipients on 1
> message? I think most is done 1 recipient per message.

Actually you're right about that. We don't get too much spam that
follows these characteristics, but one more thing to lower our incoming
spam count is all I need.

> I would think a modification to milter-ahead would be better. The
> author of that milter is always open to good suggestions, so try
> asking him to write it for you. Google will find his address (or ask
> Steve.Swaney@fsl.com).

OK thanks I'll give it a shot.

> If you can produce a db or list then it is a very simple custom
> function, tie it to Required SpamAssassin Score and/or Spam Actions.

Would the /etc/mail/access list not suffice as a "db or list"?



Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Thu Oct 20 19:49:15 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:30:59 2006
Subject: Feature request
Message-ID: <mailman.16157.1137101459.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Chris W. Parker
> Sent: Thursday, October 20, 2005 2:37 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Feature request
> 
> Julian Field <mailto:MailScanner@ECS.SOTON.AC.UK>
>     on Thursday, October 20, 2005 10:52 AM said:
> 
> > Unfortunately MailScanner has no way of accurately determining what a
> > vaid/invalid address is.
> 
> Oohh yeah. I didn't realize before but that must be because the MTA
> either rejects or accepts the mail before MS even sees. Got it.
> 
> > Relying on an access file isn't very good for
> > general systems. How much spam is sent as multiple recipients on 1
> > message? I think most is done 1 recipient per message.
> 
> Actually you're right about that. We don't get too much spam that
> follows these characteristics, but one more thing to lower our incoming
> spam count is all I need.
> 
> > I would think a modification to milter-ahead would be better. The
> > author of that milter is always open to good suggestions, so try
> > asking him to write it for you. Google will find his address (or ask
> > Steve.Swaney@fsl.com).

Anthony can be reached via his web site:

	www.snertsoft.com

or email to: achowe@snert.com 

Be careful if you email Anthony. He ONLY accepts palin text email :)

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

> OK thanks I'll give it a shot.
> 
> > If you can produce a db or list then it is a very simple custom
> > function, tie it to Required SpamAssassin Score and/or Spam Actions.
> 
> Would the /etc/mail/access list not suffice as a "db or list"?
> 
> 
> 
> Thanks,
> Chris.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Thu Oct 20 20:43:21 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16158.1137101459.24926.mailscanner@lists.mailscanner.info>

I have a system running mailscanner, that has:

        meter-root) pwd
        /var/spool/mqueue.in
        meter-root) ls | wc -l
        769
        meter-root) cd ../mq
        mqueue@     mqueue.in@  mqueue.old/ 
        meter-root) cd ../mqueue
        meter-root) ls | wc -l
        1026
        meter-root) 

...which seems excessive.

If this were a mailscannerless system, I'd just do /usr/lib/sendmail -bp
and/or /usr/lib/sendmail -v -q, and perhaps some telnet'ing to the SMTP
port and sniffing to see what's wrong.

But what does one do when the flow of mail is clogged on a mailscanner
system?

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Thu Oct 20 21:02:42 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16159.1137101459.24926.mailscanner@lists.mailscanner.info>

MailScanner mailing list <> scribbled on Thursday, October 20, 2005 2:43 PM:

> I have a system running mailscanner, that has:
> 
>         meter-root) pwd
>         /var/spool/mqueue.in
>         meter-root) ls | wc -l
>         769
>         meter-root) cd ../mq
>         mqueue@     mqueue.in@  mqueue.old/
>         meter-root) cd ../mqueue
>         meter-root) ls | wc -l
>         1026
>         meter-root)
> 
> ...which seems excessive.
> 
> If this were a mailscannerless system, I'd just do
> /usr/lib/sendmail -bp and/or /usr/lib/sendmail -v -q, and
> perhaps some telnet'ing to the SMTP port and sniffing to see
> what's wrong.
> 
> But what does one do when the flow of mail is clogged on a
> mailscanner system?
> 
> Thanks!
> 

What is the timestamp on the files?  Are there matching df/qf pairs?  These
may be leftovers from incomplete SMTP sessions.

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct 20 21:03:49 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16160.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dan Stromberg spake the following on 10/20/2005 12:43 PM:
> I have a system running mailscanner, that has:
> 
>         meter-root) pwd
>         /var/spool/mqueue.in
>         meter-root) ls | wc -l
>         769
>         meter-root) cd ../mq
>         mqueue@     mqueue.in@  mqueue.old/ 
>         meter-root) cd ../mqueue
>         meter-root) ls | wc -l
>         1026
>         meter-root) 
> 
> ...which seems excessive.
> 
> If this were a mailscannerless system, I'd just do /usr/lib/sendmail -bp
> and/or /usr/lib/sendmail -v -q, and perhaps some telnet'ing to the SMTP
> port and sniffing to see what's wrong.
> 
> But what does one do when the flow of mail is clogged on a mailscanner
> system?
> 
> Thanks!
> 
The first thing you could try would be to set debug =yes and if you use
spamassassin debug spamassassin = yes
in /etc/MailScanner/mailscanner.conf
and then run check_mailscanner
should dump a bunch of useful info to stdout.
Look for any errors.
 Remember to set the debug statements back to no

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 20 21:39:26 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: Feature request
Message-ID: <mailman.16161.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris W. Parker wrote:

>Julian Field <mailto:MailScanner@ECS.SOTON.AC.UK>
>    on Thursday, October 20, 2005 10:52 AM said:
>
>  
>
>>Unfortunately MailScanner has no way of accurately determining what a
>>vaid/invalid address is.
>>    
>>
>
>Oohh yeah. I didn't realize before but that must be because the MTA
>either rejects or accepts the mail before MS even sees. Got it.
>
>  
>
>>Relying on an access file isn't very good for
>>general systems. How much spam is sent as multiple recipients on 1
>>message? I think most is done 1 recipient per message.
>>    
>>
>
>Actually you're right about that. We don't get too much spam that
>follows these characteristics, but one more thing to lower our incoming
>spam count is all I need.
>
>  
>
>>I would think a modification to milter-ahead would be better. The
>>author of that milter is always open to good suggestions, so try
>>asking him to write it for you. Google will find his address (or ask
>>Steve.Swaney@fsl.com).
>>    
>>
>
>OK thanks I'll give it a shot.
>
>  
>
>>If you can produce a db or list then it is a very simple custom
>>function, tie it to Required SpamAssassin Score and/or Spam Actions.
>>    
>>
>
>Would the /etc/mail/access list not suffice as a "db or list"?
>  
>
If you have the relevant entries in there, then it would suffice, yes. 
All you need to do is look it all up then call DeleteRecipients. I'll 
need some financial inducement to write it for you this weekend...

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA+AwUBQ1gAfxH2WUcUFbZUEQLbbwCfWHOmW4iExXOO2HFWuryzcH3xqVkAmP5x
ITEgwdBTe7KZlRfomtQTjw8=
=piJG
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Oct 20 21:42:57 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:59 2006
Subject: Feature request
Message-ID: <mailman.16162.1137101459.24926.mailscanner@lists.mailscanner.info>

Julian Field <mailto:MailScanner@ECS.SOTON.AC.UK>
    on Thursday, October 20, 2005 1:39 PM said:

> If you have the relevant entries in there, then it would suffice, yes.
> All you need to do is look it all up then call DeleteRecipients. I'll
> need some financial inducement to write it for you this weekend...

I see what you're saying... I hope you have a restfull weekend! :)



Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Thu Oct 20 23:18:26 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:30:59 2006
Subject: E-mail encryption
Message-ID: <mailman.16163.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "Windows-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

...
> In MailScanner.conf add 2 options:
> Archive Public Keys = yes
> Public Key Archive Dir = /var/spool/MailScanner/keys
> and do
> mkdir /var/spool/MailScanner/keys
> and make sure that the "Run As User" can read+write the directory.
>
> Then restart MailScanner and it will start generating files in that
> directory named after the date and the sender address, each containing
> the data extracted from the message.
>
> I hope that all works.

It extracts the key alright, but it is not in a proper base64 encoded .cer 
format
It is the raw key.

I.e. it lookes like this:
0M-^B^E00M-^B^D^X ^C^B^A^B^B^D?¼^B^@0^M^F 
*M-^FHM-^F÷^M^A^A^E^E^@011^K0   ^F^CU^D^F^S^BDK1^L0
^F^CU^D
^S^CTDC1^T0^R^F^CU^D^C^S^KTDC OCES 
CA0^^^W^M031227160115Z^W^M051227163115Z0s1^K0 
^F^CU^D^F^S^BDK1)0'^F^CU^D
^S Ingen organisatorisk tilknytning190^R^F^CU^D^C^S^KLeif 
Neland0#^F^CU^D^E^S^\PID:9208-2002-2-6898543449640M-^AM-^_0^M^F

But my .cer file looks like this:
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UE^M
ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTEyMjcxNjMx^M
MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB0aWxrbnl0^M

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Thu Oct 20 23:26:11 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16164.1137101459.24926.mailscanner@lists.mailscanner.info>

On Thu, 2005-10-20 at 15:02 -0500, Mike Kercher wrote:
> MailScanner mailing list <> scribbled on Thursday, October 20, 2005 2:43 PM:
> 
> > I have a system running mailscanner, that has:
> > 
> >         meter-root) pwd
> >         /var/spool/mqueue.in
> >         meter-root) ls | wc -l
> >         769
> >         meter-root) cd ../mq
> >         mqueue@     mqueue.in@  mqueue.old/
> >         meter-root) cd ../mqueue
> >         meter-root) ls | wc -l
> >         1026
> >         meter-root)
> > 
> > ...which seems excessive.
> > 
> > If this were a mailscannerless system, I'd just do
> > /usr/lib/sendmail -bp and/or /usr/lib/sendmail -v -q, and
> > perhaps some telnet'ing to the SMTP port and sniffing to see
> > what's wrong.
> > 
> > But what does one do when the flow of mail is clogged on a
> > mailscanner system?
> > 
> > Thanks!
> > 
> 
> What is the timestamp on the files?  Are there matching df/qf pairs?  These
> may be leftovers from incomplete SMTP sessions.

mqueue has files from Oct 13-20th, mqueue.in has all files from Oct
20th, and:

meter-root) ./check-mqueue-pairings -d /var/spool/mqueue
df 100.00%
xf   3.88%
qf 100.00%
meter-root) ./check-mqueue-pairings -d /var/spool/mqueue.in
df  90.91%
xf   9.09%
qf 100.00%
meter-root) 

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Thu Oct 20 23:27:50 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:30:59 2006
Subject: off-topic: milter-ahead announcement
Message-ID: <mailman.16165.1137101459.24926.mailscanner@lists.mailscanner.info>

For those of you who use milter-ahead - I just spoke with Anthony Howe and
he mentioned that there will be a new improved version of milter-ahead
available soon. The new version will support IPv6 plus new options plus:

* -N option provides an alternate mailertable like database, since the
sendmail mailertable may be disabled or used to direct mail to an
intermediate filtering machine, yet you want to query a machine further down
a chain of filter servers (think closed anti-spam and/or anti-virus
appliances in series before the mail store).

* -m option to enable MX lookups of {rcpt_host} or -N entries.

* -M which accepts a comma separated word list of reserved IP address
categories (RFC 3330: benchmark, link-local, localhost, loopback ,
multicast, private-a, private-b, private-c, reserved, site-local, test-net,
this-net) to discard when performing MX lookups.

The new version will come with the same license, but is moving from free (as
in beer) source to commercial source.

Anthony's support now comes from his work on milters and he must have an
income to continue his excellent work on the milters. A home or "hobby"
license will be 50 euros and a site license for commercial use will be 90
euros. I feel this is a very reasonable price tag for those of us who use
milter-ahead.

For those of you who are not familiar with Anthony' milters please visit:

	http://www.snertsoft.com/solutions.php

Anthony will be announcing a new and very exciting milter soon and I'll
repost to the list when he does so "Watch this space"

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Thu Oct 20 23:29:54 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16166.1137101459.24926.mailscanner@lists.mailscanner.info>

On Thu, 2005-10-20 at 13:03 -0700, Scott Silva wrote:
> Dan Stromberg spake the following on 10/20/2005 12:43 PM:
> > I have a system running mailscanner, that has:
> > 
> >         meter-root) pwd
> >         /var/spool/mqueue.in
> >         meter-root) ls | wc -l
> >         769
> >         meter-root) cd ../mq
> >         mqueue@     mqueue.in@  mqueue.old/ 
> >         meter-root) cd ../mqueue
> >         meter-root) ls | wc -l
> >         1026
> >         meter-root) 
> > 
> > ...which seems excessive.
> > 
> > If this were a mailscannerless system, I'd just do /usr/lib/sendmail -bp
> > and/or /usr/lib/sendmail -v -q, and perhaps some telnet'ing to the SMTP
> > port and sniffing to see what's wrong.
> > 
> > But what does one do when the flow of mail is clogged on a mailscanner
> > system?
> > 
> > Thanks!
> > 
> The first thing you could try would be to set debug =yes and if you use
> spamassassin debug spamassassin = yes
> in /etc/MailScanner/mailscanner.conf
> and then run check_mailscanner
> should dump a bunch of useful info to stdout.
> Look for any errors.
>  Remember to set the debug statements back to no

I set both of these to yes, but when I run check_mailscanner, I still
get:

meter-root) ./bin/check_mailscanner
MailScanner running with pid 11315 10652 49
meter-root) 

Thanks!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Fri Oct 21 00:27:36 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16167.1137101459.24926.mailscanner@lists.mailscanner.info>

Hello,

I've always been confused about bayes* but now that I've got all new
software installed I want to start using it. I think it's already
"running" because I did some investigating and found the following:

[root@filter /etc/mail]# all /root/.spamassassin/bayes*
-rw-rw----  1 root root   54840 Oct 20 16:10
/root/.spamassassin/bayes_journal
-rw----rw-  1 root root      30 Oct 20 16:10
/root/.spamassassin/bayes.mutex
-rw-rw----  1 root root  163840 Oct 20 16:10
/root/.spamassassin/bayes_seen
-rw-rw----  1 root root 2633728 Oct 20 16:10
/root/.spamassassin/bayes_toks

So it looks like SOMETHING is happening with bayes otherwise I'd assume
those files would be 0 bytes (or near 0 bytes).

The problem is that I've set High Scoring Spam to be deleted
automatically and although this has greatly reduced the number of spams
that reach my Inbox (that are also tagged as spam by MailScanner) there
are still an almost equal number of emails that make it through (that
are not tagged as spam by MailScanner).

Locally I've got an Outlook bayes plugin installed called SpamBayes and
it manages to catch everything that MailScanner doesn't. I'm hoping that
the bayes on MailScanner itself will be just as effective.

I've never fed the bayes db on my MailScanner box any ham or spam, it's
just been using the emails that have reached it in the last 4 days to
build its database.

I searched the MS Wiki but didn't find any relevant articles.

What do I need to do to make it more effective?



Thanks,
Chris.

* Not about how it works but how to set it up properly on MailScanner.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From strombrg at DCS.NAC.UCI.EDU  Fri Oct 21 00:36:18 2005
From: strombrg at DCS.NAC.UCI.EDU (Dan Stromberg)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16168.1137101459.24926.mailscanner@lists.mailscanner.info>

On Thu, 2005-10-20 at 16:21 -0700, Scott Silva wrote:
> Dan Stromberg spake the following on 10/20/2005 3:29 PM:
> > On Thu, 2005-10-20 at 13:03 -0700, Scott Silva wrote:
> > 
> >>Dan Stromberg spake the following on 10/20/2005 12:43 PM:
> >>
> >>>I have a system running mailscanner, that has:
> >>>
> >>>        meter-root) pwd
> >>>        /var/spool/mqueue.in
> >>>        meter-root) ls | wc -l
> >>>        769
> >>>        meter-root) cd ../mq
> >>>        mqueue@     mqueue.in@  mqueue.old/ 
> >>>        meter-root) cd ../mqueue
> >>>        meter-root) ls | wc -l
> >>>        1026
> >>>        meter-root) 
> >>>
> >>>...which seems excessive.
> >>>
> >>>If this were a mailscannerless system, I'd just do /usr/lib/sendmail -bp
> >>>and/or /usr/lib/sendmail -v -q, and perhaps some telnet'ing to the SMTP
> >>>port and sniffing to see what's wrong.
> >>>
> >>>But what does one do when the flow of mail is clogged on a mailscanner
> >>>system?
> >>>
> >>>Thanks!
> >>>
> >>
> >>The first thing you could try would be to set debug =yes and if you use
> >>spamassassin debug spamassassin = yes
> >>in /etc/MailScanner/mailscanner.conf
> >>and then run check_mailscanner
> >>should dump a bunch of useful info to stdout.
> >>Look for any errors.
> >> Remember to set the debug statements back to no
> > 
> > 
> > I set both of these to yes, but when I run check_mailscanner, I still
> > get:
> > 
> > meter-root) ./bin/check_mailscanner
> > MailScanner running with pid 11315 10652 49
> > meter-root) 
> > 
> > Thanks!
> > 
> Post a copy of the output from MailScanner -V. Maybe it will give a clue.

Alas:

        meter-root) ./bin/MailScanner -V
        Cannot open config file -V, No such file or directory at /opt/MailScanner/lib/MailScanner/Config.pm line 400.
        meter-root) 

Any further suggestions?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct 21 00:21:33 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16169.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dan Stromberg spake the following on 10/20/2005 3:29 PM:
> On Thu, 2005-10-20 at 13:03 -0700, Scott Silva wrote:
> 
>>Dan Stromberg spake the following on 10/20/2005 12:43 PM:
>>
>>>I have a system running mailscanner, that has:
>>>
>>>        meter-root) pwd
>>>        /var/spool/mqueue.in
>>>        meter-root) ls | wc -l
>>>        769
>>>        meter-root) cd ../mq
>>>        mqueue@     mqueue.in@  mqueue.old/ 
>>>        meter-root) cd ../mqueue
>>>        meter-root) ls | wc -l
>>>        1026
>>>        meter-root) 
>>>
>>>...which seems excessive.
>>>
>>>If this were a mailscannerless system, I'd just do /usr/lib/sendmail -bp
>>>and/or /usr/lib/sendmail -v -q, and perhaps some telnet'ing to the SMTP
>>>port and sniffing to see what's wrong.
>>>
>>>But what does one do when the flow of mail is clogged on a mailscanner
>>>system?
>>>
>>>Thanks!
>>>
>>
>>The first thing you could try would be to set debug =yes and if you use
>>spamassassin debug spamassassin = yes
>>in /etc/MailScanner/mailscanner.conf
>>and then run check_mailscanner
>>should dump a bunch of useful info to stdout.
>>Look for any errors.
>> Remember to set the debug statements back to no
> 
> 
> I set both of these to yes, but when I run check_mailscanner, I still
> get:
> 
> meter-root) ./bin/check_mailscanner
> MailScanner running with pid 11315 10652 49
> meter-root) 
> 
> Thanks!
> 
Post a copy of the output from MailScanner -V. Maybe it will give a clue.




-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Fri Oct 21 00:56:35 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16170.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> I've never fed the bayes db on my MailScanner box any ham or spam, it's
> just been using the emails that have reached it in the last 4 days to
> build its database.
> 
> I searched the MS Wiki but didn't find any relevant articles.
> 
> What do I need to do to make it more effective?

man sa-learn

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Fri Oct 21 01:00:08 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16171.1137101459.24926.mailscanner@lists.mailscanner.info>

Matt Kettler <mailto:mkettler@EVI-INC.COM>
    on Thursday, October 20, 2005 4:57 PM said:

>> What do I need to do to make it more effective?
> 
> man sa-learn

Thanks. I'll start reading tomorrow.


Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct 21 00:55:03 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16172.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker spake the following on 10/20/2005 4:27 PM:
> Hello,
> 
> I've always been confused about bayes* but now that I've got all new
> software installed I want to start using it. I think it's already
> "running" because I did some investigating and found the following:
> 
> [root@filter /etc/mail]# all /root/.spamassassin/bayes*
> -rw-rw----  1 root root   54840 Oct 20 16:10
> /root/.spamassassin/bayes_journal
> -rw----rw-  1 root root      30 Oct 20 16:10
> /root/.spamassassin/bayes.mutex
> -rw-rw----  1 root root  163840 Oct 20 16:10
> /root/.spamassassin/bayes_seen
> -rw-rw----  1 root root 2633728 Oct 20 16:10
> /root/.spamassassin/bayes_toks
> 
> So it looks like SOMETHING is happening with bayes otherwise I'd assume
> those files would be 0 bytes (or near 0 bytes).
> 
> The problem is that I've set High Scoring Spam to be deleted
> automatically and although this has greatly reduced the number of spams
> that reach my Inbox (that are also tagged as spam by MailScanner) there
> are still an almost equal number of emails that make it through (that
> are not tagged as spam by MailScanner).
> 
> Locally I've got an Outlook bayes plugin installed called SpamBayes and
> it manages to catch everything that MailScanner doesn't. I'm hoping that
> the bayes on MailScanner itself will be just as effective.
> 
> I've never fed the bayes db on my MailScanner box any ham or spam, it's
> just been using the emails that have reached it in the last 4 days to
> build its database.
> 
> I searched the MS Wiki but didn't find any relevant articles.
> 
> What do I need to do to make it more effective?
> 
> 
> 
> Thanks,
> Chris.
> 
> * Not about how it works but how to set it up properly on MailScanner.
> 
Buying the MailScanner Book is the best way, but for now you can look at
Fortress Systems website http://www.fsl.com/support.html
Steve Swaney has a very complete set of docs and starter bayes databases.
He has been doing corporate installs for some time.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct 21 00:58:27 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16173.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dan Stromberg spake the following on 10/20/2005 4:36 PM:
> On Thu, 2005-10-20 at 16:21 -0700, Scott Silva wrote:
> 
>>Dan Stromberg spake the following on 10/20/2005 3:29 PM:
>>
>>>On Thu, 2005-10-20 at 13:03 -0700, Scott Silva wrote:
>>>
>>>
>>>>Dan Stromberg spake the following on 10/20/2005 12:43 PM:
>>>>
>>>>
>>>>>I have a system running mailscanner, that has:
>>>>>
>>>>>       meter-root) pwd
>>>>>       /var/spool/mqueue.in
>>>>>       meter-root) ls | wc -l
>>>>>       769
>>>>>       meter-root) cd ../mq
>>>>>       mqueue@     mqueue.in@  mqueue.old/ 
>>>>>       meter-root) cd ../mqueue
>>>>>       meter-root) ls | wc -l
>>>>>       1026
>>>>>       meter-root) 
>>>>>
>>>>>...which seems excessive.
>>>>>
>>>>>If this were a mailscannerless system, I'd just do /usr/lib/sendmail -bp
>>>>>and/or /usr/lib/sendmail -v -q, and perhaps some telnet'ing to the SMTP
>>>>>port and sniffing to see what's wrong.
>>>>>
>>>>>But what does one do when the flow of mail is clogged on a mailscanner
>>>>>system?
>>>>>
>>>>>Thanks!
>>>>>
>>>>
>>>>The first thing you could try would be to set debug =yes and if you use
>>>>spamassassin debug spamassassin = yes
>>>>in /etc/MailScanner/mailscanner.conf
>>>>and then run check_mailscanner
>>>>should dump a bunch of useful info to stdout.
>>>>Look for any errors.
>>>>Remember to set the debug statements back to no
>>>
>>>
>>>I set both of these to yes, but when I run check_mailscanner, I still
>>>get:
>>>
>>>meter-root) ./bin/check_mailscanner
>>>MailScanner running with pid 11315 10652 49
>>>meter-root) 
>>>
>>>Thanks!
>>>
>>
>>Post a copy of the output from MailScanner -V. Maybe it will give a clue.
> 
> 
> Alas:
> 
>         meter-root) ./bin/MailScanner -V
>         Cannot open config file -V, No such file or directory at /opt/MailScanner/lib/MailScanner/Config.pm line 400.
>         meter-root) 
> 
> Any further suggestions?
> 
Looks like you are running an older version on freebsd or solaris.
Maybe try an upgrade to a newer version and see if it tidies things up a
bit.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From deanm at SKYNETMOBILE.COM  Fri Oct 21 04:32:00 2005
From: deanm at SKYNETMOBILE.COM (Dean Maunder)
Date: Thu Jan 12 21:30:59 2006
Subject: Not scanning zip/rar files
Message-ID: <mailman.16174.1137101459.24926.mailscanner@lists.mailscanner.info>

 Hi,
Ive just moved my mailscanner from a test box onto what will be our
production mailscanner box.  I copied all the conf files over so there
*shouldn't* be any difference in the config.  It seems now that
Mailscanner is not scanning zip or rar files.  I sent a test eicar.txt
and that got caught, but if I put it inside a rar or a zip it goes
straight through.  Can anyone tell me what is a good place to start
looking for something Im sure to have missed?
Thanks!
D.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Oct 21 09:09:16 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:59 2006
Subject: Bus Faults Error 10 with Perl
Message-ID: <mailman.16175.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 20/10/05, Jim Flowers <jflowers@ezo.net> wrote:
> Overnight memeory passes 57 with 0 errors.

Shows that it's really really OK then:-):-). Well, looking at the
positive side, that's good to know... And that pretty much puts us
back at the "bum update"...
>
> I believe there was a correlation between spamassassin timeouts and the
> bus-fault errors but that's as far as I got.  Too much time spent on this
> already.

Yeah, know the feeling.

> Copied known good hard disk from another machine and installed in this
> machine and all is working correctly so far.
>

Well, that pretty much wraps it up. Although we'll never know for sure
what was wrong, we do know it was SW. Not that I'm saying what you did
was bad in any way, fixing the problem is likely all that matters...
Unless it pops right back up again, in which case you'll just have to
go back to determining what the real problem is... But cross that
bridge when it comes...
Glad to hear your problems are history.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Oct 21 09:24:45 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:59 2006
Subject: foreign spam
Message-ID: <mailman.16176.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 20/10/05, Dave <dmehler26@woh.rr.com> wrote:
(snip)
> I noticed bayes, or
> maybe it was pyzor or razor2 can't remember which was disabled, was this
> done intentionally?
(snip)
Yes, SA 3.1 disables razor2 by default (and DCC, but not pyzor IIRC)
due to it/them not being truly ... "free". There was a thread or two
on this issue recently. If the limitations don't apply to you, then by
all means enable it.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Oct 21 10:25:00 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:59 2006
Subject: E-mail encryption
Message-ID: <mailman.16177.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 21/10/05, Leif Neland <mailscanner-user@neland.dk> wrote:
> ...
> > In MailScanner.conf add 2 options:
> > Archive Public Keys = yes
> > Public Key Archive Dir = /var/spool/MailScanner/keys
> > and do
> > mkdir /var/spool/MailScanner/keys
> > and make sure that the "Run As User" can read+write the directory.
> >
> > Then restart MailScanner and it will start generating files in that
> > directory named after the date and the sender address, each containing
> > the data extracted from the message.
> >
> > I hope that all works.
>
> It extracts the key alright, but it is not in a proper base64 encoded .cer
> format
> It is the raw key.
>
> I.e. it lookes like this:
> 0M-^B^E00M-^B^D^X ^C^B^A^B^B^D?¼^B^@0^M^F
> *M-^FHM-^F÷^M^A^A^E^E^@011^K0   ^F^CU^D^F^S^BDK1^L0
> ^F^CU^D
> ^S^CTDC1^T0^R^F^CU^D^C^S^KTDC OCES
> CA0^^^W^M031227160115Z^W^M051227163115Z0s1^K0
> ^F^CU^D^F^S^BDK1)0'^F^CU^D
> ^S Ingen organisatorisk tilknytning190^R^F^CU^D^C^S^KLeif
> Neland0#^F^CU^D^E^S^\PID:9208-2002-2-6898543449640M-^AM-^_0^M^F
>
> But my .cer file looks like this:
> -----BEGIN CERTIFICATE-----
> MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UE^M
> ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTEyMjcxNjMx^M
> MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB0aWxrbnl0^M
>
> Leif
>
Well that looks like they're stored in DER format. If you'd like them
as PEM, just use openssl x509 to convert them:
openssl x509 -in ./aaa.der -inform DER -out aaa.pem -outform PEM

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Fri Oct 21 10:52:09 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:59 2006
Subject: Phishing Feature: Convert HTML To Text
Message-ID: <mailman.16178.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Here's an interesting read for the phishing problem:

"Email Phishing Problem Solved"
http://www.emailbattles.com/archive/battles/spam_aabihbidje_ba/

And here's my point.. if the phishing net engine detects a phished mail
(post safe/white lists), have an option to convert the HTML mail to 
text, thus making the site clearly visible if the user decides to click 
on a link. Of course the subject modifications {Fraud?} still need to be 
made.

# If a phishing fraud is detected, do you want to convert all html in
# the mail into text? For false positives, add the site to the Phishing
# Safe Sites File [%etc-dir%/phishing.safe.sites.conf]
# This can also be the filename of a ruleset.
Convert Phishing HTML To Text = yes

Thoughts? ideas?

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Fri Oct 21 11:07:30 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:30:59 2006
Subject: feature request
Message-ID: <mailman.16179.1137101459.24926.mailscanner@lists.mailscanner.info>

On Thu, 2005-10-20 at 18:11 +0100, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> This is all in the book :-)
> You have bought your copy, haven't you?

yes - but I didnt see it...! maybe I need the new edition, or my eyes
testing...

> Set "Sign Messages Already Processed = no" and set the %org-name% the 
> same in all your MailScanners. It uses the presence of the 
> X-%org-name%-MailScanner: header to work out if it still needs signing. 
> It's about the only time MailScanner uses the contents of a header to 
> affect processing.

ok - that would work in a few cases but in a couple of them the org-name
is different, however...

> Yes. Create a file called, for example, /etc/MailScanner/domain.list and 
> put this in it:
> one.domain.org
> two.domain.com
> another.ac.uk
> 
> Then in the ruleset use this:
> To: /etc/MailScanner/domain.list no
> From: /etc/MailScanner/domain.list yes

this might be the solution I'm looking for.

> It's not true ruleset nesting, it is just using a list of address 
> patterns to save you having to write multiple rules yourself. It is 
> implemented by generating a rule for every address pattern listed in 
> your domain.list file. So they can be anything allowed in an address 
> pattern, domain names, email addresses, perl regexps, etc, etc...

perfect.

many thanks for the quick response.

GREG


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 21 12:06:33 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: mqueue and mqueue.in pretty full
Message-ID: <mailman.16180.1137101459.24926.mailscanner@lists.mailscanner.info>

>>>> I set both of these to yes, but when I run check_mailscanner, I  
>>>> still
>>>> get:
>>>>
>>>> meter-root) ./bin/check_mailscanner
>>>> MailScanner running with pid 11315 10652 49
>>>> meter-root)

You need to stop MailScanner first before you can use  
check_MailScanner to run a batch in debug mode.
So in your case do
     kill 11315 10652 49
They will take a few seconds to die, don't rush in and "kill -9"  
them, or they will leave a mess behind.
-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 21 12:10:13 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16181.1137101459.24926.mailscanner@lists.mailscanner.info>

On 21 Oct 2005, at 00:55, Scott Silva wrote:

> Chris W. Parker spake the following on 10/20/2005 4:27 PM:
>
>> Hello,
>>
>> I've always been confused about bayes* but now that I've got all new
>> software installed I want to start using it. I think it's already
>> "running" because I did some investigating and found the following:
>>
>> [root@filter /etc/mail]# all /root/.spamassassin/bayes*
>> -rw-rw----  1 root root   54840 Oct 20 16:10
>> /root/.spamassassin/bayes_journal
>> -rw----rw-  1 root root      30 Oct 20 16:10
>> /root/.spamassassin/bayes.mutex
>> -rw-rw----  1 root root  163840 Oct 20 16:10
>> /root/.spamassassin/bayes_seen
>> -rw-rw----  1 root root 2633728 Oct 20 16:10
>> /root/.spamassassin/bayes_toks
>>
>> So it looks like SOMETHING is happening with bayes otherwise I'd  
>> assume
>> those files would be 0 bytes (or near 0 bytes).
>>
>> The problem is that I've set High Scoring Spam to be deleted
>> automatically and although this has greatly reduced the number of  
>> spams
>> that reach my Inbox (that are also tagged as spam by MailScanner)  
>> there
>> are still an almost equal number of emails that make it through (that
>> are not tagged as spam by MailScanner).

It won't start actually using bayes until there are a few hundred  
messages learnt in it. Give it a few more days to get going. Or  
(better solution) look at www.fsl.com/support and download their  
starter bayes databases. These are sufficiently trained that  
MailScanner will start using it immediately.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 21 12:11:22 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: Not scanning zip/rar files
Message-ID: <mailman.16182.1137101459.24926.mailscanner@lists.mailscanner.info>

Start be ensuring that the new box has unrar installed.
Does "MailScanner -v" list a version number for Archive::Zip?

On 21 Oct 2005, at 04:32, Dean Maunder wrote:

>  Hi,
> Ive just moved my mailscanner from a test box onto what will be our
> production mailscanner box.  I copied all the conf files over so there
> *shouldn't* be any difference in the config.  It seems now that
> Mailscanner is not scanning zip or rar files.  I sent a test eicar.txt
> and that got caught, but if I put it inside a rar or a zip it goes
> straight through.  Can anyone tell me what is a good place to start
> looking for something Im sure to have missed?
> Thanks!
> D.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 21 12:14:30 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: foreign spam
Message-ID: <mailman.16183.1137101459.24926.mailscanner@lists.mailscanner.info>

On 21 Oct 2005, at 09:24, Glenn Steen wrote:

> On 20/10/05, Dave <dmehler26@woh.rr.com> wrote:
> (snip)
>
>> I noticed bayes, or
>> maybe it was pyzor or razor2 can't remember which was disabled,  
>> was this
>> done intentionally?
>>
> (snip)
> Yes, SA 3.1 disables razor2 by default (and DCC, but not pyzor IIRC)
> due to it/them not being truly ... "free". There was a thread or two
> on this issue recently. If the limitations don't apply to you, then by
> all means enable it.

And if you had installed SA using my ClamAV+SA package (on the  
downloads page of www.mailscanner.info) it would have told you  
exactly what changes to make. There are 3 lines you need to add to  
the file too.

If you already have everything installed, download my package, unpack  
it and take a look near the end of install.sh. There are "echo"  
commands there which print the instructions. "tail -50 install.sh"  
would show you the end of the file just fine.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 21 12:23:06 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: Phishing Feature: Convert HTML To Text
Message-ID: <mailman.16184.1137101459.24926.mailscanner@lists.mailscanner.info>

I have just added a comment to the article. Sending plain text  
messages doesn't help at all. It is trivial to write an HTML email  
message that looks exactly like a plain text one when viewed in all  
the most popular email apps.

On 21 Oct 2005, at 10:52, Dhawal Doshy wrote:

> Here's an interesting read for the phishing problem:
>
> "Email Phishing Problem Solved"
> http://www.emailbattles.com/archive/battles/spam_aabihbidje_ba/
>
> And here's my point.. if the phishing net engine detects a phished  
> mail
> (post safe/white lists), have an option to convert the HTML mail to  
> text, thus making the site clearly visible if the user decides to  
> click on a link. Of course the subject modifications {Fraud?} still  
> need to be made.
>
> # If a phishing fraud is detected, do you want to convert all html in
> # the mail into text? For false positives, add the site to the  
> Phishing
> # Safe Sites File [%etc-dir%/phishing.safe.sites.conf]
> # This can also be the filename of a ruleset.
> Convert Phishing HTML To Text = yes
>
> Thoughts? ideas?
>
> - dhawal

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Fri Oct 21 13:39:40 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:59 2006
Subject: Phishing Feature: Convert HTML To Text
Message-ID: <mailman.16185.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> I have just added a comment to the article. Sending plain text  messages 
> doesn't help at all. It is trivial to write an HTML email  message that 
> looks exactly like a plain text one when viewed in all  the most popular 
> email apps.

Agreed, but what i'm suggesting is forcibly converting the html message 
to text by removing all links/frames/tags/objects and replace the links 
with the plaintext (href) values if the option (Convert Phishing HTML To 
Text) is set in MailScanner.conf as done in the "Convert HTML To Text" 
option.

It is just an idea.. i am quite happy with the current detection 
techniques and the (yet to be implemented at my site) safe.sites update 
feature + clamav/bitdefender.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 21 13:47:40 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:30:59 2006
Subject: Phishing Feature: Convert HTML To Text
Message-ID: <mailman.16186.1137101459.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 21 Oct 2005, at 13:39, Dhawal Doshy wrote:
> Julian Field wrote:
>
>> I have just added a comment to the article. Sending plain text   
>> messages doesn't help at all. It is trivial to write an HTML  
>> email  message that looks exactly like a plain text one when  
>> viewed in all  the most popular email apps.
>>
>
> Agreed, but what i'm suggesting is forcibly converting the html  
> message to text by removing all links/frames/tags/objects and  
> replace the links with the plaintext (href) values if the option  
> (Convert Phishing HTML To Text) is set in MailScanner.conf as done  
> in the "Convert HTML To Text" option.

That looks to be pretty easy.
Do other people agree this would be a good idea?
Would people use it?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ1jjb/w32o+k+q+hAQFJ9QgAjksYSpi5WOnpOsXTrSCOPFdYnV+LJAVY
8lAjXOVCvEr9lQqHu+46uwmA0cQ9m8uHN67HWvwM/fD5bg8EbhImsKsVAvi9dRi+
vnH0PHN6tFNrfiIP/icbbnk5WlsDTEVJrLLBfTd+fw2oFqr5KqTeYOiPqIZQVZt3
8EFmvfNZx5m8brzjIhiouMyRSlVghuNGAp+tkDdxYgh+mVk638ppTyGNsL/VNA3V
CENOjAoxNnsy9HYfnmfGENPyXIy/TbfiWpXkZNkrCUDS4UlSAp4+FcJeGe91qlQP
VQHvhUi8PdhWroELXusOLz3ZX4exhsf1Mt3z5brZPljgZlD0Zj/VyQ==
=0nmi
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Fri Oct 21 14:16:50 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:30:59 2006
Subject: Phishing Feature: Convert HTML To Text
Message-ID: <mailman.16187.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I thing it would be a good idea...

In my opinion, the 2 functions used in conjunction would be the best
solution. I would use the warning beside the link, and the text conversion
used at the same time...

Regards

Roger Jochem


----- Original Message ----- 
From: "Julian Field" <MailScanner@ECS.SOTON.AC.UK>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Friday, October 21, 2005 10:47 AM
Subject: Re: Phishing Feature: Convert HTML To Text


> -----BEGIN PGP SIGNED MESSAGE-----
>
> On 21 Oct 2005, at 13:39, Dhawal Doshy wrote:
> > Julian Field wrote:
> >
> >> I have just added a comment to the article. Sending plain text
> >> messages doesn't help at all. It is trivial to write an HTML
> >> email  message that looks exactly like a plain text one when
> >> viewed in all  the most popular email apps.
> >>
> >
> > Agreed, but what i'm suggesting is forcibly converting the html
> > message to text by removing all links/frames/tags/objects and
> > replace the links with the plaintext (href) values if the option
> > (Convert Phishing HTML To Text) is set in MailScanner.conf as done
> > in the "Convert HTML To Text" option.
>
> That looks to be pretty easy.
> Do other people agree this would be a good idea?
> Would people use it?
>
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2425)
>
> iQEVAwUBQ1jjb/w32o+k+q+hAQFJ9QgAjksYSpi5WOnpOsXTrSCOPFdYnV+LJAVY
> 8lAjXOVCvEr9lQqHu+46uwmA0cQ9m8uHN67HWvwM/fD5bg8EbhImsKsVAvi9dRi+
> vnH0PHN6tFNrfiIP/icbbnk5WlsDTEVJrLLBfTd+fw2oFqr5KqTeYOiPqIZQVZt3
> 8EFmvfNZx5m8brzjIhiouMyRSlVghuNGAp+tkDdxYgh+mVk638ppTyGNsL/VNA3V
> CENOjAoxNnsy9HYfnmfGENPyXIy/TbfiWpXkZNkrCUDS4UlSAp4+FcJeGe91qlQP
> VQHvhUi8PdhWroELXusOLz3ZX4exhsf1Mt3z5brZPljgZlD0Zj/VyQ==
> =0nmi
> -----END PGP SIGNATURE-----
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alan at ESSEX.AC.UK  Fri Oct 21 14:38:49 2005
From: alan at ESSEX.AC.UK (Stanier, Alan M)
Date: Thu Jan 12 21:30:59 2006
Subject: Sudden increase in untagged SPAM
Message-ID: <mailman.16188.1137101459.24926.mailscanner@lists.mailscanner.info>

Hi

Over the last week or so (from the time we upgraded to spamassassin
3.1.0) we have seen a large increase in SPAM the filters do not catch
and tag.

Are other Universities seeing the same, or have we got a local problem?

Thanks

Alan Stanier
Essex University ISS

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Fri Oct 21 15:22:22 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:30:59 2006
Subject: feature request
Message-ID: <mailman.16189.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> This is all in the book :-)
> You have bought your copy, haven't you?
>
>   
I've two copies now. I guess its time I started looking over the latest 
copy :)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Fri Oct 21 16:46:35 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:30:59 2006
Subject: Sudden increase in untagged SPAM
Message-ID: <mailman.16190.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Stanier, Alan M wrote:
> Hi
> 
> Over the last week or so (from the time we upgraded to spamassassin
> 3.1.0) we have seen a large increase in SPAM the filters do not catch
> and tag.
> 
> Are other Universities seeing the same, or have we got a local problem?
>

Have you seen a corresponding increase in the number of messages the spam filter
is tagging? i.e. has your false-negative percentage changed, or has there just
been a general spike in the total volume of spam?

I myself had a peak in "spam caught" yesterday that hasn't been seen since mid
August.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 21 16:46:35 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:30:59 2006
Subject: Sudden increase in untagged SPAM
Message-ID: <mailman.16191.1137101459.24926.mailscanner@lists.mailscanner.info>

Alan

I saw this when I upgraded too..

I put the spf plugin back and things where a lot happier (edited
/etc/mail/spamassassin/310.pre uncommented the plugin and installed the
appropriate perl modules till spamassassin -D --lint ran clean)

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Stanier, Alan M
> Sent: 21 October 2005 14:39
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Sudden increase in untagged SPAM
> 
> Hi
> 
> Over the last week or so (from the time we upgraded to spamassassin
> 3.1.0) we have seen a large increase in SPAM the filters do not catch
> and tag.
> 
> Are other Universities seeing the same, or have we got a local problem?
> 
> Thanks
> 
> Alan Stanier
> Essex University ISS
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From luca.palazzo at NCE-ICT.IT  Fri Oct 21 17:34:47 2005
From: luca.palazzo at NCE-ICT.IT (Luca Palazzo)
Date: Thu Jan 12 21:30:59 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16192.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
today i'm experiencing a really strange problem. A customer sends a
mail, spamassassin is confugured to whitelist the sender (and does it)
but the message is tagged as spam.
When I look at log files the line seems to be truncated:

Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is

The output of mailscanner (configured in debug,foreground and
spamassassin debug) seem to be right.

Any idea

Luca

In Debugging mode, not forking...
[26731] dbg: logger: adding facilities: all
[26731] dbg: logger: logging level is DBG
[26731] dbg: generic: SpamAssassin version 3.1.0
[26731] dbg: config: score set 0 chosen.
[26731] dbg: util: running in taint mode? no
[26731] dbg: dns: is Net::DNS::Resolver available? yes
[26731] dbg: dns: Net::DNS version: 0.48
[26731] dbg: dns: name server: 212.210.251.2, family: 2, ipv6: 0
SA bayes lock is /tmp/.spamassassin/bayes.lock
Bayes lock is at /tmp/.spamassassin/bayes.lock
[26731] dbg: ignore: test message to precompile patterns and load modules
[26731] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[26731] dbg: config: read file /etc/mail/spamassassin/init.pre
[26731] dbg: config: read file /etc/mail/spamassassin/v310.pre
[26731] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[26731] dbg: config: using "/usr/share/spamassassin" for default rules dir
[26731] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[26731] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[26731] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[26731] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[26731] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[26731] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[26731] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[26731] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[26731] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[26731] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[26731] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[26731] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[26731] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[26731] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[26731] dbg: config: read file
/usr/share/spamassassin/60_whitelist_subject.cf
[26731] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[26731] dbg: config: read file /etc/mail/spamassassin/local.cf
[26731] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
[26731] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf"
for user prefs file
[26731] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94)
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9428ff4)
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c)
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[26731] dbg: pyzor: network tests on, attempting Pyzor
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Pyzor=HASH(0x944bf1c)
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[26731] dbg: reporter: network tests on, attempting SpamCop
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SpamCop=HASH(0x94b096c)
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AWL=HASH(0x94b80bc)
[26731] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x945786c)
[26731] dbg: plugin: loading
Mail::SpamAssassin::Plugin::WhiteListSubject from @INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9458274)
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from
@INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x960ce5c)
[26731] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags
from @INC
[26731] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x96175ac)
[26731] dbg: config: adding redirector regex:
/^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[26731] dbg: config: adding redirector regex:
/^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[26731] dbg: config: adding redirector regex:
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[26731] dbg: config: adding redirector regex:
/^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[26731] dbg: config: adding redirector regex:
/^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[26731] dbg: config: adding redirector regex:
m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i
[26731] dbg: config: adding redirector regex:
m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[26731] info: config: failed to parse line, skipping: dcc_path
/usr/local/bin/dccproc
[26731] info: config: failed to parse line, skipping: razor_timeout 10
[26731] info: config: failed to parse line, skipping: dcc_path
/usr/local/bin/dccproc
[26731] info: config: failed to parse line, skipping: razor_timeout 10
[26731] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x96175ac) implements
'finish_parsing_end'
[26731] dbg: replacetags: replacing tags
[26731] dbg: replacetags: done replacing tags
[26731] dbg: bayes: using username: root
[26731] dbg: config: score set 1 chosen.
[26731] dbg: message: ---- MIME PARSER START ----
[26731] dbg: message: main message type: text/plain
[26731] dbg: message: parsing normal part
[26731] dbg: message: added part, type: text/plain
[26731] dbg: message: ---- MIME PARSER END ----
[26731] dbg: dns: dns_available set to yes in config file, skipping test
[26731] dbg: metadata: X-Spam-Relays-Trusted:
[26731] dbg: metadata: X-Spam-Relays-Untrusted:
[26731] dbg: message: no encoding detected
[26731] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94) implements
'parsed_metadata'
[26731] dbg: uridnsbl: domains to query:
[26731] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop
[26731] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[26731] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[26731] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[26731] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop
[26731] dbg: dns: checking RBL combined.njabl.org., set njabl
[26731] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[26731] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop
[26731] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[26731] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[26731] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop
[26731] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop
[26731] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[26731] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[26731] dbg: check: running tests for priority: 0
[26731] dbg: rules: running header regexp tests; score so far=0
[26731] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[26731] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<1129912170.27313@spamassassin_spamd_init>
[26731] dbg: rules: "
[26731] dbg: rules: ran header rule NO_REAL_NAME ======> got hit:
"ignore@compiling.spamassassin.taint.org
[26731] dbg: rules: "
[26731] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
"@spamassassin_spamd_init>"
[26731] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
"1129912170"
[26731] dbg: plugin: registering glue method for
check_hashcash_double_spend
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9428ff4))
[26731] dbg: plugin: registering glue method for check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: spf: message was delivered entirely via trusted relays, not
required
[26731] dbg: eval: all '*From' addrs:
ignore@compiling.spamassassin.taint.org
[26731] dbg: plugin: registering glue method for
check_subject_in_blacklist
(Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9458274))
[26731] dbg: plugin: registering glue method for check_hashcash_value
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9428ff4))
[26731] dbg: eval: all '*To' addrs:
[26731] dbg: plugin: registering glue method for check_for_spf_neutral
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: spf: message was delivered entirely via trusted relays, not
required
[26731] dbg: plugin: registering glue method for check_for_spf_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[26731] dbg: plugin: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: plugin: registering glue method for
check_for_spf_helo_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: plugin: registering glue method for
check_for_def_spf_whitelist_from
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: spf: cannot get Envelope-From, cannot use SPF
[26731] dbg: spf: def_spf_whitelist_from: could not find useable
envelope sender
[26731] dbg: plugin: registering glue method for check_for_spf_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[26731] dbg: plugin: registering glue method for
check_subject_in_whitelist
(Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9458274))
[26731] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
[26731] dbg: plugin: registering glue method for
check_for_spf_whitelist_from
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[26731] dbg: spf: spf_whitelist_from: could not find useable envelope sender
[26731] dbg: rules: running body-text per-line regexp tests; score so
far=0.738
[26731] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[26731] dbg: uri: running uri tests; score so far=0.738
[26731] dbg: plugin: registering glue method for check_uridnsbl
(Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94))
[26731] dbg: rules: running raw-body-text per-line regexp tests; score
so far=0.738
[26731] dbg: rules: running full-text regexp tests; score so far=0.738
[26731] dbg: plugin: registering glue method for check_pyzor
(Mail::SpamAssassin::Plugin::Pyzor=HASH(0x944bf1c))
[26731] dbg: pyzor: pyzor is not available: no pyzor executable found
[26731] dbg: pyzor: no pyzor found, disabling Pyzor
[26731] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94) implements 'check_tick'
[26731] dbg: check: running tests for priority: 500
[26731] dbg: plugin:
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94) implements
'check_post_dnsbl'
[26731] dbg: rules: running meta tests; score so far=0.738
[26731] dbg: rules: running header regexp tests; score so far=2.216
[26731] dbg: rules: running body-text per-line regexp tests; score so
far=2.216
[26731] dbg: uri: running uri tests; score so far=2.216
[26731] dbg: rules: running raw-body-text per-line regexp tests; score
so far=2.216
[26731] dbg: rules: running full-text regexp tests; score so far=2.216
[26731] dbg: check: running tests for priority: 1000
[26731] dbg: rules: running meta tests; score so far=2.216
[26731] dbg: rules: running header regexp tests; score so far=2.216
[26731] dbg: plugin: registering glue method for
check_from_in_auto_whitelist
(Mail::SpamAssassin::Plugin::AWL=HASH(0x94b80bc))
[26731] dbg: rules: running body-text per-line regexp tests; score so
far=2.216
[26731] dbg: uri: running uri tests; score so far=2.216
[26731] dbg: rules: running raw-body-text per-line regexp tests; score
so far=2.216
[26731] dbg: rules: running full-text regexp tests; score so far=2.216
[26731] dbg: check: is spam? score=2.216 required=5
[26731] dbg: check:
tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[26731] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
[26733] dbg: message: ---- MIME PARSER START ----
[26733] dbg: message: main message type: multipart/alternative
[26733] dbg: message: parsing multipart, got boundary:
- ----=_NextPart_000_0007_01C5D657.42F5A1E0
[26733] dbg: message: found part of type text/plain, boundary:
- ----=_NextPart_000_0007_01C5D657.42F5A1E0
[26733] dbg: message: parsing normal part
[26733] dbg: message: added part, type: text/plain
[26733] dbg: message: found part of type text/html, boundary:
- ----=_NextPart_000_0007_01C5D657.42F5A1E0
[26733] dbg: message: parsing normal part
[26733] dbg: message: added part, type: text/html
[26733] dbg: message: ---- MIME PARSER END ----
[26733] dbg: dns: name server: 212.210.251.2, family: 2, ipv6: 0
[26733] dbg: received-header: parsed as [ ip=82.53.230.146
rdns=host146-230.pool8253.interbusiness.it helo=portatile
by=mailgw1.videobank.it ident= envfrom= intl=0 id=72803152107 auth= ]
[26733] dbg: received-header: relay 82.53.230.146 trusted? no internal? no
[26733] dbg: metadata: X-Spam-Relays-Trusted:
[26733] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=82.53.230.146
rdns=host146-230.pool8253.interbusiness.it helo=portatile
by=mailgw1.videobank.it ident= envfrom= intl=0 id=72803152107 auth= ]
[26733] dbg: message: decoding quoted-printable
[26733] dbg: message: decoding quoted-printable
[26733] dbg: uri: html uri found, cid:editdata.mso
[26733] dbg: uri: cleaned html uri, cid:editdata.mso
[26733] dbg: uri: html uri found, cid:filelist.xml@01C5D657.426F33D0
[26733] dbg: uri: cleaned html uri, cid:filelist.xml@01C5D657.426F33D0
[26733] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[26733] dbg: uri: cleaned parsed uri, mailto:omniagricolae@omniagricolae.it
[26733] dbg: uri: parsed domain, omniagricolae.it
[26733] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[26733] dbg: uri: parsed domain, omniagricolae.it
[26733] dbg: uri: parsed uri found, mailto:'jardin@maltanet.ne
[26733] dbg: uri: cleaned parsed uri, mailto:'jardin@maltanet.ne
[26733] dbg: uri: parsed domain, maltanet.ne
[26733] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[26733] dbg: uri: parsed domain, omniagricolae.it
[26733] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[26733] dbg: uri: parsed domain, omniagricolae.it
[26733] dbg: uri: parsed uri found, mailto:'jardin@maltanet.ne
[26733] dbg: uri: parsed domain, maltanet.ne
[26733] dbg: uridnsbl: domains to query:
[26733] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS A query for
146.230.53.82.sbl-xbl.spamhaus.org. in background
[26733] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS A query for
146.230.53.82.sa-accredit.habeas.com. in background
[26733] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs:
[26733] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS A query for
146.230.53.82.combined.njabl.org. in background
[26733] dbg: dns: checking RBL combined.njabl.org., set njabl
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS A query for
146.230.53.82.combined-HIB.dnsiplists.completewhois.com. in background
[26733] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS TXT query for
146.230.53.82.list.dsbl.org. in background
[26733] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS TXT query for
146.230.53.82.bl.spamcop.net. in background
[26733] dbg: dns: _check_rbl_addresses RBL blackhole.securitysage.com.,
set securitysage
[26733] dbg: dns: launching DNS A query for
omniagricolae.it.blackhole.securitysage.com. in background
[26733] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS TXT query for
146.230.53.82.sa-trusted.bondedsender.org. in background
[26733] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: _check_rbl_addresses RBL rhsbl.ahbl.org., set ahbl
[26733] dbg: dns: launching DNS A query for
omniagricolae.it.rhsbl.ahbl.org. in background
[26733] dbg: dns: checking A and MX for host omniagricolae.it
[26733] dbg: dns: launching DNS A query for omniagricolae.it in background
[26733] dbg: dns: launching DNS MX query for omniagricolae.it in background
[26733] dbg: dns: _check_rbl_addresses RBL fulldom.rfc-ignorant.org.,
set rfci_envfrom
[26733] dbg: dns: launching DNS A query for
omniagricolae.it.fulldom.rfc-ignorant.org. in background
[26733] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS A query for
146.230.53.82.dnsbl.sorbs.net. in background
[26733] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[26733] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[26733] dbg: dns: only inspecting the following IPs: 82.53.230.146
[26733] dbg: dns: launching DNS A query for
146.230.53.82.iadb.isipp.com. in background
[26733] dbg: check: running tests for priority: 0
[26733] dbg: rules: running header regexp tests; score so far=0
[26733] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[26733] dbg: rules: ran header rule __CT ======> got hit: "m"
[26733] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[26733] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<20051021135113.72803152107@mailgw1.videobank.it>
[26733] dbg: rules: "
[26733] dbg: rules: ran header rule __MIMEOLE_MS ======> got hit:
"Produced By Microsoft MimeOLE"
[26733] dbg: rules: ran header rule __NEXTPART_NORMAL ======> got hit:
"="----=_NextPart_000_0007_01C5D657.42F5A1E0""
[26733] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1"
[26733] dbg: rules: ran header rule __NEXTPART_ALL ======> got hit:
"NextPart"
[26733] dbg: rules: ran header rule __CTYPE_MULTIPART_ALT ======> got
hit: "multipart/alternative"
[26733] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<"
[26733] dbg: rules: ran header rule __HAS_MIMEOLE ======> got hit: "P"
[26733] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
"2005102113"
[26733] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "p"
[26733] dbg: rules: ran header rule __HAS_OUTLOOK_IN_MAILER ======> got
hit: "Microsoft Office Outlook"
[26733] dbg: rules: ran header rule __CTYPE_HAS_BOUNDARY ======> got
hit: "boundary"
[26733] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "M"
[26733] dbg: spf: checking HELO (helo=portatile, ip=82.53.230.146)
[26733] dbg: spf: cannot check HELO of 'portatile', skipping
[26733] dbg: eval: all '*From' addrs: omniagricolae@omniagricolae.it
[26733] dbg: rules: address omniagricolae@omniagricolae.it matches
whitelist or blacklist regexp: ^.*\@omniagricolae\.it$
[26733] dbg: rules: ran eval rule USER_IN_WHITELIST ======> got hit
[26733] dbg: eval: trying Received header date for real time:  21 Oct
2005 15:51:13 +0200
[26733] dbg: eval: time_t from date=1129902673, rcvd= 21 Oct 2005
15:51:13 +0200
[26733] dbg: eval: all '*To' addrs: jardin@maltanet.net
[26733] dbg: spf: checking EnvelopeFrom (helo=portatile,
ip=82.53.230.146, envfrom=omniagricolae@omniagricolae.it)
[26733] dbg: spf: cannot load or create Mail::SPF::Query module: Can't
locate Mail/SPF/Query.pm in @INC (@INC contains: /opt/MailScanner/bin
/opt/MailScanner/bin/MailScanner /opt/MailScanner/lib
/usr/lib/perl5/5.8.6/i486-linux /usr/lib/perl5/5.8.6
/usr/lib/perl5/site_perl/5.8.6/i486-linux /usr/lib/perl5/site_perl/5.8.6
/usr/lib/perl5/site_perl . /opt/MailScanner/lib) at
/usr/lib/perl5/site_perl/5.8.6/Mail/SpamAssassin/Plugin/SPF.pm line 272.
[26733] dbg: rules: ran eval rule MSGID_FROM_MTA_ID ======> got hit
[26733] dbg: eval: forged-HELO: from=pool8253.interbusiness.it
helo=portatile by=mailgw1.videobank.it
[26733] dbg: rules: ran eval rule __ENV_AND_HDR_FROM_MATCH ======> got hit
[26733] dbg: spf: def_whitelist_from_spf: omniagricolae@omniagricolae.it
is not in DEF_WHITELIST_FROM_SPF
[26733] dbg: eval: date chosen from message: Fri Oct 21 15:51:13 2005
[26733] dbg: spf: whitelist_from_spf: omniagricolae@omniagricolae.it is
not in user's WHITELIST_FROM_SPF
[26733] dbg: rules: running body-text per-line regexp tests; score so
far=-99.073
[26733] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "euro"
[26733] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "p"
[26733] dbg: uri: running uri tests; score so far=-99.073
[26733] dbg: bayes: not scoring message, returning undef
[26733] dbg: bayes: opportunistic call attempt failed, DB not readable
[26733] dbg: rules: ran eval rule __TAG_EXISTS_BODY ======> got hit
[26733] dbg: rules: ran eval rule __COMMENT_EXISTS ======> got hit
[26733] dbg: rules: ran eval rule __MIME_HTML ======> got hit
[26733] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit
[26733] dbg: rules: ran eval rule __TAG_EXISTS_HTML ======> got hit
[26733] dbg: eval: text words: 46, html words: 45
[26733] dbg: eval: madiff: left: 0, orig: 45, max-difference: 0.00%
[26733] dbg: rules: ran eval rule __TAG_EXISTS_HEAD ======> got hit
[26733] dbg: rules: ran eval rule __TAG_EXISTS_META ======> got hit
[26733] dbg: rules: running raw-body-text per-line regexp tests; score
so far=-99.072
[26733] dbg: rules: ran eval rule __MIME_QP ======> got hit
[26733] dbg: rules: running full-text regexp tests; score so far=-99.072
[26733] dbg: pyzor: pyzor is not available: no pyzor executable found
[26733] dbg: pyzor: no pyzor found, disabling Pyzor
[26733] dbg: check: running tests for priority: 500
[26733] dbg: dns: success for 14 of 14 queries
[26733] dbg: rules: running meta tests; score so far=-90.106
[26733] dbg: rules: running header regexp tests; score so far=-90.106
[26733] dbg: rules: running body-text per-line regexp tests; score so
far=-90.106
[26733] dbg: uri: running uri tests; score so far=-90.106
[26733] dbg: rules: running raw-body-text per-line regexp tests; score
so far=-90.106
[26733] dbg: rules: running full-text regexp tests; score so far=-90.106
[26733] dbg: check: running tests for priority: 1000
[26733] dbg: rules: running meta tests; score so far=-90.106
[26733] dbg: rules: running header regexp tests; score so far=-90.106
[26733] dbg: rules: running body-text per-line regexp tests; score so
far=-90.106
[26733] dbg: uri: running uri tests; score so far=-90.106
[26733] dbg: rules: running raw-body-text per-line regexp tests; score
so far=-90.106
[26733] dbg: rules: running full-text regexp tests; score so far=-90.106
[26733] dbg: check: is spam? score=-90.106 required=5
[26733] dbg: check:
tests=HTML_MESSAGE,MSGID_FROM_MTA_ID,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_WHOIS_INVALID,RCVD_IN_XBL,USER_IN_WHITELIST
[26733] dbg: check:
subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__ENV_AND_HDR_FROM_MATCH,__FRAUD_DBI,__HAS_MIMEOLE,__HAS_MSGID,__HAS_OUTLOOK_IN_MAILER,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__MIMEOLE_MS,__MIME_HTML,__MIME_QP,__MIME_VERSION,__MSGID_OK_DIGITS,__NEXTPART_ALL,__NEXTPART_NORMAL,__NONEMPTY_BODY,__RCVD_IN_NJABL,__RCVD_IN_SBL_XBL,__RCVD_IN_SORBS,__RCVD_IN_WHOIS,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS
Stopping now as you are debugging me.

- --

Luca Palazzo
System Engineer

N.C.E.  Network Consulting Engineering s.r.l.
Via Etnea, 52 - 95028 Valverde (CT) - ITALY
Tel/Fax: +39 095 524190
Mobile: +39 340 4608689
web: www.nce-ict.it
mail: luca.palazzo@nce-ict.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDWRinFU0TB0V8iHsRAmGyAJ4m1KAVKiuIaWXWkDKA+myMUoRMFQCfWkxe
WrLXGuSWpabHgRF7Z0Raa1w=
=Edr1
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Fri Oct 21 17:52:10 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:30:59 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16193.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Luca Palazzo wrote:
> Hi,
> today i'm experiencing a really strange problem. A customer sends a
> mail, spamassassin is confugured to whitelist the sender (and does it)
> but the message is tagged as spam.
> When I look at log files the line seems to be truncated:
> 
> Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
> from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is
> 
> The output of mailscanner (configured in debug,foreground and
> spamassassin debug) seem to be right.
> 
> Any idea
> Luca

82.53.230.146 is listed in spamhaus, cbl and others.. are you using the 
"Spam List" option in MailScanner.conf? if yes, then most likely this is 
the cause for marking the mail as spam.

Also your spamassassin setup seems to be missing the Mail::SPF plugin 
and you've not yet commented out the DCC and RAZOR related parts in 
v310.pre.. If you do not intend on using them then comment the related 
entries in spam.assassin.prefs.conf

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From luca.palazzo at NCE-ICT.IT  Fri Oct 21 18:43:26 2005
From: luca.palazzo at NCE-ICT.IT (Luca Palazzo)
Date: Thu Jan 12 21:30:59 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16194.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dhaway,
i've installed SPF but the problem is still there.
Please note that the end of debug output says that the message has -99
but it is still tagged.

Here is new debug output.

Thanks
Luca

In Debugging mode, not forking...
[9335] dbg: logger: adding facilities: all
[9335] dbg: logger: logging level is DBG
[9335] dbg: generic: SpamAssassin version 3.1.0
[9335] dbg: config: score set 0 chosen.
[9335] dbg: util: running in taint mode? no
[9335] dbg: dns: is Net::DNS::Resolver available? yes
[9335] dbg: dns: Net::DNS version: 0.48
[9335] dbg: dns: name server: 212.210.251.2, family: 2, ipv6: 0
SA bayes lock is /tmp/.spamassassin/bayes.lock
Bayes lock is at /tmp/.spamassassin/bayes.lock
[9335] dbg: ignore: test message to precompile patterns and load modules
[9335] dbg: config: using "/etc/mail/spamassassin" for site rules pre files
[9335] dbg: config: read file /etc/mail/spamassassin/init.pre
[9335] dbg: config: read file /etc/mail/spamassassin/v310.pre
[9335] dbg: config: using "/usr/share/spamassassin" for sys rules pre files
[9335] dbg: config: using "/usr/share/spamassassin" for default rules dir
[9335] dbg: config: read file /usr/share/spamassassin/10_misc.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_advance_fee.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_anti_ratware.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_body_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_compensate.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_dnsbl_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_drugs.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_fake_helo_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_head_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_html_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_meta_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_net_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_phrases.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_porn.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_ratware.cf
[9335] dbg: config: read file /usr/share/spamassassin/20_uri_tests.cf
[9335] dbg: config: read file /usr/share/spamassassin/23_bayes.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_accessdb.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_antivirus.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_body_tests_es.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_body_tests_pl.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_dcc.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_domainkeys.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_hashcash.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_pyzor.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_razor2.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_replace.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_spf.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_textcat.cf
[9335] dbg: config: read file /usr/share/spamassassin/25_uribl.cf
[9335] dbg: config: read file /usr/share/spamassassin/30_text_de.cf
[9335] dbg: config: read file /usr/share/spamassassin/30_text_fr.cf
[9335] dbg: config: read file /usr/share/spamassassin/30_text_it.cf
[9335] dbg: config: read file /usr/share/spamassassin/30_text_nl.cf
[9335] dbg: config: read file /usr/share/spamassassin/30_text_pl.cf
[9335] dbg: config: read file /usr/share/spamassassin/30_text_pt_br.cf
[9335] dbg: config: read file /usr/share/spamassassin/50_scores.cf
[9335] dbg: config: read file /usr/share/spamassassin/60_awl.cf
[9335] dbg: config: read file /usr/share/spamassassin/60_whitelist.cf
[9335] dbg: config: read file /usr/share/spamassassin/60_whitelist_spf.cf
[9335] dbg: config: read file
/usr/share/spamassassin/60_whitelist_subject.cf
[9335] dbg: config: using "/etc/mail/spamassassin" for site rules dir
[9335] dbg: config: read file /etc/mail/spamassassin/local.cf
[9335] dbg: config: read file /etc/mail/spamassassin/mailscanner.cf
[9335] dbg: config: using "/etc/MailScanner/spam.assassin.prefs.conf"
for user prefs file
[9335] dbg: config: read file /etc/MailScanner/spam.assassin.prefs.conf
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9428ff4)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::Pyzor from @INC
[9335] dbg: pyzor: network tests on, attempting Pyzor
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::Pyzor=HASH(0x944bf1c)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::SpamCop from @INC
[9335] dbg: reporter: network tests on, attempting SpamCop
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::SpamCop=HASH(0x94b096c)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::AWL from @INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AWL=HASH(0x94b80bc)
[9335] dbg: plugin: loading
Mail::SpamAssassin::Plugin::AutoLearnThreshold from @INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::AutoLearnThreshold=HASH(0x945786c)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::WhiteListSubject
from @INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9458274)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::MIMEHeader from @INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::MIMEHeader=HASH(0x960ce5c)
[9335] dbg: plugin: loading Mail::SpamAssassin::Plugin::ReplaceTags from
@INC
[9335] dbg: plugin: registered
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x96175ac)
[9335] dbg: config: adding redirector regex:
/^http:\/\/chkpt\.zdnet\.com\/chkpt\/\w+\/(.*)$/i
[9335] dbg: config: adding redirector regex:
/^http:\/\/www(?:\d+)?\.nate\.com\/r\/\w+\/(.*)$/i
[9335] dbg: config: adding redirector regex:
/^http:\/\/.+\.gov\/(?:.*\/)?externalLink\.jhtml\?.*url=(.*?)(?:&.*)?$/i
[9335] dbg: config: adding redirector regex:
/^http:\/\/redir\.internet\.com\/.+?\/.+?\/(.*)$/i
[9335] dbg: config: adding redirector regex:
/^http:\/\/(?:.*?\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
[9335] dbg: config: adding redirector regex:
m'^http.*?/redirect\.php\?.*(?<=[?&])goto=(.*?)(?:$|[&\#])'i
[9335] dbg: config: adding redirector regex:
m'^https?:/*(?:[^/]+\.)?emf\d\.com/r\.cfm.*?&r=(.*)'i
[9335] info: config: failed to parse line, skipping: dcc_path
/usr/local/bin/dccproc
[9335] info: config: failed to parse line, skipping: razor_timeout 10
[9335] info: config: failed to parse line, skipping: dcc_path
/usr/local/bin/dccproc
[9335] info: config: failed to parse line, skipping: razor_timeout 10
[9335] dbg: plugin:
Mail::SpamAssassin::Plugin::ReplaceTags=HASH(0x96175ac) implements
'finish_parsing_end'
[9335] dbg: replacetags: replacing tags
[9335] dbg: replacetags: done replacing tags
[9335] dbg: bayes: using username: root
[9335] dbg: config: score set 1 chosen.
[9335] dbg: message: ---- MIME PARSER START ----
[9335] dbg: message: main message type: text/plain
[9335] dbg: message: parsing normal part
[9335] dbg: message: added part, type: text/plain
[9335] dbg: message: ---- MIME PARSER END ----
[9335] dbg: dns: dns_available set to yes in config file, skipping test
[9335] dbg: metadata: X-Spam-Relays-Trusted:
[9335] dbg: metadata: X-Spam-Relays-Untrusted:
[9335] dbg: message: no encoding detected
[9335] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94)
implements 'parsed_metadata'
[9335] dbg: uridnsbl: domains to query:
[9335] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop
[9335] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[9335] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[9335] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[9335] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop
[9335] dbg: dns: checking RBL combined.njabl.org., set njabl
[9335] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[9335] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop
[9335] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[9335] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[9335] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop
[9335] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop
[9335] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[9335] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[9335] dbg: check: running tests for priority: 0
[9335] dbg: rules: running header regexp tests; score so far=0
[9335] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[9335] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<1129916616.66707@spamassassin_spamd_init>
[9335] dbg: rules: "
[9335] dbg: rules: ran header rule NO_REAL_NAME ======> got hit:
"ignore@compiling.spamassassin.taint.org
[9335] dbg: rules: "
[9335] dbg: rules: ran header rule __MSGID_OK_HOST ======> got hit:
"@spamassassin_spamd_init>"
[9335] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
"1129916616"
[9335] dbg: plugin: registering glue method for
check_hashcash_double_spend
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9428ff4))
[9335] dbg: plugin: registering glue method for check_for_spf_helo_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: spf: message was delivered entirely via trusted relays, not
required
[9335] dbg: eval: all '*From' addrs: ignore@compiling.spamassassin.taint.org
[9335] dbg: plugin: registering glue method for
check_subject_in_blacklist
(Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9458274))
[9335] dbg: plugin: registering glue method for check_hashcash_value
(Mail::SpamAssassin::Plugin::Hashcash=HASH(0x9428ff4))
[9335] dbg: eval: all '*To' addrs:
[9335] dbg: plugin: registering glue method for check_for_spf_neutral
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: spf: message was delivered entirely via trusted relays, not
required
[9335] dbg: plugin: registering glue method for check_for_spf_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: rules: ran eval rule NO_RELAYS ======> got hit
[9335] dbg: plugin: registering glue method for check_for_spf_pass
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: plugin: registering glue method for
check_for_spf_helo_softfail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: plugin: registering glue method for
check_for_def_spf_whitelist_from
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: spf: cannot get Envelope-From, cannot use SPF
[9335] dbg: spf: def_spf_whitelist_from: could not find useable envelope
sender
[9335] dbg: plugin: registering glue method for check_for_spf_fail
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: rules: ran eval rule __UNUSABLE_MSGID ======> got hit
[9335] dbg: plugin: registering glue method for
check_subject_in_whitelist
(Mail::SpamAssassin::Plugin::WhiteListSubject=HASH(0x9458274))
[9335] dbg: rules: ran eval rule MISSING_HEADERS ======> got hit
[9335] dbg: plugin: registering glue method for
check_for_spf_whitelist_from
(Mail::SpamAssassin::Plugin::SPF=HASH(0x943e08c))
[9335] dbg: spf: spf_whitelist_from: could not find useable envelope sender
[9335] dbg: rules: running body-text per-line regexp tests; score so
far=0.738
[9335] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "I"
[9335] dbg: uri: running uri tests; score so far=0.738
[9335] dbg: plugin: registering glue method for check_uridnsbl
(Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94))
[9335] dbg: rules: running raw-body-text per-line regexp tests; score so
far=0.738
[9335] dbg: rules: running full-text regexp tests; score so far=0.738
[9335] dbg: plugin: registering glue method for check_pyzor
(Mail::SpamAssassin::Plugin::Pyzor=HASH(0x944bf1c))
[9335] dbg: pyzor: pyzor is not available: no pyzor executable found
[9335] dbg: pyzor: no pyzor found, disabling Pyzor
[9335] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94)
implements 'check_tick'
[9335] dbg: check: running tests for priority: 500
[9335] dbg: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x9409a94)
implements 'check_post_dnsbl'
[9335] dbg: rules: running meta tests; score so far=0.738
[9335] dbg: rules: running header regexp tests; score so far=2.216
[9335] dbg: rules: running body-text per-line regexp tests; score so
far=2.216
[9335] dbg: uri: running uri tests; score so far=2.216
[9335] dbg: rules: running raw-body-text per-line regexp tests; score so
far=2.216
[9335] dbg: rules: running full-text regexp tests; score so far=2.216
[9335] dbg: check: running tests for priority: 1000
[9335] dbg: rules: running meta tests; score so far=2.216
[9335] dbg: rules: running header regexp tests; score so far=2.216
[9335] dbg: plugin: registering glue method for
check_from_in_auto_whitelist
(Mail::SpamAssassin::Plugin::AWL=HASH(0x94b80bc))
[9335] dbg: rules: running body-text per-line regexp tests; score so
far=2.216
[9335] dbg: uri: running uri tests; score so far=2.216
[9335] dbg: rules: running raw-body-text per-line regexp tests; score so
far=2.216
[9335] dbg: rules: running full-text regexp tests; score so far=2.216
[9335] dbg: check: is spam? score=2.216 required=5
[9335] dbg: check:
tests=MISSING_HEADERS,MISSING_SUBJECT,NO_REAL_NAME,NO_RECEIVED,NO_RELAYS,TO_CC_NONE
[9335] dbg: check:
subtests=__HAS_MSGID,__MSGID_OK_DIGITS,__MSGID_OK_HOST,__NONEMPTY_BODY,__SANE_MSGID,__UNUSABLE_MSGID
[9337] dbg: message: ---- MIME PARSER START ----
[9337] dbg: message: main message type: multipart/alternative
[9337] dbg: message: parsing multipart, got boundary:
- ----=_NextPart_000_0007_01C5D657.42F5A1E0
[9337] dbg: message: found part of type text/plain, boundary:
- ----=_NextPart_000_0007_01C5D657.42F5A1E0
[9337] dbg: message: parsing normal part
[9337] dbg: message: added part, type: text/plain
[9337] dbg: message: found part of type text/html, boundary:
- ----=_NextPart_000_0007_01C5D657.42F5A1E0
[9337] dbg: message: parsing normal part
[9337] dbg: message: added part, type: text/html
[9337] dbg: message: ---- MIME PARSER END ----
[9337] dbg: dns: name server: 212.210.251.2, family: 2, ipv6: 0
[9337] dbg: received-header: parsed as [ ip=82.53.230.146
rdns=host146-230.pool8253.interbusiness.it helo=portatile
by=mailgw1.videobank.it ident= envfrom= intl=0 id=72803152107 auth= ]
[9337] dbg: received-header: relay 82.53.230.146 trusted? no internal? no
[9337] dbg: metadata: X-Spam-Relays-Trusted:
[9337] dbg: metadata: X-Spam-Relays-Untrusted: [ ip=82.53.230.146
rdns=host146-230.pool8253.interbusiness.it helo=portatile
by=mailgw1.videobank.it ident= envfrom= intl=0 id=72803152107 auth= ]
[9337] dbg: message: decoding quoted-printable
[9337] dbg: message: decoding quoted-printable
[9337] dbg: uri: html uri found, cid:editdata.mso
[9337] dbg: uri: cleaned html uri, cid:editdata.mso
[9337] dbg: uri: html uri found, cid:filelist.xml@01C5D657.426F33D0
[9337] dbg: uri: cleaned html uri, cid:filelist.xml@01C5D657.426F33D0
[9337] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[9337] dbg: uri: cleaned parsed uri, mailto:omniagricolae@omniagricolae.it
[9337] dbg: uri: parsed domain, omniagricolae.it
[9337] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[9337] dbg: uri: parsed domain, omniagricolae.it
[9337] dbg: uri: parsed uri found, mailto:'jardin@maltanet.ne
[9337] dbg: uri: cleaned parsed uri, mailto:'jardin@maltanet.ne
[9337] dbg: uri: parsed domain, maltanet.ne
[9337] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[9337] dbg: uri: parsed domain, omniagricolae.it
[9337] dbg: uri: parsed uri found, mailto:omniagricolae@omniagricolae.it
[9337] dbg: uri: parsed domain, omniagricolae.it
[9337] dbg: uri: parsed uri found, mailto:'jardin@maltanet.ne
[9337] dbg: uri: parsed domain, maltanet.ne
[9337] dbg: uridnsbl: domains to query:
[9337] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl-notfirsthop
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS A query for
146.230.53.82.sbl-xbl.spamhaus.org. in background
[9337] dbg: dns: checking RBL sa-accredit.habeas.com., set
habeas-firsttrusted
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS A query for
146.230.53.82.sa-accredit.habeas.com. in background
[9337] dbg: dns: checking RBL sbl-xbl.spamhaus.org., set sblxbl
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: checking RBL sa-other.bondedsender.org., set bsp-untrusted
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs:
[9337] dbg: dns: checking RBL combined.njabl.org., set njabl-notfirsthop
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS A query for
146.230.53.82.combined.njabl.org. in background
[9337] dbg: dns: checking RBL combined.njabl.org., set njabl
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS A query for
146.230.53.82.combined-HIB.dnsiplists.completewhois.com. in background
[9337] dbg: dns: checking RBL list.dsbl.org., set dsbl-notfirsthop
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS TXT query for
146.230.53.82.list.dsbl.org. in background
[9337] dbg: dns: checking RBL bl.spamcop.net., set spamcop
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS TXT query for
146.230.53.82.bl.spamcop.net. in background
[9337] dbg: dns: _check_rbl_addresses RBL blackhole.securitysage.com.,
set securitysage
[9337] dbg: dns: launching DNS A query for
omniagricolae.it.blackhole.securitysage.com. in background
[9337] dbg: dns: checking RBL sa-trusted.bondedsender.org., set
bsp-firsttrusted
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS TXT query for
146.230.53.82.sa-trusted.bondedsender.org. in background
[9337] dbg: dns: checking RBL
combined-HIB.dnsiplists.completewhois.com., set whois-notfirsthop
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: _check_rbl_addresses RBL rhsbl.ahbl.org., set ahbl
[9337] dbg: dns: launching DNS A query for
omniagricolae.it.rhsbl.ahbl.org. in background
[9337] dbg: dns: checking A and MX for host omniagricolae.it
[9337] dbg: dns: launching DNS A query for omniagricolae.it in background
[9337] dbg: dns: launching DNS MX query for omniagricolae.it in background
[9337] dbg: dns: _check_rbl_addresses RBL fulldom.rfc-ignorant.org., set
rfci_envfrom
[9337] dbg: dns: launching DNS A query for
omniagricolae.it.fulldom.rfc-ignorant.org. in background
[9337] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs-notfirsthop
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS A query for
146.230.53.82.dnsbl.sorbs.net. in background
[9337] dbg: dns: checking RBL dnsbl.sorbs.net., set sorbs
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: checking RBL iadb.isipp.com., set iadb-firsttrusted
[9337] dbg: dns: IPs found: full-external: 82.53.230.146 untrusted:
82.53.230.146 originating:
[9337] dbg: dns: only inspecting the following IPs: 82.53.230.146
[9337] dbg: dns: launching DNS A query for 146.230.53.82.iadb.isipp.com.
in background
[9337] dbg: check: running tests for priority: 0
[9337] dbg: rules: running header regexp tests; score so far=0
[9337] dbg: rules: ran header rule __HAS_MSGID ======> got hit: "<"
[9337] dbg: rules: ran header rule __CT ======> got hit: "m"
[9337] dbg: rules: ran header rule __HAS_RCVD ======> got hit: "f"
[9337] dbg: rules: ran header rule __SANE_MSGID ======> got hit:
"<20051021135113.72803152107@mailgw1.videobank.it>
[9337] dbg: rules: "
[9337] dbg: rules: ran header rule __MIMEOLE_MS ======> got hit:
"Produced By Microsoft MimeOLE"
[9337] dbg: rules: ran header rule __NEXTPART_NORMAL ======> got hit:
"="----=_NextPart_000_0007_01C5D657.42F5A1E0""
[9337] dbg: rules: ran header rule __MIME_VERSION ======> got hit: "1"
[9337] dbg: rules: ran header rule __NEXTPART_ALL ======> got hit:
"NextPart"
[9337] dbg: rules: ran header rule __CTYPE_MULTIPART_ALT ======> got
hit: "multipart/alternative"
[9337] dbg: rules: ran header rule __TOCC_EXISTS ======> got hit: "<"
[9337] dbg: rules: ran header rule __HAS_MIMEOLE ======> got hit: "P"
[9337] dbg: rules: ran header rule __MSGID_OK_DIGITS ======> got hit:
"2005102113"
[9337] dbg: rules: ran header rule __HAS_SUBJECT ======> got hit: "p"
[9337] dbg: rules: ran header rule __HAS_OUTLOOK_IN_MAILER ======> got
hit: "Microsoft Office Outlook"
[9337] dbg: rules: ran header rule __CTYPE_HAS_BOUNDARY ======> got hit:
"boundary"
[9337] dbg: rules: ran header rule __HAS_X_MAILER ======> got hit: "M"
[9337] dbg: spf: checking HELO (helo=portatile, ip=82.53.230.146)
[9337] dbg: spf: cannot check HELO of 'portatile', skipping
[9337] dbg: eval: all '*From' addrs: omniagricolae@omniagricolae.it
[9337] dbg: rules: address omniagricolae@omniagricolae.it matches
whitelist or blacklist regexp: ^.*\@omniagricolae\.it$
[9337] dbg: rules: ran eval rule USER_IN_WHITELIST ======> got hit
[9337] dbg: eval: trying Received header date for real time:  21 Oct
2005 15:51:13 +0200
[9337] dbg: eval: time_t from date=1129902673, rcvd= 21 Oct 2005
15:51:13 +0200
[9337] dbg: eval: all '*To' addrs: jardin@maltanet.net
[9337] dbg: spf: checking EnvelopeFrom (helo=portatile,
ip=82.53.230.146, envfrom=omniagricolae@omniagricolae.it)
[9337] dbg: spf: query for
omniagricolae@omniagricolae.it/82.53.230.146/portatile: result: none,
comment: SPF: domain of sender omniagricolae@omniagricolae.it does not
designate mailers
[9337] dbg: rules: ran eval rule MSGID_FROM_MTA_ID ======> got hit
[9337] dbg: eval: forged-HELO: from=pool8253.interbusiness.it
helo=portatile by=mailgw1.videobank.it
[9337] dbg: rules: ran eval rule __ENV_AND_HDR_FROM_MATCH ======> got hit
[9337] dbg: spf: def_whitelist_from_spf: omniagricolae@omniagricolae.it
is not in DEF_WHITELIST_FROM_SPF
[9337] dbg: eval: date chosen from message: Fri Oct 21 15:51:13 2005
[9337] dbg: spf: whitelist_from_spf: omniagricolae@omniagricolae.it is
not in user's WHITELIST_FROM_SPF
[9337] dbg: rules: running body-text per-line regexp tests; score so
far=-99.073
[9337] dbg: rules: ran body rule __FRAUD_DBI ======> got hit: "euro"
[9337] dbg: rules: ran body rule __NONEMPTY_BODY ======> got hit: "p"
[9337] dbg: uri: running uri tests; score so far=-99.073
[9337] dbg: bayes: not scoring message, returning undef
[9337] dbg: bayes: opportunistic call attempt failed, DB not readable
[9337] dbg: rules: ran eval rule __TAG_EXISTS_BODY ======> got hit
[9337] dbg: rules: ran eval rule __COMMENT_EXISTS ======> got hit
[9337] dbg: rules: ran eval rule __MIME_HTML ======> got hit
[9337] dbg: rules: ran eval rule HTML_MESSAGE ======> got hit
[9337] dbg: rules: ran eval rule __TAG_EXISTS_HTML ======> got hit
[9337] dbg: eval: text words: 46, html words: 45
[9337] dbg: eval: madiff: left: 0, orig: 45, max-difference: 0.00%
[9337] dbg: rules: ran eval rule __TAG_EXISTS_HEAD ======> got hit
[9337] dbg: rules: ran eval rule __TAG_EXISTS_META ======> got hit
[9337] dbg: rules: running raw-body-text per-line regexp tests; score so
far=-99.072
[9337] dbg: rules: ran eval rule __MIME_QP ======> got hit
[9337] dbg: rules: running full-text regexp tests; score so far=-99.072
[9337] dbg: pyzor: pyzor is not available: no pyzor executable found
[9337] dbg: pyzor: no pyzor found, disabling Pyzor
[9337] dbg: check: running tests for priority: 500
[9337] dbg: dns: success for 14 of 14 queries
[9337] dbg: rules: running meta tests; score so far=-90.106
[9337] dbg: rules: running header regexp tests; score so far=-90.106
[9337] dbg: rules: running body-text per-line regexp tests; score so
far=-90.106
[9337] dbg: uri: running uri tests; score so far=-90.106
[9337] dbg: rules: running raw-body-text per-line regexp tests; score so
far=-90.106
[9337] dbg: rules: running full-text regexp tests; score so far=-90.106
[9337] dbg: check: running tests for priority: 1000
[9337] dbg: rules: running meta tests; score so far=-90.106
[9337] dbg: rules: running header regexp tests; score so far=-90.106
[9337] dbg: rules: running body-text per-line regexp tests; score so
far=-90.106
[9337] dbg: uri: running uri tests; score so far=-90.106
[9337] dbg: rules: running raw-body-text per-line regexp tests; score so
far=-90.106
[9337] dbg: rules: running full-text regexp tests; score so far=-90.106
[9337] dbg: check: is spam? score=-90.106 required=5
[9337] dbg: check:
tests=HTML_MESSAGE,MSGID_FROM_MTA_ID,RCVD_IN_NJABL_DUL,RCVD_IN_SORBS_DUL,RCVD_IN_WHOIS_INVALID,RCVD_IN_XBL,USER_IN_WHITELIST
[9337] dbg: check:
subtests=__COMMENT_EXISTS,__CT,__CTYPE_HAS_BOUNDARY,__CTYPE_MULTIPART_ALT,__ENV_AND_HDR_FROM_MATCH,__FRAUD_DBI,__HAS_MIMEOLE,__HAS_MSGID,__HAS_OUTLOOK_IN_MAILER,__HAS_RCVD,__HAS_SUBJECT,__HAS_X_MAILER,__MIMEOLE_MS,__MIME_HTML,__MIME_QP,__MIME_VERSION,__MSGID_OK_DIGITS,__NEXTPART_ALL,__NEXTPART_NORMAL,__NONEMPTY_BODY,__RCVD_IN_NJABL,__RCVD_IN_SBL_XBL,__RCVD_IN_SORBS,__RCVD_IN_WHOIS,__SANE_MSGID,__TAG_EXISTS_BODY,__TAG_EXISTS_HEAD,__TAG_EXISTS_HTML,__TAG_EXISTS_META,__TOCC_EXISTS
Stopping now as you are debugging me.


Dhawal Doshy wrote:
> Luca Palazzo wrote:
> 
>> Hi,
>> today i'm experiencing a really strange problem. A customer sends a
>> mail, spamassassin is confugured to whitelist the sender (and does it)
>> but the message is tagged as spam.
>> When I look at log files the line seems to be truncated:
>>
>> Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
>> from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is
>>
>> The output of mailscanner (configured in debug,foreground and
>> spamassassin debug) seem to be right.
>>
>> Any idea
>> Luca
> 
> 
> 82.53.230.146 is listed in spamhaus, cbl and others.. are you using the
> "Spam List" option in MailScanner.conf? if yes, then most likely this is
> the cause for marking the mail as spam.
> 
> Also your spamassassin setup seems to be missing the Mail::SPF plugin
> and you've not yet commented out the DCC and RAZOR related parts in
> v310.pre.. If you do not intend on using them then comment the related
> entries in spam.assassin.prefs.conf
> 
> - dhawal
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

- --

Luca Palazzo
System Engineer

N.C.E.  Network Consulting Engineering s.r.l.
Via Etnea, 52 - 95028 Valverde (CT) - ITALY
Tel/Fax: +39 095 524190
Mobile: +39 340 4608689
web: www.nce-ict.it
mail: luca.palazzo@nce-ict.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDWSi+FU0TB0V8iHsRAub9AKDhzDbEG3jRQZL3jFFY2O9nvl/E9ACgvIUU
toNRgeXF/I6kIf0Vtl1V9s4=
=SV1f
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Fri Oct 21 18:31:09 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:30:59 2006
Subject: Sudden increase in untagged SPAM
Message-ID: <mailman.16195.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Stanier, Alan M wrote:
> Hi
> 
> Over the last week or so (from the time we upgraded to spamassassin
> 3.1.0) we have seen a large increase in SPAM the filters do not catch
> and tag.
> 
> Are other Universities seeing the same, or have we got a local problem?
> 
> Thanks
> 
> Alan Stanier
> Essex University ISS
> 

Razor and DCC are now disabled by default.

Look in /etc/mail/spamassassin/v310.pre

and uncomment respectively.  Make sure you understand their licences, 
though.

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Fri Oct 21 20:09:02 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16196.1137101459.24926.mailscanner@lists.mailscanner.info>

Scott Silva <mailto:ssilva@SGVWATER.COM>
    on Friday, October 21, 2005 11:09 AM said:

> Did you stop MailScanner before you changed the bayes files?

No.

> Did you check the permissions?

No. What are they supposed to be?

> Run a lint test?

No.

> Restart MailScanner (not reload)?

No.


However, I just installed MailWatch and it required that I stop
MailScanner, move the bayes db from the original location to a MailWatch
specific spot, run a lint test, and then start MailScanner.

In other words when I originally installed the FSL files I did none of
what you said, but I've done it since then. Have I screwed things up?



Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Fri Oct 21 20:48:53 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:30:59 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16197.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Luca Palazzo wrote:
> Dhaway,
> i've installed SPF but the problem is still there.
> Please note that the end of debug output says that the message has -99
> but it is still tagged.


MailScanner's spam lists will tag a message as spam no matter what SpamAssassin
says.

So it's *VERY* important to check to see if you have any spam lists enabled in
MailScanner.conf.

All that said, if you really want to whitelist a sender, do it at the
MailScanner level, not at the spamassassin level.

 Adding a whitelist command to SA will only whitelist the user from being tagged
due to spamassassin score. It will not protect them from being tagged by any
tests (such as spam lists) performed at the MailScanner level.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Oct 21 21:56:05 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16198.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 21/10/05, Chris W. Parker <cparker@swatgear.com> wrote:
> Scott Silva <mailto:ssilva@SGVWATER.COM>
>     on Friday, October 21, 2005 11:09 AM said:
>
> > Did you stop MailScanner before you changed the bayes files?
>
> No.
>
> > Did you check the permissions?
>
> No. What are they supposed to be?
>
> > Run a lint test?
>
> No.
>
> > Restart MailScanner (not reload)?
>
> No.
>
>
> However, I just installed MailWatch and it required that I stop
> MailScanner, move the bayes db from the original location to a MailWatch
> specific spot, run a lint test, and then start MailScanner.
>
> In other words when I originally installed the FSL files I did none of
> what you said, but I've done it since then. Have I screwed things up?
>
>
>
> Chris.
>
Probably not... If you've followed Steves instructions to the letter,
you should be fine.
And you likely were already (I see Bayes scoring in the above
excerpts... you wouldn't get that if Bayes wasn't willing to play).
Steves changes are mainly to make sure sa-learn works from the
MailWatch interface (should you need to use it).
I think you'll find that if you (can) add in the digest tests (I don't
see them above... Might perhaps be there but not contributing any
points), and perhaps a modicum of tweaks to the existing rules and
perhaps some extra rules ... you'll get rather good precision. Look in
the wiki (http://wiki.mailscanner.info) for how to get/enable
razor2/pyzor/DCC. Note that only pyzor is really  "squeaky-free":-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct 21 23:09:08 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:30:59 2006
Subject: Help with bayes administration/setup
Message-ID: <mailman.16199.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker spake the following on 10/21/2005 12:09 PM:
> Scott Silva <mailto:ssilva@SGVWATER.COM>
>     on Friday, October 21, 2005 11:09 AM said:
> 
> 
>>Did you stop MailScanner before you changed the bayes files?
> 
> 
> No.
> 
> 
>>Did you check the permissions?
> 
> 
> No. What are they supposed to be?
> 
> 
>>Run a lint test?
> 
> 
> No.
> 
> 
>>Restart MailScanner (not reload)?
> 
> 
> No.
> 
> 
> However, I just installed MailWatch and it required that I stop
> MailScanner, move the bayes db from the original location to a MailWatch
> specific spot, run a lint test, and then start MailScanner.
> 
> In other words when I originally installed the FSL files I did none of
> what you said, but I've done it since then. Have I screwed things up?
> 
> 
> 
> Chris.
> 
If you tried to replace the bayes files while MailScanner was running,
it probably didn't work, as MailScanner might have been writing or
otherwise had them locked.
If you also installed mailwatch, you might want to stop everything, and
re-copy the bayes starter database. If you used fsl.com's
spamassassin.prefs.conf file, make sure you put the bayes files in the
proper place as per the directives in that file (etc/MailScanner/bayes
if I remember correctly).
Then start MailScanner and look if things are running ok.
you could run tail -f on the maillog and watch it start up.
I usually have 2 or 3 ssh sessions running when I do things like this.
That way I can be watching a log or 2 with tail, and have a session to
work in.
And make sure that when you run the lint test, you specify the location
of the spamassassin.prefs file like this;

spamassassin -D --lint -p /etc/MailScanner/spam.assassin.prefs.conf

Adjust to suit your setup.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Fri Oct 21 16:12:05 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16200.1137101459.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>> It extracts the key alright, but it is not in a proper base64
>> encoded .cer format
>> It is the raw key.
>>
>> I.e. it lookes like this:
>> 0M-^B^E00M-^B^D^X ^C^B^A^B^B^D?¼^B^@0^M^F
>> *M-^FHM-^F÷^M^A^A^E^E^@011^K0   ^F^CU^D^F^S^BDK1^L0
>> ^F^CU^D
>> ^S^CTDC1^T0^R^F^CU^D^C^S^KTDC OCES
>> CA0^^^W^M031227160115Z^W^M051227163115Z0s1^K0
>> ^F^CU^D^F^S^BDK1)0'^F^CU^D
>> ^S Ingen organisatorisk tilknytning190^R^F^CU^D^C^S^KLeif
>> Neland0#^F^CU^D^E^S^\PID:9208-2002-2-6898543449640M-^AM-^_0^M^F
>>
>> But my .cer file looks like this:
>> -----BEGIN CERTIFICATE-----
>> MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UE^M
>> ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTEyMjcxNjMx^M
>> MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB0aWxrbnl0^M
>>
>> Leif
>>
> Well that looks like they're stored in DER format. If you'd like them
> as PEM, just use openssl x509 to convert them:
> openssl x509 -in ./aaa.der -inform DER -out aaa.pem -outform PEM

Not quite:
-bash-2.05b# openssl x509 -in ./20051021000346-leif\@neland.dk -inform 
DER -out leif@neland.dk.cer -outform PEM
unable to load certificate
27297:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong 
tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946:
27297:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 
error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:304:Type=X509_CINF
27297:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1 
error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:566:Field=cert_info, 
Type=X509

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From randyf at SIBERNET.COM  Sat Oct 22 04:37:09 2005
From: randyf at SIBERNET.COM (Randy Fishel)
Date: Thu Jan 12 21:31:00 2006
Subject: spam filtering ceased
Message-ID: <mailman.16201.1137101460.24926.mailscanner@lists.mailscanner.info>

On Mon, 17 Oct 2005, Dan Stromberg wrote:

> On Sun, 2005-10-16 at 11:20 +0100, Julian Field wrote:
>
>> By default, MailScanner will always use /usr/bin/perl. But anything that
>> looks for perl in your path may well pick up /dcs/bin/perl. Having these
>> 2 different is very dangerous and the cause of a whole host of problems.
>> Consider replacing /usr/bin/perl with a link to /dcs/bin/perl. And who
>> put perl in /bin? It doesn't belong there.
>
> Hi Julian.
>
> Thanks for your comments.
>
> I'm reluctant to replace /usr/bin/perl with a symlink to /dcs/bin/perl,
> because /usr/bin/perl is the Sun version, and I'm concerned that there
> might be a perl script that ships with the OS that isn't compatibile
> with /dcs/bin/perl.

   If you looked closely at /usr/bin/perl, you would find it is a symlink 
already.  It is perfectly acceptable on a Solaris system to replace this 
symlink with another (/dcs/bin/perl, /usr/local/bin/perl, etc.).

>
> /bin and /usr/bin are the same directory usually on most Sun's.

   On all recent Solaris distributions, /bin is a symlink to /usr/bin.

>
> Would it be sufficient to make sure the $PATH as known by MailScanner
> does not include /dcs/bin/perl?

   Just simply remove /usr/bin/perl, and symlink it to /dcs/bin/perl.  Even 
if you upgraded Solaris, this symlink would not be replaced.

rf

>
> Thanks!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From randyf at SIBERNET.COM  Sat Oct 22 04:49:16 2005
From: randyf at SIBERNET.COM (Randy Fishel)
Date: Thu Jan 12 21:31:00 2006
Subject: spam filtering ceased
Message-ID: <mailman.16202.1137101460.24926.mailscanner@lists.mailscanner.info>

On Fri, 21 Oct 2005, randyf@husky.sibernet.com wrote:

>
>
> On Mon, 17 Oct 2005, Dan Stromberg wrote:
>
>> On Sun, 2005-10-16 at 11:20 +0100, Julian Field wrote:
>> 
>>> By default, MailScanner will always use /usr/bin/perl. But anything that
>>> looks for perl in your path may well pick up /dcs/bin/perl. Having these
>>> 2 different is very dangerous and the cause of a whole host of problems.
>>> Consider replacing /usr/bin/perl with a link to /dcs/bin/perl. And who
>>> put perl in /bin? It doesn't belong there.
>> 
>> Hi Julian.
>> 
>> Thanks for your comments.
>> 
>> I'm reluctant to replace /usr/bin/perl with a symlink to /dcs/bin/perl,
>> because /usr/bin/perl is the Sun version, and I'm concerned that there
>> might be a perl script that ships with the OS that isn't compatibile
>> with /dcs/bin/perl.
>
>  If you looked closely at /usr/bin/perl, you would find it is a symlink 
> already.  It is perfectly acceptable on a Solaris system to replace this 
> symlink with another (/dcs/bin/perl, /usr/local/bin/perl, etc.).
>

   One of the things that I neglected to mention in this email, but should 
be important to you, is that perl scripts that ship with the OS will look 
for perl in /usr/perl5/bin/perl, so it is perfectly acceptable to replace 
the /usr/bin/perl symlink with whatever you choose (it is even anticipated 
that users will do this, so any link changes are preserved on upgrades).


rf

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From randyf at SIBERNET.COM  Sat Oct 22 04:46:12 2005
From: randyf at SIBERNET.COM (Randy Fishel)
Date: Thu Jan 12 21:31:00 2006
Subject: spam filtering ceased
Message-ID: <mailman.16203.1137101460.24926.mailscanner@lists.mailscanner.info>

On Mon, 17 Oct 2005, Jeff A. Earickson wrote:

> Hi,
>
> FWIW, when I cold-install Solaris 9 or 10 onto a system, I don't
> install either the SUNW perl packages, the SUNW sendmail package,
> or some other unwanted packages (like apache).  You don't need them for the 
> OS to work properly, and they are out-of-date relative to the public-domain 
> releases anyway.  Then I install the
> public-domain versions.

   Not to start a OS war/flame, but...

   To some extent, I can understand Apache, as it isn't a Sun supported 
product (at least not a seriously supported product), but not installing 
Perl could cause other problems, even if you symlink /usr/perl5/bin/perl 
to your own distribution, as Solaris programes that use perl expect 
/usr/perl5/bin/perl and and may well expect the Sun distributed 
components.  If you want your users or other apps to use your compiled 
Perl, replace /usr/bin/perl with yours, and leave the Solaris Perl intact.

   As for out-of-date, this isn't as true as it used to be, and the Solaris 
sendmail version is not only up-to-date, but is designed to work with all 
the components in Solaris that deal with smtp.  I understand the need to 
be on the bleeding edge, but if this is desireable _and_ stay with 
Solaris, why not just use OpenSolaris?  The Perl and Sendmail in 
OpenSolaris _are_ the most current stable versions (as are many other 
items, like Apache, Samba, etc.).

   On the other hand, these are your systems you can do as you please (but 
as I am curious as to why you use Solaris, and replace core items, feel 
free to contact me off-list and clue me in as to your reasoning).

rf

>
> Come on, be brave.  Do a "cp /dcs/bin/perl /dcs/bin/perl.orig" to
> CYA before replacing with a symlink.
>
> Jeff Earickson
> Colby College
>
> On Mon, 17 Oct 2005, Dan Stromberg wrote:
>
>> Date: Mon, 17 Oct 2005 12:08:59 -0700
>> From: Dan Stromberg <strombrg@DCS.NAC.UCI.EDU>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: spam filtering ceased
>> 
>> On Sun, 2005-10-16 at 11:20 +0100, Julian Field wrote:
>> 
>>> By default, MailScanner will always use /usr/bin/perl. But anything that
>>> looks for perl in your path may well pick up /dcs/bin/perl. Having these
>>> 2 different is very dangerous and the cause of a whole host of problems.
>>> Consider replacing /usr/bin/perl with a link to /dcs/bin/perl. And who
>>> put perl in /bin? It doesn't belong there.
>> 
>> Hi Julian.
>> 
>> Thanks for your comments.
>> 
>> I'm reluctant to replace /usr/bin/perl with a symlink to /dcs/bin/perl,
>> because /usr/bin/perl is the Sun version, and I'm concerned that there
>> might be a perl script that ships with the OS that isn't compatibile
>> with /dcs/bin/perl.
>> 
>> /bin and /usr/bin are the same directory usually on most Sun's.
>> 
>> Would it be sufficient to make sure the $PATH as known by MailScanner
>> does not include /dcs/bin/perl?
>> 
>> Thanks!
>> 
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>> 
>> Support MailScanner development - buy the book off the website!
>> 
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Oct 22 11:34:01 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16204.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 21/10/05, Leif Neland <mailscanner-user@neland.dk> wrote:
> >> It extracts the key alright, but it is not in a proper base64
> >> encoded .cer format
> >> It is the raw key.
> >>
> >> I.e. it lookes like this:
> >> 0M-^B^E00M-^B^D^X ^C^B^A^B^B^D?¼^B^@0^M^F
> >> *M-^FHM-^F÷^M^A^A^E^E^@011^K0   ^F^CU^D^F^S^BDK1^L0
> >> ^F^CU^D
> >> ^S^CTDC1^T0^R^F^CU^D^C^S^KTDC OCES
> >> CA0^^^W^M031227160115Z^W^M051227163115Z0s1^K0
> >> ^F^CU^D^F^S^BDK1)0'^F^CU^D
> >> ^S Ingen organisatorisk tilknytning190^R^F^CU^D^C^S^KLeif
> >> Neland0#^F^CU^D^E^S^\PID:9208-2002-2-6898543449640M-^AM-^_0^M^F
> >>
> >> But my .cer file looks like this:
> >> -----BEGIN CERTIFICATE-----
> >> MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzEMMAoGA1UE^M
> >> ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTEyMjcxNjMx^M
> >> MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB0aWxrbnl0^M
> >>
> >> Leif
> >>
> > Well that looks like they're stored in DER format. If you'd like them
> > as PEM, just use openssl x509 to convert them:
> > openssl x509 -in ./aaa.der -inform DER -out aaa.pem -outform PEM
>
> Not quite:
> -bash-2.05b# openssl x509 -in ./20051021000346-leif\@neland.dk -inform
> DER -out leif@neland.dk.cer -outform PEM
> unable to load certificate
> 27297:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
> tag:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:946:
> 27297:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1
> error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:304:Type=X509_CINF
> 27297:error:0D08303A:asn1 encoding routines:ASN1_TEMPLATE_D2I:nested asn1
> error:/usr/src/secure/lib/libcrypto/../../../crypto/openssl/crypto/asn1/tasn_dec.c:566:Field=cert_info,
> Type=X509
>
> Leif

Well then, either I'm completely off-base (wouldn't be the first
time... this week either:-) or there is something slightly wrong with
the "raw key". Perhaps in the "line boundary" department? Since you
have your cert as PEM already, you should be able to turn it into DER
and compare (cmp, hexdumping and diffing or whatever) to see where the
problems at... Or as said, I might be missinterpreting the file
completely:-).

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KevinS at BMRB.CO.UK  Sat Oct 22 14:20:47 2005
From: KevinS at BMRB.CO.UK (Spicer, Kevin)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16205.1137101460.24926.mailscanner@lists.mailscanner.info>

 -----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Glenn Steen
On 21/10/05, Leif Neland <mailscanner-user@neland.dk> wrote:
> >> But my .cer file looks like this:
> >> -----BEGIN CERTIFICATE-----
> >> MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzE
> >> MMAoGA1UE^M 
> >> ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTE
> >> yMjcxNjMx^M 
> >> MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB
> >> 0aWxrbnl0^M

> Well then, either I'm completely off-base (wouldn't be the first
time... this week either:-) or 
> there is something slightly wrong with the "raw key". Perhaps in the
"line boundary" department? 

Yes, theres dos line endings there (^M) that shouldn't be.  run the file
through dos2unix, or if you've not got that on your system...

perl -e 'while (<STDIN>)  { s/\r\n/\n/; print }' < old.cer > new.cer

=================================================================

BMRB 
http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Oct 22 15:27:06 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16206.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/10/05, Spicer, Kevin <KevinS@bmrb.co.uk> wrote:
>  -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Glenn Steen
> On 21/10/05, Leif Neland <mailscanner-user@neland.dk> wrote:
> > >> But my .cer file looks like this:
> > >> -----BEGIN CERTIFICATE-----
> > >> MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzE
> > >> MMAoGA1UE^M
> > >> ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTE
> > >> yMjcxNjMx^M
> > >> MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB
> > >> 0aWxrbnl0^M
>
> > Well then, either I'm completely off-base (wouldn't be the first
> time... this week either:-) or
> > there is something slightly wrong with the "raw key". Perhaps in the
> "line boundary" department?
>
> Yes, theres dos line endings there (^M) that shouldn't be.  run the file
> through dos2unix, or if you've not got that on your system...
>
> perl -e 'while (<STDIN>)  { s/\r\n/\n/; print }' < old.cer > new.cer
>
Only real risk with that on "raw binary data" is of course that you'll
sometimes perhaps truncate some CR/LF combinations that shouldn't be
truncated. Sigh. If the keys are mangled in some way by MS, it'd be
best if Jules took a look at it... Less margin for error (especially
compared to me looking, or worse... frobbbing:-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 22 17:20:01 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16207.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dhawal Doshy wrote:

> Luca Palazzo wrote:
>
>> Hi,
>> today i'm experiencing a really strange problem. A customer sends a
>> mail, spamassassin is confugured to whitelist the sender (and does it)
>> but the message is tagged as spam.
>> When I look at log files the line seems to be truncated:
>>
>> Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
>> from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is
>>
>> The output of mailscanner (configured in debug,foreground and
>> spamassassin debug) seem to be right.
>>
>> Any idea
>> Luca
>
>
> 82.53.230.146 is listed in spamhaus, cbl and others.. are you using 
> the "Spam List" option in MailScanner.conf? if yes, then most likely 
> this is the cause for marking the mail as spam.
>
> Also your spamassassin setup seems to be missing the Mail::SPF plugin 
> and you've not yet commented out the DCC and RAZOR related parts in 
> v310.pre.. If you do not intend on using them then comment the related 
> entries in spam.assassin.prefs.conf

You need to add the lines for things like the SURBL plugins as well. If 
you install SpamAssassin and ClamAV using my easy-install package, then 
it will have told you all the changes you need to make to v310.pre. 
Download and unpack my package and look at the "echo" commands at the 
end of the install.sh script. That will tell you everything you need to 
change in the file, and will significantly improve your spam 
identification rates.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1pmtBH2WUcUFbZUEQIAlwCfZbqppSkywc9+0+4GjzXspDlKvzQAnjMa
Fzja/jj6tAbGCZMBkRZSS8Zc
=pNc1
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 22 17:21:22 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: Sudden increase in untagged SPAM
Message-ID: <mailman.16208.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Ugo Bellavance wrote:

> Stanier, Alan M wrote:
>
>> Hi
>>
>> Over the last week or so (from the time we upgraded to spamassassin
>> 3.1.0) we have seen a large increase in SPAM the filters do not catch
>> and tag.
>>
>> Are other Universities seeing the same, or have we got a local problem?
>>
>> Thanks
>>
>> Alan Stanier
>> Essex University ISS
>>
>
> Razor and DCC are now disabled by default.
>
> Look in /etc/mail/spamassassin/v310.pre
>
> and uncomment respectively.  Make sure you understand their licences, 
> though.
>
And add the SURBL plugin lines as well. Look in the install.sh file in 
my easy-install ClamAV+SA package, and read the "echo" commands at the 
end of the file. This will tell you what you should have added. This 
will make a big difference to your spam spotting success rate.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1pnAhH2WUcUFbZUEQJHtgCg9EEiOzdZ1hHqrCvrvdNPRmywShcAoPB4
iOlQcI1xWXL86SAdCByAdEdM
=UgV/
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From kevins at BMRB.CO.UK  Sat Oct 22 18:47:48 2005
From: kevins at BMRB.CO.UK (Kevin Spicer)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16209.1137101460.24926.mailscanner@lists.mailscanner.info>

On Sat, 2005-10-22 at 16:27 +0200, Glenn Steen wrote:
> > > >> But my .cer file looks like this:
> > > >> -----BEGIN CERTIFICATE-----
> > > >> MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzE
> > > >> MMAoGA1UE^M
> > > >> ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTE
> > > >> yMjcxNjMx^M
> > > >> MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB
> > > >> 0aWxrbnl0^M
> > Yes, theres dos line endings there (^M) that shouldn't be.  run the file
> > through dos2unix, or if you've not got that on your system...
> >
> > perl -e 'while (<STDIN>)  { s/\r\n/\n/; print }' < old.cer > new.cer
> >
> Only real risk with that on "raw binary data" is of course that you'll
> sometimes perhaps truncate some CR/LF combinations that shouldn't be
> truncated. Sigh. If the keys are mangled in some way by MS, it'd be
> best if Jules took a look at it... Less margin for error (especially
> compared to me looking, or worse... frobbbing:-)

but the .cer file (as posted) isn't a binary file, its a text file
containing a base64 encoded version of the certificate.  And anyway
you'd of course try it with a copy of the original file anyway.

=================================================================

BMRB 
http://www.bmrb.co.uk
_________________________________________________________________
This message (and any attachment) is intended only for the 
recipient and may contain confidential and/or privileged 
material.  If you have received this in error, please contact the 
sender and delete this message immediately.  Disclosure, copying 
or other action taken in respect of this email or in 
reliance on it is prohibited.  BMRB Limited accepts no liability 
in relation to any personal emails, or content of any email which 
does not directly relate to our business.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 22 19:05:15 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16210.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kevin Spicer wrote:

>On Sat, 2005-10-22 at 16:27 +0200, Glenn Steen wrote:
>  
>
>>>>>>But my .cer file looks like this:
>>>>>>-----BEGIN CERTIFICATE-----
>>>>>>MIIFMDCCBBigAwIBAgIEP7wCADANBgkqhkiG9w0BAQUFADAxMQswCQYDVQQGEwJESzE
>>>>>>MMAoGA1UE^M
>>>>>>ChMDVERDMRQwEgYDVQQDEwtUREMgT0NFUyBDQTAeFw0wMzEyMjcxNjAxMTVaFw0wNTE
>>>>>>yMjcxNjMx^M
>>>>>>MTVaMHMxCzAJBgNVBAYTAkRLMSkwJwYDVQQKEyBJbmdlbiBvcmdhbmlzYXRvcmlzayB
>>>>>>0aWxrbnl0^M
>>>>>>            
>>>>>>
>>>Yes, theres dos line endings there (^M) that shouldn't be.  run the file
>>>through dos2unix, or if you've not got that on your system...
>>>
>>>perl -e 'while (<STDIN>)  { s/\r\n/\n/; print }' < old.cer > new.cer
>>>
>>>      
>>>
>>Only real risk with that on "raw binary data" is of course that you'll
>>sometimes perhaps truncate some CR/LF combinations that shouldn't be
>>truncated. Sigh. If the keys are mangled in some way by MS, it'd be
>>best if Jules took a look at it... Less margin for error (especially
>>compared to me looking, or worse... frobbbing:-)
>>    
>>
>
>but the .cer file (as posted) isn't a binary file, its a text file
>containing a base64 encoded version of the certificate.  And anyway
>you'd of course try it with a copy of the original file anyway.
>  
>
The code just prints a copy of the message part. If it is listed as 
being Base64 encoded, then it will be decoded into binary. Here is an 
example. The >> on the front is to stop your mail client trying to do 
anything clever with it.

The df file containing the body of the message:

 >> This message is in MIME format and has been PGP signed.
 >>
 >> --=_77bb10c7066681b3b5d8b6
 >> Content-Type: text/plain; charset="ISO-8859-1"
 >> Content-Disposition: inline
 >> Content-Transfer-Encoding: quoted-printable
 >>
 >> This test message has been signed with gpg.
 >>
 >> ------------------------------------------------
 >> This email was sent using IMP v4.0-cvs, part of
 >> the Horde suite of information management tools.
 >> http://horde.org/
 >>
 >>
 >> --=_77bb10c7066681b3b5d8b6
 >> Content-Type: application/pgp-signature
 >> Content-Description: PGP Digital Signature
 >> Content-Disposition: inline
 >> Content-Transfer-Encoding: 7bit
 >>
 >> -----BEGIN PGP SIGNATURE-----
 >> Version: GnuPG v1.0.6 (GNU/Linux)
 >> Comment: For info see http://www.gnupg.org
 >>
 >> iQEeBAAUAwAGBQI+c2+CAAoJEAGeOAZvxfKnu8oD/jeYukpT+KNIRjp6BwwSx5AY
 >> BNHgP2PhAMjOgmA+02xFr8VDmckJtkxudQ8d7WunX2cJ4efqusX7IUtrZ455G15V
 >> X9ax3yW6wKtpXSh2OMIp5MA3lbq1EfPRLBPmKEA7W1d8Li7pOmYzX8ibMDiom6aw
 >> LSFGsCDLvfVw47gQtnbOA/95TQdeFL7MfIMmrGnaPyR+8ffbWv3fa+56KWiqYHit
 >> ZtDClTVQfjub/PX6RaDrsUAjDDss/yQUc/LfLqffReKnVfGrfHUTorYdgXWETS+y
 >> stOeXI5m/xH4V6TO70QVM2WRSk+WhMTIyqu6QkSJ6qmzRSPT0S5a2KwAg5X3KzZd
 >> CA==
 >> =Ti9t
 >> -----END PGP SIGNATURE-----
 >>
 >> --=_77bb10c7066681b3b5d8b6--

And here is what it put in the output file:

 >>-----BEGIN PGP SIGNATURE-----
 >>Version: GnuPG v1.0.6 (GNU/Linux)
 >>Comment: For info see http://www.gnupg.org
 >>
 >>iQEeBAAUAwAGBQI+c2+CAAoJEAGeOAZvxfKnu8oD/jeYukpT+KNIRjp6BwwSx5AY
 >>BNHgP2PhAMjOgmA+02xFr8VDmckJtkxudQ8d7WunX2cJ4efqusX7IUtrZ455G15V
 >>X9ax3yW6wKtpXSh2OMIp5MA3lbq1EfPRLBPmKEA7W1d8Li7pOmYzX8ibMDiom6aw
 >>LSFGsCDLvfVw47gQtnbOA/95TQdeFL7MfIMmrGnaPyR+8ffbWv3fa+56KWiqYHit
 >>ZtDClTVQfjub/PX6RaDrsUAjDDss/yQUc/LfLqffReKnVfGrfHUTorYdgXWETS+y
 >>stOeXI5m/xH4V6TO70QVM2WRSk+WhMTIyqu6QkSJ6qmzRSPT0S5a2KwAg5X3KzZd
 >>CA==
 >>=Ti9t
 >> -----END PGP SIGNATURE-----

The rest of it is up to you. The original guy I wrote it for was quite 
happy with this. I would be interested to hear what information you can 
actually extract from this, and how.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1p/XBH2WUcUFbZUEQJtKwCgyon8zmBCsWYRvxwyJG52XnZdGG4AoNtD
qODi7YOHeWwtHgcBe8af4Tc9
=X3ga
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dmehler26 at woh.rr.com  Sat Oct 22 22:18:43 2005
From: dmehler26 at woh.rr.com (Dave)
Date: Thu Jan 12 21:31:00 2006
Subject: spam.assassin.prefs.conf vs. local.cf?
Message-ID: <mailman.16211.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,
What's the difference between the two files? I've seen docs that say add 
settings to one but not he other, some say both. I want to enable pyzor, 
dcc, and razor and have them start working. I'd also like to update my 
bayes, is the bayes database for v3.0 usable with 3.1? This install is on a 
freebsd 5.4 box.
Thanks.
Dave.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Sat Oct 22 23:01:19 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16212.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

>
> The rest of it is up to you. The original guy I wrote it for was quite
> happy with this. I would be interested to hear what information you
> can actually extract from this, and how.
>

Somebody on the clamav-list signs his messages with pgp.

That signature is extracted as ascii, but named 
20051021204337-clamav-users-bounces@lists.clamav.net

I wouldn't want to encrypt messages to the clamav-list with that.

So what the keys actually can be used to is a little vague...
Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Oct 22 23:04:21 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16213.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 22/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
(snipped a purely encoded example of key data)
Um, so where did Leifs decidedly binary data come from? Sorry for being dense.
Here's what he presented in an earlier mail:
>> It is the raw key.
>>
>> I.e. it lookes like this:
>> 0M-^B^E00M-^B^D^X ^C^B^A^B^B^D?¼^B^@0^M^F
>> *M-^FHM-^F÷^M^A^A^E^E^@011^K0   ^F^CU^D^F^S^BDK1^L0
>> ^F^CU^D
>> ^S^CTDC1^T0^R^F^CU^D^C^S^KTDC OCES
>> CA0^^^W^M031227160115Z^W^M051227163115Z0s1^K0
>> ^F^CU^D^F^S^BDK1)0'^F^CU^D
>> ^S Ingen organisatorisk tilknytning190^R^F^CU^D^C^S^KLeif
>> Neland0#^F^CU^D^E^S^\PID:9208-2002-2-6898543449640M-^AM-^_0^M^F
>>
>> But my .cer file looks like this:
>> -----BEGIN CERTIFICATE-----
>> MIIFMDCCBBigAwIBAgIEP7wC....

Well, the raw data definiterly "looks DER-ish to me, hence my followup
comment(s).
Am I missing something ibvious here?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sat Oct 22 23:06:07 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16214.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 23/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> Am I missing something ibvious here?
>
.... apart from obvious not starting with an "i":-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Oct 23 13:48:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16215.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glenn Steen wrote:

>On 23/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
>(snip)
>  
>
>>Am I missing something ibvious here?
>>
>>    
>>
>.... apart from obvious not starting with an "i":-)
>  
>
I assume he is not using text format for his 
signatures                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   !
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                       
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             !
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
. There are 3 or 4 different formats if I remember rightly (though of 
course I can't find the list right now).

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654



-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1uGlBH2WUcUFbZUEQJ9vACgsjVS/ka4OAQpWh2YQn1aQDWtVl0AoOCX
SIdIFz6KAkqS1hTGQxg1tALN
=2fsu
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From schweizer.martin at GMAIL.COM  Sun Oct 23 14:53:40 2005
From: schweizer.martin at GMAIL.COM (Martin Schweizer)
Date: Thu Jan 12 21:31:00 2006
Subject: White and black list
Message-ID: <mailman.16216.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello
I receive about 15'000 spam mails per day to any domain (for example
abc.com). But there are only about 30 real user e-mail addresses
behind this domain (for example info@, support@ etc.). Is there a
combination to filer out only the real e-mail addresses and drop the
others?

(The machine where MailScanner should work is not the machine where
the real mailserver lives. After proceeding MailScanner/Sendmail the
mails will be forwarded to a second mailserver)

Thank you in advance.

Regards,
--
Martin Schweizer
schweizer.martin@gmail.com
Fax: +41 55 243 33 22

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Oct 23 15:15:18 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: White and black list
Message-ID: <mailman.16217.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You need milter-ahead. Google for it, it checks what addresses are real 
valid addresses and only accepts mail for them. It caches the results 
and all sorts of things like that so that it works really fast.

Martin Schweizer wrote:

>Hello
>I receive about 15'000 spam mails per day to any domain (for example
>abc.com). But there are only about 30 real user e-mail addresses
>behind this domain (for example info@, support@ etc.). Is there a
>combination to filer out only the real e-mail addresses and drop the
>others?
>
>(The machine where MailScanner should work is not the machine where
>the real mailserver lives. After proceeding MailScanner/Sendmail the
>mails will be forwarded to a second mailserver)
>
>Thank you in advance.
>
>Regards,
>--
>Martin Schweizer
>schweizer.martin@gmail.com
>Fax: +41 55 243 33 22
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1ua+RH2WUcUFbZUEQI5EwCeLIg1zLMqNON3IiwWyOIN7WHwg3gAoOxv
bSL+cRtcoF+S+N2uut2MHCiv
=dtCN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Sun Oct 23 15:53:57 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:00 2006
Subject: E-mail encryption
Message-ID: <mailman.16218.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 23/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Glenn Steen wrote:
>
> >On 23/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
> >(snip)
> >
> >
> >>Am I missing something ibvious here?
> >>
> >>
> >>
> >.... apart from obvious not starting with an "i":-)
> >
> >
> I assume he is not using text format for his
> signatures                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   !
>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              !
>
>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              !
>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              !
>
>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              !
>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              !
>
>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              !
>
> . There are 3 or 4 different formats if I remember rightly (though of
> course I can't find the list right now).
>
> - --
> Julian Field
> www.MailScanner.info
(I presume there was something that got munged along the way there...
loads of nearly empty space:-)

Right, so what you're saying is that if the binary format is bad to
begin with, then MS can't really fix it. I can sympathize with that
position.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From luca.palazzo at NCE-ICT.IT  Sun Oct 23 19:34:25 2005
From: luca.palazzo at NCE-ICT.IT (Luca Palazzo)
Date: Thu Jan 12 21:31:00 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16219.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dhaway and Julian, thanks for tips.
I just corrected my mailscanner setup.
Whitelisting the sender in mailscanner rules works fine.

I've yet the problem of truncted log line not whitelisting it.

Oct 23 20:30:32 spamflt1 MailScanner[8114]: Message 72803152107.5A1CC
from 82.53.230.146 (XXXXXXX@XXXXXXXXX) to maXXXXXet.net is

it does not put in log file remaining info (spam and spam scores).

Thanks


Luca

Julian Field wrote:
> Dhawal Doshy wrote:
> 
> 
>>>Luca Palazzo wrote:
>>>
>>>
>>>>Hi,
>>>>today i'm experiencing a really strange problem. A customer sends a
>>>>mail, spamassassin is confugured to whitelist the sender (and does it)
>>>>but the message is tagged as spam.
>>>>When I look at log files the line seems to be truncated:
>>>>
>>>>Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
>>>>from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is
>>>>
>>>>The output of mailscanner (configured in debug,foreground and
>>>>spamassassin debug) seem to be right.
>>>>
>>>>Any idea
>>>>Luca
>>>
>>>
>>>82.53.230.146 is listed in spamhaus, cbl and others.. are you using 
>>>the "Spam List" option in MailScanner.conf? if yes, then most likely 
>>>this is the cause for marking the mail as spam.
>>>
>>>Also your spamassassin setup seems to be missing the Mail::SPF plugin 
>>>and you've not yet commented out the DCC and RAZOR related parts in 
>>>v310.pre.. If you do not intend on using them then comment the related 
>>>entries in spam.assassin.prefs.conf
> 
> 
> You need to add the lines for things like the SURBL plugins as well. If 
> you install SpamAssassin and ClamAV using my easy-install package, then 
> it will have told you all the changes you need to make to v310.pre. 
> Download and unpack my package and look at the "echo" commands at the 
> end of the install.sh script. That will tell you everything you need to 
> change in the file, and will significantly improve your spam 
> identification rates.
> 

- --

Luca Palazzo
System Engineer

N.C.E.  Network Consulting Engineering s.r.l.
Via Etnea, 52 - 95028 Valverde (CT) - ITALY
Tel/Fax: +39 095 524190
Mobile: +39 340 4608689
web: www.nce-ict.it
mail: luca.palazzo@nce-ict.it
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDW9exFU0TB0V8iHsRAtlFAJ4n/8T7r5xjPw6cNSgcTjEdiMHQLQCgvO5t
tlLTbmNOe4MZt7LKRiUSUcE=
=H0IK
-----END PGP SIGNATURE-----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sun Oct 23 19:46:44 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16220.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Have you tried the latest beta? I think you will find I have already 
fixed this.

Luca Palazzo wrote:

>* PGP Signed by an unknown key: 10/23/05 at 19:34:25
>
>Dhaway and Julian, thanks for tips.
>I just corrected my mailscanner setup.
>Whitelisting the sender in mailscanner rules works fine.
>
>I've yet the problem of truncted log line not whitelisting it.
>
>Oct 23 20:30:32 spamflt1 MailScanner[8114]: Message 72803152107.5A1CC
>from 82.53.230.146 (XXXXXXX@XXXXXXXXX) to maXXXXXet.net is
>
>it does not put in log file remaining info (spam and spam scores).
>
>Thanks
>
>
>Luca
>
>Julian Field wrote:
>  
>
>>Dhawal Doshy wrote:
>>
>>
>>    
>>
>>>>Luca Palazzo wrote:
>>>>
>>>>
>>>>        
>>>>
>>>>>Hi,
>>>>>today i'm experiencing a really strange problem. A customer sends a
>>>>>mail, spamassassin is confugured to whitelist the sender (and does it)
>>>>>but the message is tagged as spam.
>>>>>When I look at log files the line seems to be truncated:
>>>>>
>>>>>Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
>>>>>          
>>>>>
>>>>>from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is
>>>>        
>>>>
>>>>>The output of mailscanner (configured in debug,foreground and
>>>>>spamassassin debug) seem to be right.
>>>>>
>>>>>Any idea
>>>>>Luca
>>>>>          
>>>>>
>>>>82.53.230.146 is listed in spamhaus, cbl and others.. are you using 
>>>>the "Spam List" option in MailScanner.conf? if yes, then most likely 
>>>>this is the cause for marking the mail as spam.
>>>>
>>>>Also your spamassassin setup seems to be missing the Mail::SPF plugin 
>>>>and you've not yet commented out the DCC and RAZOR related parts in 
>>>>v310.pre.. If you do not intend on using them then comment the related 
>>>>entries in spam.assassin.prefs.conf
>>>>        
>>>>
>>You need to add the lines for things like the SURBL plugins as well. If 
>>you install SpamAssassin and ClamAV using my easy-install package, then 
>>it will have told you all the changes you need to make to v310.pre. 
>>Download and unpack my package and look at the "echo" commands at the 
>>end of the install.sh script. That will tell you everything you need to 
>>change in the file, and will significantly improve your spam 
>>identification rates.
>>
>>    
>>
>
>--
>
>Luca Palazzo
>System Engineer
>
>N.C.E.  Network Consulting Engineering s.r.l.
>Via Etnea, 52 - 95028 Valverde (CT) - ITALY
>Tel/Fax: +39 095 524190
>Mobile: +39 340 4608689
>web: www.nce-ict.it
>mail: luca.palazzo@nce-ict.it
>
>* Unknown Key
>* 0x457C887B (L)
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1valRH2WUcUFbZUEQJOKQCeIfEdeRWs+3+YNJvCj5g5XwrGZ0QAoLHc
mn+w0klYBNWEJQx3I8jZn569
=7Zzs
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From deanm at SKYNETMOBILE.COM  Sun Oct 23 22:29:52 2005
From: deanm at SKYNETMOBILE.COM (Dean Maunder)
Date: Thu Jan 12 21:31:00 2006
Subject: Not scanning zip/rar files
Message-ID: <mailman.16221.1137101460.24926.mailscanner@lists.mailscanner.info>

 Ive found that unrar dosent seem to be working due to some libstdc++
dependancies, but I will fix that later, for now if I can get it to scan
inside zip files that will be fine.
Heres my MailScanner -v which shows the version of Archive::Zip

Running on
Linux smcdnsmail01 2.6.13-1.1532_FC4smp #1 SMP Thu Oct 20 01:51:51 EDT
2005 i686
 i686 i386 GNU/Linux
This is Fedora Core release 4 (Stentz)
This is Perl version 5.008006 (5.8.6)

This is MailScanner version 4.46.2
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.810   DB_File
1.10    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.10    Digest::SHA1
0.44    Inline
0.17    Mail::ClamAV
3.001000        Mail::SpamAssassin
1.997   Mail::SPF::Query
0.15    Net::CIDR::Lite
0.48    Net::DNS
0.33    Net::LDAP
1.94    Parse::RecDescent
missing SAVI
1.2     Sys::Hostname::Long
2.42    Test::Harness
0.6     Test::Simple
1.95    Text::Balanced
1.35    URI

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
Sent: Friday, 21 October 2005 9:11 PM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Not scanning zip/rar files

Start be ensuring that the new box has unrar installed.
Does "MailScanner -v" list a version number for Archive::Zip?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From deanm at SKYNETMOBILE.COM  Sun Oct 23 23:39:46 2005
From: deanm at SKYNETMOBILE.COM (Dean Maunder)
Date: Thu Jan 12 21:31:00 2006
Subject: Not scanning zip/rar files
Message-ID: <mailman.16222.1137101460.24926.mailscanner@lists.mailscanner.info>

 Please excuse my stupidity, I just realized that MailScanner uses unrar
for all zip files...I resolved the unmet dependancies and all is
fine..thanks Julian for pointing me in the right direction.

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Dean Maunder
Sent: Monday, 24 October 2005 7:30 AM
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: Re: Not scanning zip/rar files

 Ive found that unrar dosent seem to be working due to some libstdc++
dependancies, but I will fix that later, for now if I can get it to scan
inside zip files that will be fine.
Heres my MailScanner -v which shows the version of Archive::Zip
<--snip...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 09:06:12 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16223.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What do you think of this:
http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html

Better or worse than the original?

What are your thoughts?

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From MailScanner at ecs.soton.ac.uk  Mon Oct 24 09:09:13 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll2: Another new logo
Message-ID: <mailman.16224.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

And how about this variation?
http://www.sng.ecs.soton.ac.uk/mailscanner/index.new2.html


-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From raymond at PROLOCATION.NET  Mon Oct 24 09:08:48 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16225.1137101460.24926.mailscanner@lists.mailscanner.info>

Hi!

>
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
>
> Better or worse than the original?
>
> What are your thoughts?

I like the old one better. Straight forward and explains more what its 
doing with the shield.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Mon Oct 24 09:11:57 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16226.1137101460.24926.mailscanner@lists.mailscanner.info>

Jules

Initial thoughts are to prefer the current shield one..

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Julian Field
> Sent: 24 October 2005 09:06
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Poll: New logo
> 
> What do you think of this:
> 
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
> 
> 
> Better or worse than the original?
> 
> 
> What are your thoughts?
> 
> 
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Mon Oct 24 09:15:43 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16227.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Raymond Dijkxhoorn wrote:
> Hi!
> 
>>
>> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
>>
>> Better or worse than the original?
>>
>> What are your thoughts?
> 
> 
> I like the old one better. Straight forward and explains more what its 
> doing with the shield.
> 

I second that pov, the old one is better. Plus i didn't like the font on 
the new one.

- dhawal
 
**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, please
notify the sender by e-mail requesting deletion of the original message.
Further, you are not to copy, disclose, or distribute this e-mail or its
contents to any other person and any such actions are unlawful. NetMagic
Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the risk
of virus infection & spam, but is not liable for any damage, you may sustain
as a result of any virus in this e-mail. You should carry out your own virus
checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd.
reserves the right to monitor and review the content of all messages sent to
or from this e-mail address.

Messages sent to or from this e-mail address may be stored on the NetMagic
Solutions Pvt. Ltd.'s e-mail system.
***************** End of Disclaimer *******************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Oct 24 09:37:59 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll2: Another new logo
Message-ID: <mailman.16228.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Mon, October 24, 2005 09:09, Julian Field wrote:
> And how about this variation?
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new2.html

Hi Jules

I would still keep the shield but perhaps re-work the old font. Perhaps
run 'MailScanner' with the trailing black 'envelope moving' lines  (Sort
of underneath) with the point of the shield seperating Mail & Scanner?

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Oct 24 09:39:42 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16229.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 24/10/05, Dhawal Doshy <dhawal@netmagicsolutions.com> wrote:
> Raymond Dijkxhoorn wrote:
> > Hi!
> >
> >>
> >> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
> >>
> >> Better or worse than the original?
> >>
> >> What are your thoughts?
> >
> >
> > I like the old one better. Straight forward and explains more what its
> > doing with the shield.
> >
>
> I second that pov, the old one is better. Plus i didn't like the font on
> the new one.
>
> - dhawal
>

I second that seconding.... (is that a thirding then?:-).
Why would you need a new one anyway? The old one carries a bit of the
all-powerful "... oh right, that's MailScanner ..." magic... "Brand
identity" or whatever the marketing people would say:)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From smf at F2S.COM  Mon Oct 24 09:42:33 2005
From: smf at F2S.COM (Steve Freegard)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16230.1137101460.24926.mailscanner@lists.mailscanner.info>

Hi Julian,

On Mon, 2005-10-24 at 10:08 +0200, Raymond Dijkxhoorn wrote:
> Hi!
> 
> >
> > http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
> >
> > Better or worse than the original?
> >
> > What are your thoughts?
> 
> I like the old one better. Straight forward and explains more what its 
> doing with the shield.
> 

I'll second that.

Cheers,
Steve.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Mon Oct 24 10:10:01 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16231.1137101460.24926.mailscanner@lists.mailscanner.info>

The original logo is fine

Besides, if you change the logo I'll have to change all my polo shirts :)



Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Mon Oct 24 10:41:41 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll: New logo
Message-ID: <mailman.16232.1137101460.24926.mailscanner@lists.mailscanner.info>

Michele

Hmm that's prob one of the reasons.. ;-)

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Michele Neylon :: Blacknight Solutions
> Sent: 24 October 2005 10:10
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] Poll: New logo
> 
> The original logo is fine
> 
> Besides, if you change the logo I'll have to change all my polo shirts :)
> 
> 
> 
> Mr Michele Neylon
> Blacknight Solutions
> Quality Business Hosting & Colocation
> http://www.blacknight.ie/
> Tel. 1850 927 280
> Intl. +353 (0) 59  9183072
> UK: 0870 163 0607
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 59  9164239
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From tsousa at REIT.UP.PT  Mon Oct 24 11:35:42 2005
From: tsousa at REIT.UP.PT (Teresa S.)
Date: Thu Jan 12 21:31:00 2006
Subject: What to do with spam question.
Message-ID: <mailman.16233.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

i'm sorry if this have already been asked here, but i don't Know how to make a
rule for "What to do with spam" section of MailScanner.conf. I need to make
something like this:
To:  user1@mydomain.pt  deliver
FromOrTo:  default      store notify
Can i make this?

Thanks.



-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Chris.Russell at KNOWLEDGEIT.CO.UK  Mon Oct 24 11:54:52 2005
From: Chris.Russell at KNOWLEDGEIT.CO.UK (Chris Russell)
Date: Thu Jan 12 21:31:00 2006
Subject: What to do with spam question.
Message-ID: <mailman.16234.1137101460.24926.mailscanner@lists.mailscanner.info>

 You may want to buy the book .... Or read the manual.


 Create a ruleset for the High Scoring Spam and Spam Rules eg:
  
High Scoring Spam Actions = %rules-dir%/spam.actions.rules
Spam Actions = %rules-dir%/spam.actions.rules

 And put your rules in those two files.

Ta

Chris


 

-----Original Message-----
From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Teresa S.
Sent: 24 October 2005 11:36
To: MAILSCANNER@JISCMAIL.AC.UK
Subject: What to do with spam question.

Hi,

i'm sorry if this have already been asked here, but i don't Know how to
make a rule for "What to do with spam" section of MailScanner.conf. I
need to make something like this:
To:  user1@mydomain.pt  deliver
FromOrTo:  default      store notify
Can i make this?

Thanks.



-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

------------------------ MailScanner list ------------------------ To
unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and dangerous content by the
Nexent Internet Anti Virus and Spam Tagging Service and is believed to
be clean.






The contents of this e-mail may be privileged and are confidential.
It may not be disclosed to or used by anyone other than the addressee(s), nor copied in any way. Any views or opinions presented are solely those of the author and do not necessarily represent those of Knowledge Limited.

If received in error, please advise the sender, then delete it from your system.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From tsousa at REIT.UP.PT  Mon Oct 24 12:27:49 2005
From: tsousa at REIT.UP.PT (Teresa S.)
Date: Thu Jan 12 21:31:00 2006
Subject: What to do with spam question.
Message-ID: <mailman.16235.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It's not a question of reading the manual, because i have already done that.
Once, one year ago, a tried to make a rule where the third argument of a rule,
the result, was not "yes", "no" or a filename but a sequence of values and i
got errors when starting mailscanner.
I was asking if putting in MailScanner.conf:
..
Spam Actions = %rules-dir%/SpamActions.rules
..
and creating a file SpamActions.rules with
To:  user1@mydomain.pt  deliver
FromOrTo:  default      store notify
was correct.

Thanks.

---------------------------------------------------------------------------
Citando Chris Russell <Chris.Russell@KNOWLEDGEIT.CO.UK>:

>  You may want to buy the book .... Or read the manual.
>
>
>  Create a ruleset for the High Scoring Spam and Spam Rules eg:
>
> High Scoring Spam Actions = %rules-dir%/spam.actions.rules
> Spam Actions = %rules-dir%/spam.actions.rules
>
>  And put your rules in those two files.
>
> Ta
>
> Chris
>
>
>
>
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Teresa S.
> Sent: 24 October 2005 11:36
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: What to do with spam question.
>
> Hi,
>
> i'm sorry if this have already been asked here, but i don't Know how to
> make a rule for "What to do with spam" section of MailScanner.conf. I
> need to make something like this:
> To:  user1@mydomain.pt  deliver
> FromOrTo:  default      store notify
> Can i make this?
>
> Thanks.
>
>
>
> -------------------------------------------------
> This mail sent through IMP: http://horde.org/imp/
>
> ------------------------ MailScanner list ------------------------ To
> unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and the
> archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>
> --
> This message has been scanned for viruses and dangerous content by the
> Nexent Internet Anti Virus and Spam Tagging Service and is believed to
> be clean.
>
>
>
>
>
>
> The contents of this e-mail may be privileged and are confidential.
> It may not be disclosed to or used by anyone other than the addressee(s), nor
> copied in any way. Any views or opinions presented are solely those of the
> author and do not necessarily represent those of Knowledge Limited.
>
> If received in error, please advise the sender, then delete it from your
> system.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>




-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Mon Oct 24 13:26:54 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll2: Another new logo
Message-ID: <mailman.16236.1137101460.24926.mailscanner@lists.mailscanner.info>

Julian,
    I like the old one with the shield better.  The lightening
bolt in the new logo says "my product will zap your email into
oblivion".  Not the right message, unless you are talking to
the spammers out there. :)

Jeff Earickson
Colby College

On Mon, 24 Oct 2005, Julian Field wrote:

> Date: Mon, 24 Oct 2005 09:09:13 +0100
> From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Poll2: Another new logo
> 
> And how about this variation?
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new2.html
>
>
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From anders.andersson at LTKALMAR.SE  Mon Oct 24 13:58:10 2005
From: anders.andersson at LTKALMAR.SE (Anders Andersson, IT)
Date: Thu Jan 12 21:31:00 2006
Subject: Poll2: Another new logo
Message-ID: <mailman.16237.1137101460.24926.mailscanner@lists.mailscanner.info>

I prefer the old one, softer and more easy on the eye


>From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
Behalf Of Julian Field
>Sent: Monday, October 24, 2005 10:09 AM
>To: MAILSCANNER@JISCMAIL.AC.UK
>Subject: Poll2: Another new logo
>
>
>And how about this variation? 
>
>http://www.sng.ecs.soton.ac.uk/mailscanner/index.new2.html

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pete at ENITECH.COM.AU  Mon Oct 24 14:26:09 2005
From: pete at ENITECH.COM.AU (Pete Russell)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo - worse
Message-ID: <mailman.16238.1137101460.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> What do you think of this:
> 
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
> 
> Better or worse than the original?
> 
> What are your thoughts?
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store 
> <http://www.MailScanner.info/store>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Mon Oct 24 14:25:57 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll2: Another new logo
Message-ID: <mailman.16239.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
      And how about this variation?
http://www.sng.ecs.soton.ac.uk/mailscanner/index.new2.html

I'm with everybody else I prefer the old one. But I will say I didn't
really get the old one until you put up the proposed changes. I must say,
that the old logo makes more sense to me.... now!!!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From alex at NKPANAMA.COM  Mon Oct 24 14:47:08 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16240.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Like the existing one better.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Mon Oct 24 15:03:44 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16241.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

What is lacking in the current logo?

I for one am tired of the "New and Improved! WOW!!" mindset that seems 
so prevalent today. I don't want new packaging, new features, new 
anything. I want mature/stable/expected behavior. I will not become 
disappointed if a day goes by without an increment in the version number.

The longer a logo is used, the more familiar it becomes. I know the 
MailScanner logo, I recognize it instantly, it is a comforting feeling.

I vote keep it.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Mon Oct 24 15:22:01 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16242.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

> What do you think of this:
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
>
> Better or worse than the original?
>
> What are your thoughts?
>

Julian,

I think the new one gives a sense of power that the old one hadn't, 
which is good.  I also think the envelope is less visible, which is bad.

The others seemed to like the shield on the old one.  Since there were 
no knights in Canada's history, I didn't realize it was a shield... I 
thought it was some road sign (I think they have similar road signs in 
the US).

I guess I prefer the new one, but not by much.  The font is better (the 
old one had an old typewriter style).

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Mon Oct 24 15:25:07 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll2: Another new logo
Message-ID: <mailman.16243.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

> And how about this variation?
>
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new2.html
>
>

Couldn't you make the ligthtning bolt less intrusive?

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045



------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "S/MIME Cryptographic Signature"  ]
    [ Application/X-PKCS7-SIGNATURE  4.4KB. ]
    [ Unable to print this part. ]


From ryan at MARINOCRANE.COM  Mon Oct 24 15:39:45 2005
From: ryan at MARINOCRANE.COM (Ryan Pitt)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16244.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I concur counselor....

Ryan

DAve wrote:
> What is lacking in the current logo?
> 
> I for one am tired of the "New and Improved! WOW!!" mindset that seems 
> so prevalent today. I don't want new packaging, new features, new 
> anything. I want mature/stable/expected behavior. I will not become 
> disappointed if a day goes by without an increment in the version number.
> 
> The longer a logo is used, the more familiar it becomes. I know the 
> MailScanner logo, I recognize it instantly, it is a comforting feeling.
> 
> I vote keep it.
> 
> DAve
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From david at GRECCOCONSULTING.COM  Mon Oct 24 15:37:10 2005
From: david at GRECCOCONSULTING.COM (David Grecco)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16245.1137101461.24926.mailscanner@lists.mailscanner.info>

Hey Julian... I think the existing logo is great.  I wouldn't change it
(just my 2 cents)...

-----Original Message-----
From: owner-mailscanner@jiscmail.ac.uk
[mailto:owner-mailscanner@jiscmail.ac.uk] On Behalf Of Ryan Pitt
Sent: Monday, October 24, 2005 9:40 AM
To: MailScanner mailing list
Subject: Re: Poll: New logo

I concur counselor....

Ryan

DAve wrote:
> What is lacking in the current logo?
> 
> I for one am tired of the "New and Improved! WOW!!" mindset that seems

> so prevalent today. I don't want new packaging, new features, new 
> anything. I want mature/stable/expected behavior. I will not become 
> disappointed if a day goes by without an increment in the version
number.
> 
> The longer a logo is used, the more familiar it becomes. I know the 
> MailScanner logo, I recognize it instantly, it is a comforting
feeling.
> 
> I vote keep it.
> 
> DAve
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

-- 
This message has been scanned for
viruses and dangerous content by
the GCS SMTP Secure Gateway,
and is believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabellino at DI.UNITO.IT  Mon Oct 24 15:42:34 2005
From: rabellino at DI.UNITO.IT (Rabellino Sergio)
Date: Thu Jan 12 21:31:01 2006
Subject: Best practice
Message-ID: <mailman.16246.1137101461.24926.mailscanner@lists.mailscanner.info>

I prefer the old one.

Maybe a layout change could lead to a better web interface, (portal like ?).

-- 
Dott. Mag. Sergio Rabellino 

 Technical Staff
 Department of Computer Science
 University of Torino (Italy)

http://www.di.unito.it/~rabser
Tel. +39-0116706701
Fax. +39-011751603

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From qgiesbrecht at SNJ.MB.CA  Mon Oct 24 15:45:23 2005
From: qgiesbrecht at SNJ.MB.CA (Quintin Giesbrecht)
Date: Thu Jan 12 21:31:01 2006
Subject: Spamassassin Timeouts
Message-ID: <mailman.16247.1137101461.24926.mailscanner@lists.mailscanner.info>

Does anyone have any ideas why Spamassassin would suddenly start timing out?  I have set the timeout to 600 and Max Children to 3.  It still times out - I have made no changes to the box in weeks.  This started 3 days ago.

Thanks for any help with this.

Quintin Giesbrecht
IT Manager
Smith Neufeld Jodoin LLP

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Mon Oct 24 16:04:00 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:01 2006
Subject: Spamassassin Timeouts
Message-ID: <mailman.16248.1137101461.24926.mailscanner@lists.mailscanner.info>

Quintin Giesbrecht <> said on 24 October 2005 15:45:

> Does anyone have any ideas why Spamassassin would suddenly start
> timing out?  I have set the timeout to 600 and Max Children to 3.  It
> still times out - I have made no changes to the box in weeks.  This
> started 3 days ago.   
> 
> Thanks for any help with this.

Have a look on the WIKI and in the mail archives. SA timeouts have been
discussed quite a bit in the past, which might be a good starting point for
you



Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Mon Oct 24 16:05:33 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16249.1137101461.24926.mailscanner@lists.mailscanner.info>

How about a compromise?

Keep the existing logo. Use the new logo for some new things and let people
choose to use whichever logo they are happy with?

Or did I miss something?

It's not like Spam Assassin that had a hideous logo until the redesign last
year

Just my 2 cents

M


Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
UK: 0870 163 0607
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jstork at pbco.ca  Mon Oct 24 16:20:29 2005
From: jstork at pbco.ca (Johnny Stork)
Date: Thu Jan 12 21:31:01 2006
Subject: Warnings on lint test
Message-ID: <mailman.16250.1137101461.24926.mailscanner@lists.mailscanner.info>

I have a clean RHES 4 install and the latest Mailscanner. I just went
through the installs for razor, payzor and dcc but get these warnings on
the lint test for spamassassin? The paths and settings below seem fine in
the config file so I dont know whats causing these?

[20054] warn: config: failed to parse line, skipping: dcc_path
/usr/local/bin/dccproc
[20054] warn: config: failed to parse line, skipping: razor_timeout 10
[20054] warn: config: warning: score set for non-existent rule
RCVD_IN_RSL

_______________________________
Johnny Stork
Information & Technology Manager
Provincial Blood Coordinating Office
604-806-8840
NOTE: My email address has been changed to jstork@pbco.ca.
A reply to this email will go to the new address.
Please update your contact list. Thank You

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From mkettler at EVI-INC.COM  Mon Oct 24 16:28:52 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:01 2006
Subject: Warnings on lint test
Message-ID: <mailman.16251.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Johnny Stork wrote:
> I have a clean RHES 4 install and the latest Mailscanner. I just went
> through the installs for razor, payzor and dcc but get these warnings on
> the lint test for spamassassin? The paths and settings below seem fine
> in the config file so I dont know whats causing these?
> 
> [20054] warn: config: failed to parse line, skipping: dcc_path
> /usr/local/bin/dccproc
> [20054] warn: config: failed to parse line, skipping: razor_timeout 10

Razor and DCC are now plugins with SA 3.1.0 and are disabled by default.

Per the UPGRADE document in SA 3.1.0:

- Due to license restrictions the DCC and Razor2 plugins are disabled
  by default.  We encourage you to read the appropriate license
  yourself and decide if you are able to re-enable the plugins for
  your site.

You can find the plugin commands in /etc/mail/spamassassin/v310.pre


> [20054] warn: config: warning: score set for non-existent rule RCVD_IN_RSL

RCVD_IN_RSL no longer exists in SA 3.1.0, because the RBL went down. Remove the
"score" command for it from your spam.assassin.prefs.conf.

(Julian added a "score RCVD_IN_RSL 0" to disable this RBL automatically for
users of SA 3.0.x, but it's now obsolete)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Mon Oct 24 16:43:43 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16252.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon :: Blacknight Solutions wrote:
> How about a compromise?
> 
> Keep the existing logo. Use the new logo for some new things and let people
> choose to use whichever logo they are happy with?
> 
> Or did I miss something?
> 
> It's not like Spam Assassin that had a hideous logo until the redesign last
> year
> 
> Just my 2 cents
> 
> M
> 

Multiple logos is a bad thing, it promotes brand dilution. Ideally a 
brand should be easily recognizable, even in a single color. Think 
Mercedes, Chevrolet, Nike. These brands are recognized all over the 
world. The name is not important, people will identify the logo on 
sight. They are constants and well known.

Consider this, a fantastic review of MailScanner is written. Potential 
customers read the review and enthusiastically decide to download and 
try the product. When they follow the link from the review, they see a 
different logo. Any confidence in MailScanner that they had from the 
review could be lost when the link takes them to a website with a 
different logo/colors.

"Is this the same product that was reviewed? I don't know".

Just my thoughts, nothing more.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From joost at WAVERSVELD.NL  Mon Oct 24 16:45:03 2005
From: joost at WAVERSVELD.NL (Joost Waversveld)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16253.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I don't think it is wise to have two logo's... It can cause confusion....

I would keep it by the old one... Just my 2 cents...


> How about a compromise?
>
> Keep the existing logo. Use the new logo for some new things and let people
> choose to use whichever logo they are happy with?
>
> Or did I miss something?
>
> It's not like Spam Assassin that had a hideous logo until the redesign last
> year
>
> Just my 2 cents
>
> M
>
>
> Mr Michele Neylon
> Blacknight Solutions
> Quality Business Hosting & Colocation
> http://www.blacknight.ie/
> Tel. 1850 927 280
> Intl. +353 (0) 59  9183072
> UK: 0870 163 0607
> Direct Dial: +353 (0)59 9183090
> Fax. +353 (0) 59  9164239
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 17:23:22 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo -- concepts
Message-ID: <mailman.16254.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

What would anyone think of the old logo with the new text font?

I agree with someone's thought that the text looks like an old 
typewriter. But maybe age ==> stability ==> reliability? (==> is "implies")

The MailScanner logo has to say "reliable and trustworthy" as well as 
"safe and speedy" which is what the shield device implies at the moment. 
Is "new and zippy" compatible with "reliable and trustworthy"? Is "new" 
even a concept we should consider at all? "Old" ==> "staid and solid and 
traditional".

It's all about working out what graphics imply what concepts, and what 
concept we want to associate with MailScanner, and more importantly what 
concepts we do *not* want to associate with it.

I have no training in marketing, but I think this is the basic idea.

Joost Waversveld wrote:

> I don't think it is wise to have two logo's... It can cause confusion....
>
> I would keep it by the old one... Just my 2 cents...
>
>
>> How about a compromise?
>>
>> Keep the existing logo. Use the new logo for some new things and let 
>> people
>> choose to use whichever logo they are happy with?
>>
>> Or did I miss something?
>>
>> It's not like Spam Assassin that had a hideous logo until the 
>> redesign last
>> year
>>
>> Just my 2 cents
>>
>> M
>>
>>
>> Mr Michele Neylon
>> Blacknight Solutions
>> Quality Business Hosting & Colocation
>> http://www.blacknight.ie/
>> Tel. 1850 927 280
>> Intl. +353 (0) 59  9183072
>> UK: 0870 163 0607
>> Direct Dial: +353 (0)59 9183090
>> Fax. +353 (0) 59  9164239
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10KexH2WUcUFbZUEQJ5xQCg3qrS4bwd/YQ0SjnQtfs9Fi1Gyt8Anjgu
0NgZZ/pcR17SEGysi7p3uGaT
=btcg
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 17:28:26 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Warnings on lint test
Message-ID: <mailman.16255.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matt Kettler wrote:

>Johnny Stork wrote:
>  
>
>>I have a clean RHES 4 install and the latest Mailscanner. I just went
>>through the installs for razor, payzor and dcc but get these warnings on
>>the lint test for spamassassin? The paths and settings below seem fine
>>in the config file so I dont know whats causing these?
>>
>>[20054] warn: config: failed to parse line, skipping: dcc_path
>>/usr/local/bin/dccproc
>>[20054] warn: config: failed to parse line, skipping: razor_timeout 10
>>    
>>
>
>Razor and DCC are now plugins with SA 3.1.0 and are disabled by default.
>
>Per the UPGRADE document in SA 3.1.0:
>
>- Due to license restrictions the DCC and Razor2 plugins are disabled
>  by default.  We encourage you to read the appropriate license
>  yourself and decide if you are able to re-enable the plugins for
>  your site.
>
>You can find the plugin commands in /etc/mail/spamassassin/v310.pre
>
>
>  
>
>>[20054] warn: config: warning: score set for non-existent rule RCVD_IN_RSL
>>    
>>
>
>RCVD_IN_RSL no longer exists in SA 3.1.0, because the RBL went down. Remove the
>"score" command for it from your spam.assassin.prefs.conf.
>
>(Julian added a "score RCVD_IN_RSL 0" to disable this RBL automatically for
>users of SA 3.0.x, but it's now obsolete)
>  
>
If people would use my easy-to-install ClamAV + SA installation package, 
they wouldn't be asking this question over and over again.

The end of the install.sh script tells you to do this lot:

  echo 'Now go and find your init.pre file, which may well be in the'
  echo '/etc/mail/spamassassin directory. You need to save a copy of'
  echo 'your old init.pre file and rename the v310.pre file to init.pre'
  echo
  echo 'You then need to edit the new init.pre file and uncomment'
  echo '(remove the #) the loadplugin lines for DCC and Razor2.'

(You don't actually need to rename it I discovered recently. Working 
with v310.pre is just fine)

echo 'Also add these lines to the end of it:'
echo 'loadplugin Mail::SpamAssassin::Plugin::RelayCountry'
echo 'loadplugin Mail::SpamAssassin::Plugin::SPF'
echo 'loadplugin Mail::SpamAssassin::Plugin::URIDNSBL'

Just fixing the comments for DCC and Razor2 is not enough, you will miss 
3 more plugins, at least 1 of which is *very* important (URIDNSBL).

Can someone make sure this is in the wiki please? This is currently the 
most asked question.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10LqxH2WUcUFbZUEQJx7gCfeB2uwZfFbuCL9eHlbVQZ0NfYWP0AnR/e
FVEF9MYKHnCthovQyIuFojEV
=6C3K
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Oct 24 17:41:57 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo -- concepts
Message-ID: <mailman.16256.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 24/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What would anyone think of the old logo with the new text font?
>
> I agree with someone's thought that the text looks like an old
> typewriter. But maybe age ==> stability ==> reliability? (==> is "implies")

Yes. As in "Yes, it 'inspires' that". Leave the whizbang things to the kids:-).
I might be terribly oldfashioned, but I actually like the *whole* old
logo... Including ref to the website.

>
> The MailScanner logo has to say "reliable and trustworthy" as well as
> "safe and speedy" which is what the shield device implies at the moment.
> Is "new and zippy" compatible with "reliable and trustworthy"? Is "new"
> even a concept we should consider at all? "Old" ==> "staid and solid and
> traditional".
>
> It's all about working out what graphics imply what concepts, and what
> concept we want to associate with MailScanner, and more importantly what
> concepts we do *not* want to associate with it.

old logo:
Shield == Security
"lines" == speed
"the rest" == info on what it is about (aha, mail protection) and
where to get it ... And what it's named.

I don't see the new ones as carrying much of that:-).

> I have no training in marketing, but I think this is the basic idea.
>
> Joost Waversveld wrote:
>
> > I don't think it is wise to have two logo's... It can cause confusion....
> >
> > I would keep it by the old one... Just my 2 cents...
> >
> >
> >> How about a compromise?
> >>
> >> Keep the existing logo. Use the new logo for some new things and let
> >> people
> >> choose to use whichever logo they are happy with?
> >>
> >> Or did I miss something?
> >>
> >> It's not like Spam Assassin that had a hideous logo until the
> >> redesign last
> >> year
> >>
> >> Just my 2 cents
> >>
> >> M
> >>
> >>
> >> Mr Michele Neylon
> >> Blacknight Solutions
> >> Quality Business Hosting & Colocation
> >> http://www.blacknight.ie/
> >> Tel. 1850 927 280
> >> Intl. +353 (0) 59  9183072
> >> UK: 0870 163 0607
> >> Direct Dial: +353 (0)59 9183090
> >> Fax. +353 (0) 59  9164239
> >>
> >> ------------------------ MailScanner list ------------------------
> >> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >> 'leave mailscanner' in the body of the email.
> >> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >>
> >> Support MailScanner development - buy the book off the website!
> >>
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
>
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
>
> iQA/AwUBQ10KexH2WUcUFbZUEQJ5xQCg3qrS4bwd/YQ0SjnQtfs9Fi1Gyt8Anjgu
> 0NgZZ/pcR17SEGysi7p3uGaT
> =btcg
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>


--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rabollinger at GMAIL.COM  Mon Oct 24 17:42:48 2005
From: rabollinger at GMAIL.COM (Richard Bollinger)
Date: Thu Jan 12 21:31:01 2006
Subject: MS/SA Upgrade Advice
Message-ID: <mailman.16257.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I plan to upgrade an old Mailscanner / SpamAssassin installation to
current versions of each.  The running versions are MailScanner-4.21-9
and Mail-SpamAssassin-2.63, hand installed from tar files in a
Slackware Linux environment.

Any quick advice before I dive in?  Chapter / page references in the
book would be appreciated as well.

Thanks, Rich B

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From naolson at GMAIL.COM  Mon Oct 24 17:58:49 2005
From: naolson at GMAIL.COM (Nathan Olson)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16258.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm not a fan of the new logo.  I think the kids today would say it "sucks".

If you're hellbent,
http://www.gotlogos.com/
$25 logos. :P

Nate

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 18:22:07 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16259.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I use gotlogos myself, the logos are all their work.

Nathan Olson wrote:

>I'm not a fan of the new logo.  I think the kids today would say it "sucks".
>
>If you're hellbent,
>http://www.gotlogos.com/
>$25 logos. :P
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10YPxH2WUcUFbZUEQL48wCg7keaLD9/jE3A6FZRYoazX+gpaFgAnAv0
k0u3wi8Ad4oDXBfzOKTrTWkv
=V2Xb
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raylund.lai at KANKANWOO.COM  Mon Oct 24 18:24:34 2005
From: raylund.lai at KANKANWOO.COM (Raylund Lai)
Date: Thu Jan 12 21:31:01 2006
Subject: Spamassassin Timeouts
Message-ID: <mailman.16260.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Have you changed some network settings recently such as DNS entries?

Cheers
Raylund

Quintin Giesbrecht wrote:
> Does anyone have any ideas why Spamassassin would suddenly start timing out?  I have set the timeout to 600 and Max Children to 3.  It still times out - I have made no changes to the box in weeks.  This started 3 days ago.
>
> Thanks for any help with this.
>
> Quintin Giesbrecht
> IT Manager
> Smith Neufeld Jodoin LLP
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>   

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Mon Oct 24 18:28:47 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16261.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If you didn't already have such a good logo this would be OK. But you already have a good, well known logo. I personally think you 
would be giving up a lot if you stop using the old logo. It says what needs to be said and again is already well known.

I would vote to keep the existing logo.

Dennis


Julian Field wrote:
> What do you think of this:
> 
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
> 
> Better or worse than the original?
> 
> What are your thoughts?
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store 
> <http://www.MailScanner.info/store>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 18:29:13 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: MS/SA Upgrade Advice
Message-ID: <mailman.16262.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Does Slackware do RPM's these days?
If you can use one of the RPM-based distributions of MailScanner, then 
do, it will do all the hard work for you. All the RPM's are rebuilt from 
source as they are installed, so it doesn't matter if Slackware puts 
things like Perl modules in odd places, my distribution will get them 
right for your system.

To upgrade SpamAssassin, use my ClamAV+SA package on the downloads page 
of www.mailscanner.info, it installs all the required modules for you 
and tells you all the changes you need to make to the SpamAssassin 
config file (2 lines need uncommenting, and 3 new lines are needed too). 
It doesn't use RPM's it does everything from source. If you don't want 
ClamAV then either don't use it, or else delete the "Install ClamAV" bit 
of the install.sh if you are happy doing that.

When you think you have installed everything, do "MailScanner -v" which 
will print the version number of every required Perl module, and all the 
optional ones too. This will tell you what you may have missed. 
Mail::ClamAV is only required for the "clamavmodule" virus scanner, and 
the SAVI module is only required for the "sophossavi" virus scanner. But 
you want all the others.

Richard Bollinger wrote:

>I plan to upgrade an old Mailscanner / SpamAssassin installation to
>current versions of each.  The running versions are MailScanner-4.21-9
>and Mail-SpamAssassin-2.63, hand installed from tar files in a
>Slackware Linux environment.
>
>Any quick advice before I dive in?  Chapter / page references in the
>book would be appreciated as well.
>
>Thanks, Rich B
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10Z6hH2WUcUFbZUEQKRpwCfZaj9nYNckoo53xEkaR/EAtEHYt0AoNMP
EtfmVLJnGWahQUBQvlX1YtJ+
=yM+b
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 24 18:27:47 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:01 2006
Subject: spam.assassin.prefs.conf vs. local.cf?
Message-ID: <mailman.16263.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave spake the following on 10/22/2005 2:18 PM:
> Hello,
> What's the difference between the two files? I've seen docs that say add
> settings to one but not he other, some say both. I want to enable pyzor,
> dcc, and razor and have them start working. I'd also like to update my
> bayes, is the bayes database for v3.0 usable with 3.1? This install is
> on a freebsd 5.4 box.
> Thanks.
> Dave.
> 
Some settings only work in local.cf, namely any priveledged settings,
while spam.assassin.prefs is considered by spamassassin as a user prefs
file.
You must enable any plugins in the local.cf file.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 18:42:46 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16264.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This appears to be the general consensus.

I basically did it to see what people thought. I didn't have much idea 
what opinion most people held about the logo, and a good way to probe 
that was to open the possibility of a new one. The opinion appears to be 
that it is very good how it is, with the possible exception of the font 
used for the name. I (with some help) will be trying out a possible 
change in font, but that will only be adopted with strong agreement from 
all you folks. I'm certainly not changing the logo for the sake of it, 
don't worry. I completely agree with the opinion that logos and style 
should not be changed just to keep the graphic artists in a job. But I 
think it was definitely worth the discussion it has generated.

One (well, 3) question(s) I still don't know the answer to:
How well known is the logo, outside the people who already use it?
How widely known is MailScanner as a package?
Are there any other packages that are known about as well as 
MailScanner, so I can get an idea of how widely it is known?

I know it is downloaded about 30,000 times per month, but how many of 
these translate into upgrades or new sites?

Dennis Willson wrote:

> If you didn't already have such a good logo this would be OK. But you 
> already have a good, well known logo. I personally think you would be 
> giving up a lot if you stop using the old logo. It says what needs to 
> be said and again is already well known.
>
> I would vote to keep the existing logo.
>
> Dennis
>
>
> Julian Field wrote:
>
>> What do you think of this:
>>
>> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
>>
>> Better or worse than the original?
>>
>> What are your thoughts?
>>
>> -- 
>> Julian Field
>> www.MailScanner.info
>> Buy the MailScanner book at www.MailScanner.info/store 
>> <http://www.MailScanner.info/store>
>> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/)
>> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> *Support MailScanner development - buy the book off the website!*
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10dFxH2WUcUFbZUEQKvdwCgkbgT64cv7FEpC3ioDVefhLscTJsAoLDz
AUcLDOw5b+VLq9AQ/cXoWwd7
=xeyU
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 18:46:49 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Spamassassin Timeouts
Message-ID: <mailman.16265.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

And if you use Razor, have you done a "razor-admin -discover" recently? 
That has bitten people before.

Set the two debug options in MailScanner.conf and see where it is 
getting held up. When it sticks, thump Ctrl-S to pause the output and 
see what it was doing. Anything to do with cloudmark.com is Razor. 
Ctrl-Q will make it carry on.

Raylund Lai wrote:

> Have you changed some network settings recently such as DNS entries?
>
> Cheers
> Raylund
>
> Quintin Giesbrecht wrote:
>
>> Does anyone have any ideas why Spamassassin would suddenly start 
>> timing out?  I have set the timeout to 600 and Max Children to 3.  It 
>> still times out - I have made no changes to the box in weeks.  This 
>> started 3 days ago.
>>
>> Thanks for any help with this.
>>
>> Quintin Giesbrecht
>> IT Manager
>> Smith Neufeld Jodoin LLP
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>   
>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10eChH2WUcUFbZUEQKKtACfViOoU550xiUo8g3EHyqH/WtdeV0AoLXu
4msFvSNFkO4Il7SQG7z13Qs0
=ZgYY
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lists at HBCS.ORG  Mon Oct 24 19:08:56 2005
From: lists at HBCS.ORG (Dave Coults)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16266.1137101461.24926.mailscanner@lists.mailscanner.info>

<in-line>

On Mon, 24 Oct 2005 18:42:46 +0100, Julian Field
<MailScanner@ECS.SOTON.AC.UK> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>This appears to be the general consensus.
>
>I basically did it to see what people thought. I didn't have much idea
>what opinion most people held about the logo, and a good way to probe
>that was to open the possibility of a new one. The opinion appears to be
>that it is very good how it is, with the possible exception of the font
>used for the name. I (with some help) will be trying out a possible
>change in font, but that will only be adopted with strong agreement from
>all you folks. I'm certainly not changing the logo for the sake of it,
>don't worry. I completely agree with the opinion that logos and style
>should not be changed just to keep the graphic artists in a job. But I
>think it was definitely worth the discussion it has generated.

I for one am in aggreement to keep the original although a possible 
"subtle" font change might be acceptable.  

>One (well, 3) question(s) I still don't know the answer to:
>How well known is the logo, outside the people who already use it?

Having previously been in mostly micro$oft shops (although we did run x-nix
for our MTA's) I would say somewhat low however improving as more articles
and product nominations go around. ;-)

>How widely known is MailScanner as a package?
>Are there any other packages that are known about as well as
>MailScanner, so I can get an idea of how widely it is known?

I had inherited this setup from the previous postmaster (who I might add is
a wiz) and like it so much, have adopted it on my personal servers and
recommend it to those I know who run their own. 

>I know it is downloaded about 30,000 times per month, but how many of
>these translate into upgrades or new sites?

Since this is on the main production server, I usually wait a few versions
unless there is a major update/security fix that needs to be in place.
However, the personal systems usually act as my testbed for the new releases
and then I'll upgrade production.
</in-line>

However, I will say in closing - support your developer - BUY THE BOOK!!

Dave Coults
HBCS Postmaster/Network Admin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Mon Oct 24 19:40:52 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16267.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Inline

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

> One (well, 3) question(s) I still don't know the answer to:
> How well known is the logo, outside the people who already use it?
> How widely known is MailScanner as a package?
> Are there any other packages that are known about as well as 
> MailScanner, so I can get an idea of how widely it is known?

1. I believe that within the anti-spam community it's very well known. But if you're not well versed in the anti-spam movement it's 
far less known. Microsoft shops probably don't know much about it (however, I and a number of consultants I know, push to put 
Sendmail and MailScanner in front of Exchange and not let Exchange talk directly to the Internet and so they know about it).

2. I believe that mostly the same group of people that know the logo, know the package and the reverse.

3. I'm not sure here, while there are packages like SpamAssassin that can be run without MailScanner, I have not seen any packages 
that "hook" an MTA and allow such easy configuration and provide support for SpamAssassin, Anti-Virus, etc... in the same fashion. 
There are packages that are "self-contained" with their own MTA, There are milters for Sendmail but you need to add a bunch of them 
all working independently. I just haven't seen anything that ties everything together so neatly and makes things work together so 
smoothly without completely re-inventing the wheel.



> 
> I know it is downloaded about 30,000 times per month, but how many of 
> these translate into upgrades or new sites?
> 
> Dennis Willson wrote:
> 
> 
>>If you didn't already have such a good logo this would be OK. But you 
>>already have a good, well known logo. I personally think you would be 
>>giving up a lot if you stop using the old logo. It says what needs to 
>>be said and again is already well known.
>>
>>I would vote to keep the existing logo.
>>
>>Dennis
>>
>>
>>Julian Field wrote:
>>
>>
>>>What do you think of this:
>>>
>>>http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
>>>
>>>Better or worse than the original?
>>>
>>>What are your thoughts?
>>>
>>>-- 
>>>Julian Field
>>>www.MailScanner.info
>>>Buy the MailScanner book at www.MailScanner.info/store 
>>><http://www.MailScanner.info/store>
>>>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>>>
>>>
>>>------------------------ MailScanner list ------------------------
>>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>>'leave mailscanner' in the body of the email.
>>>Before posting, read the Wiki (http://wiki.mailscanner.info/)
>>>and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>>*Support MailScanner development - buy the book off the website!*
>>
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
> 
> 
> 
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
> 
> iQA/AwUBQ10dFxH2WUcUFbZUEQKvdwCgkbgT64cv7FEpC3ioDVefhLscTJsAoLDz
> AUcLDOw5b+VLq9AQ/cXoWwd7
> =xeyU
> -----END PGP SIGNATURE-----
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 24 19:28:15 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:01 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16268.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/22/2005 9:20 AM:
> Dhawal Doshy wrote:
> 
> 
>>>Luca Palazzo wrote:
>>>
>>>
>>>>Hi,
>>>>today i'm experiencing a really strange problem. A customer sends a
>>>>mail, spamassassin is confugured to whitelist the sender (and does it)
>>>>but the message is tagged as spam.
>>>>When I look at log files the line seems to be truncated:
>>>>
>>>>Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
>>>>from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is
>>>>
>>>>The output of mailscanner (configured in debug,foreground and
>>>>spamassassin debug) seem to be right.
>>>>
>>>>Any idea
>>>>Luca
>>>
>>>
>>>82.53.230.146 is listed in spamhaus, cbl and others.. are you using 
>>>the "Spam List" option in MailScanner.conf? if yes, then most likely 
>>>this is the cause for marking the mail as spam.
>>>
>>>Also your spamassassin setup seems to be missing the Mail::SPF plugin 
>>>and you've not yet commented out the DCC and RAZOR related parts in 
>>>v310.pre.. If you do not intend on using them then comment the related 
>>>entries in spam.assassin.prefs.conf
> 
> 
> You need to add the lines for things like the SURBL plugins as well. If 
> you install SpamAssassin and ClamAV using my easy-install package, then 
> it will have told you all the changes you need to make to v310.pre. 
> Download and unpack my package and look at the "echo" commands at the 
> end of the install.sh script. That will tell you everything you need to 
> change in the file, and will significantly improve your spam 
> identification rates.
> 
It is too bad that the script can't add those lines, commented out as
necessary, to the end of the local.cf file.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 24 19:36:52 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16269.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/24/2005 1:06 AM:
> What do you think of this:
> 
> http://www.sng.ecs.soton.ac.uk/mailscanner/index.new.html
> 
> Better or worse than the original?
> 
> What are your thoughts?
> 
> -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> <http://www.MailScanner.info/store>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/)
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> *Support MailScanner development - buy the book off the website!*
Very Star Trekkie with the new font.
New and trendie isn't always the best. The old stable logo portrays the
stability and reliability of the software.
IMHO the lightning bolt seems to imply speed, while the shield is more
like what the software does.

The lightning bolt is for Julian, when ROOT speaks!!!

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Mon Oct 24 20:04:21 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:01 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16270.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Scott Silva writes:
>>>>
>>>>Also your spamassassin setup seems to be missing the Mail::SPF plugin 
>>>>and you've not yet commented out the DCC and RAZOR related parts in 
>>>>v310.pre.. If you do not intend on using them then comment the related 
>>>>entries in spam.assassin.prefs.conf
>>  
>> 
>> You need to add the lines for things like the SURBL plugins as well. If 
>> you install SpamAssassin and ClamAV using my easy-install package, then 
>> it will have told you all the changes you need to make to v310.pre. 
>> Download and unpack my package and look at the "echo" commands at the 
>> end of the install.sh script. That will tell you everything you need to 
>> change in the file, and will significantly improve your spam 
>> identification rates. 
>> 
> It is too bad that the script can't add those lines, commented out as
> necessary, to the end of the local.cf file. 
> 

1. perl -e "s/^#loadplugin Mail::SpamAssassin::Plugin::DCC/loadplugin 
Mail::SpamAssassin::Plugin::DCC/g;" -pi /etc/mail/spamassassin/v310.pre
2. perl -e "s/^#loadplugin Mail::SpamAssassin::Plugin::Razor2/loadplugin 
Mail::SpamAssassin::Plugin::Razor2/g;" -pi /etc/mail/spamassassin/v310.pre 

AND 

cat >> /etc/mail/spamassassin/local.cf < EOF
loadplugin Mail::SpamAssassin::Plugin::RelayCountry
loadplugin Mail::SpamAssassin::Plugin::SPF
loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
EOF 

Easy! huh, coming from someone who doesn't even know perl 

 - dhawal 

**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, 
please
notify the sender by e-mail requesting deletion of the original message.
Further, you are not to copy, disclose, or distribute this e-mail or its
contents to any other person and any such actions are unlawful. NetMagic
Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the 
risk
of virus infection & spam, but is not liable for any damage, you may sustain
as a result of any virus in this e-mail. You should carry out your own virus
checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd.
reserves the right to monitor and review the content of all messages sent to
or from this e-mail address. 

Messages sent to or from this e-mail address may be stored on the NetMagic
Solutions Pvt. Ltd.'s e-mail system.
***************** End of Disclaimer *******************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 19:57:21 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16271.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Scott Silva wrote:

>Julian Field spake the following on 10/22/2005 9:20 AM:
>  
>
>>Dhawal Doshy wrote:
>>
>>
>>    
>>
>>>>Luca Palazzo wrote:
>>>>
>>>>
>>>>        
>>>>
>>>>>Hi,
>>>>>today i'm experiencing a really strange problem. A customer sends a
>>>>>mail, spamassassin is confugured to whitelist the sender (and does it)
>>>>>but the message is tagged as spam.
>>>>>When I look at log files the line seems to be truncated:
>>>>>
>>>>>Oct 21 18:29:34 spamflt1 MailScanner[26731]: Message 72803152107.6D15A
>>>>>          
>>>>>
>>>>>from 82.53.230.146 (omniagricolae@omniagricolae.it) to maltanet.net is
>>>>        
>>>>
>>>>>The output of mailscanner (configured in debug,foreground and
>>>>>spamassassin debug) seem to be right.
>>>>>
>>>>>Any idea
>>>>>Luca
>>>>>          
>>>>>
>>>>82.53.230.146 is listed in spamhaus, cbl and others.. are you using 
>>>>the "Spam List" option in MailScanner.conf? if yes, then most likely 
>>>>this is the cause for marking the mail as spam.
>>>>
>>>>Also your spamassassin setup seems to be missing the Mail::SPF plugin 
>>>>and you've not yet commented out the DCC and RAZOR related parts in 
>>>>v310.pre.. If you do not intend on using them then comment the related 
>>>>entries in spam.assassin.prefs.conf
>>>>        
>>>>
>>You need to add the lines for things like the SURBL plugins as well. If 
>>you install SpamAssassin and ClamAV using my easy-install package, then 
>>it will have told you all the changes you need to make to v310.pre. 
>>Download and unpack my package and look at the "echo" commands at the 
>>end of the install.sh script. That will tell you everything you need to 
>>change in the file, and will significantly improve your spam 
>>identification rates.
>>
>>    
>>
>It is too bad that the script can't add those lines, commented out as
>necessary, to the end of the local.cf file.
>
It doesn't currently need to touch it as you really should uncomment the 
lines by hand, otherwise it can be seen as me bypassing the licence 
restrictions automatically. Guess I could add to the file if I can be 
sure I've found it though.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10ukhH2WUcUFbZUEQILJACgozKpXFNKsObcwXRG7OEL6ArxUY4An3FD
6EYOljQLfahU5sMH6NPCVto9
=XL96
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 24 19:40:30 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16272.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

DAve spake the following on 10/24/2005 8:43 AM:
> Michele Neylon :: Blacknight Solutions wrote:
> 
>> How about a compromise?
>>
>> Keep the existing logo. Use the new logo for some new things and let
>> people
>> choose to use whichever logo they are happy with?
>>
>> Or did I miss something?
>>
>> It's not like Spam Assassin that had a hideous logo until the redesign
>> last
>> year
>>
>> Just my 2 cents
>>
>> M
>>
> 
> Multiple logos is a bad thing, it promotes brand dilution. Ideally a
> brand should be easily recognizable, even in a single color. Think
> Mercedes, Chevrolet, Nike. These brands are recognized all over the
> world. The name is not important, people will identify the logo on
> sight. They are constants and well known.
> 
> Consider this, a fantastic review of MailScanner is written. Potential
> customers read the review and enthusiastically decide to download and
> try the product. When they follow the link from the review, they see a
> different logo. Any confidence in MailScanner that they had from the
> review could be lost when the link takes them to a website with a
> different logo/colors.
> 
> "Is this the same product that was reviewed? I don't know".
> 
> Just my thoughts, nothing more.
> 
> DAve
> 
With the persistence of the internet, this could have a "lot" of impact.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Mon Oct 24 20:10:42 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Message tagged as spam even if sender is whitelisted
Message-ID: <mailman.16273.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dhawal Doshy wrote:

> Scott Silva writes:
>
>>>>>
>>>>> Also your spamassassin setup seems to be missing the Mail::SPF 
>>>>> plugin and you've not yet commented out the DCC and RAZOR related 
>>>>> parts in v310.pre.. If you do not intend on using them then 
>>>>> comment the related entries in spam.assassin.prefs.conf
>>>>
>>>  
>>>
>>> You need to add the lines for things like the SURBL plugins as well. 
>>> If you install SpamAssassin and ClamAV using my easy-install 
>>> package, then it will have told you all the changes you need to make 
>>> to v310.pre. Download and unpack my package and look at the "echo" 
>>> commands at the end of the install.sh script. That will tell you 
>>> everything you need to change in the file, and will significantly 
>>> improve your spam identification rates.
>>
>> It is too bad that the script can't add those lines, commented out as
>> necessary, to the end of the local.cf file.
>
>
> 1. perl -e "s/^#loadplugin Mail::SpamAssassin::Plugin::DCC/loadplugin 
> Mail::SpamAssassin::Plugin::DCC/g;" -pi /etc/mail/spamassassin/v310.pre
> 2. perl -e "s/^#loadplugin 
> Mail::SpamAssassin::Plugin::Razor2/loadplugin 
> Mail::SpamAssassin::Plugin::Razor2/g;" -pi 
> /etc/mail/spamassassin/v310.pre
> AND
> cat >> /etc/mail/spamassassin/local.cf < EOF
> loadplugin Mail::SpamAssassin::Plugin::RelayCountry
> loadplugin Mail::SpamAssassin::Plugin::SPF
> loadplugin Mail::SpamAssassin::Plugin::URIDNSBL
> EOF
> Easy! huh, coming from someone who doesn't even know perl 


I can't do the first two automatically, it is blatantly bypassing the 
licence restrictions. The rest I now do.
Oh, and by the way, it's "<<EOF" and not "< EOF" :-)

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ10xsxH2WUcUFbZUEQJmDACfXZu3QToytPdRMxcgiRT1lYfvsfgAoMlk
H0fGK1dlV+xW9Ts+Ba7ehb+O
=hcI4
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Mon Oct 24 20:58:18 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16274.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> This appears to be the general consensus.
> 
> I basically did it to see what people thought. I didn't have much idea 
> what opinion most people held about the logo, and a good way to probe 
> that was to open the possibility of a new one. The opinion appears to be 
> that it is very good how it is, with the possible exception of the font 
> used for the name. I (with some help) will be trying out a possible 
> change in font, but that will only be adopted with strong agreement from 
> all you folks. I'm certainly not changing the logo for the sake of it, 
> don't worry. I completely agree with the opinion that logos and style 
> should not be changed just to keep the graphic artists in a job. But I 
> think it was definitely worth the discussion it has generated.
> 
> One (well, 3) question(s) I still don't know the answer to:
> How well known is the logo, outside the people who already use it?

Hmm, unfortunately I don't know anyone else who does what I do 
(locally). Other sysadmins I know are aware of MailScanner because I 
told them about MailScanner.

> How widely known is MailScanner as a package?

I would think as a spam package for use with SpamAssassin, fairly well. 
As a tool to hook up ClamAV, again fairly well. As a one stop shop to 
handle spam/virus management, not as well.

I think it is because so many times MailScanner comes up in 
conversations as "How do you run SA/clamAV/BitDefender, Etc?". ( "fairly 
well" = when I mention MailScanner the name is familiar, they have heard 
of it, but they know little about it other than it's reputation ).

> Are there any other packages that are known about as well as 
> MailScanner, so I can get an idea of how widely it is known?
> 

I believe MailScanner is better known than AmavisD, SimScan, 
SpamAssassin-Milter. Not as well known as SpamAssassin.

> I know it is downloaded about 30,000 times per month, but how many of 
> these translate into upgrades or new sites?
> 

I would be a bad example. If I have no security issues, if the software 
is working, I will not upgrade. I am still running a several month old 
version on my servers (4.37.7). I don't use the functions/features that 
have issues or have been added since my last upgrade. For the features I 
have enabled, it works.

"If it ain't broke....... Don't fix it"

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jfcharland at GMAIL.COM  Mon Oct 24 21:14:06 2005
From: jfcharland at GMAIL.COM (J.F. Charland)
Date: Thu Jan 12 21:31:01 2006
Subject: Bypassing Bad Content filter for one user: foundscript
Message-ID: <mailman.16275.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi

How does one bypass the bad content filters for a particular sender or
recipient for warnings such as "foundscript"?  I can't seem to find
out where I can create a ruleset for this in MailScanner.conf.

Can someone point me to a resource or briefly describe the procedure?
I promise don't need hand-holding, just a pointer.  :)

Thanks,
JF

From schweizer.martin at GMAIL.COM  Mon Oct 24 21:37:43 2005
From: schweizer.martin at GMAIL.COM (Martin Schweizer)
Date: Thu Jan 12 21:31:01 2006
Subject: White and black list
Message-ID: <mailman.16276.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello Julian

Thank you for the hint. This was what i'm looking for.

Regards,
Martin

2005/10/23, Julian Field <MailScanner@ecs.soton.ac.uk>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You need milter-ahead. Google for it, it checks what addresses are real
> valid addresses and only accepts mail for them. It caches the results
> and all sorts of things like that so that it works really fast.
>
> Martin Schweizer wrote:
>
> >Hello
> >I receive about 15'000 spam mails per day to any domain (for example
> >abc.com). But there are only about 30 real user e-mail addresses
> >behind this domain (for example info@, support@ etc.). Is there a
> >combination to filer out only the real e-mail addresses and drop the
> >others?
> >
> >(The machine where MailScanner should work is not the machine where
> >the real mailserver lives. After proceeding MailScanner/Sendmail the
> >mails will be forwarded to a second mailserver)
> >
> >Thank you in advance.
> >
> >Regards,
> >--
> >Martin Schweizer
> >schweizer.martin@gmail.com
> >Fax: +41 55 243 33 22
> >
> >------------------------ MailScanner list ------------------------
> >To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> >'leave mailscanner' in the body of the email.
> >Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> >the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> >Support MailScanner development - buy the book off the website!
> >
> >
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
>
> iQA/AwUBQ1ua+RH2WUcUFbZUEQI5EwCeLIg1zLMqNON3IiwWyOIN7WHwg3gAoOxv
> bSL+cRtcoF+S+N2uut2MHCiv
> =dtCN
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>


--
Martin Schweizer
schweizer.martin@gmail.com
Fax: +41 55 243 33 22

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Mon Oct 24 21:38:29 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:01 2006
Subject: Bypassing Bad Content filter for one user: foundscript
Message-ID: <mailman.16277.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I believe you want to make a ruleset for:
Dangerous Content Scanning =

Or maybe multiple rulesets in the section labeled:
#
# Removing/Logging dangerous or potentially offensive content
# -----------------------------------------------------------
#

I have gotten to the point where I tell the users it's part of the anti-virus and can't be controlled per user or per domain (even 
though it can) just because even the users that say "I know enough to know what not to do with bad content" really don't (In fact 
these are the most dangerous users that will mess themselves up and I will get the support call for). They grumble a bit, but since 
it's part of the anti-virus they'll live with it.

You can also create whitelists for specific senders and/or receivers and with MailWatch they (the users) can do that themselves.

Dennis




J.F. Charland wrote:
> Hi
> 
> How does one bypass the bad content filters for a particular sender or
> recipient for warnings such as "foundscript"?  I can't seem to find
> out where I can create a ruleset for this in MailScanner.conf.
> 
> Can someone point me to a resource or briefly describe the procedure?
> I promise don't need hand-holding, just a pointer.  :)
> 
> Thanks,
> JF

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Mon Oct 24 21:45:51 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo
Message-ID: <mailman.16278.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 24/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
(snip)
> One (well, 3) question(s) I still don't know the answer to:
> How well known is the logo, outside the people who already use it?
Rather depends on the defenition of "well-known" etc:-).

> How widely known is MailScanner as a package?

I know that MailScanner got some fairly good press  here in Sweden (in
a great part thanks to Tony over at the Swedish Church... larg-ish
installation that some reporter or other thought fitted well into the
"really geeky corner" of some networking/sysadm type magazine).
I wouldn't call it well-know, as in known by all and sundry, but
people "in the know" has at least heard of it. A typical sales-pitch
type conversation might go like:

(salesperson): We sell this shiny new spam and AV appliance that even ...

(me): Don't bother, we've setup a MailScanner system (... that would
beat your crap right out.... erhm, ouperform your gadget.... well, I
don't say that:-)

(salesperson): Oh... <thoughtful pause while silently cursing the
inferiority of their product.... or at least the "no sale situation">
... Well, we sell RSA tokens and these nice web-proxies and this fine
firewalls too... (You can imagine the rest of such a conversation, I'm
sure most of you've had such aplenty;)

> Are there any other packages that are known about as well as
> MailScanner, so I can get an idea of how widely it is known?

Again, you'd have to define the context a bit... In the spam-fighting
crowd I'd say it's ahead of amavisd, but then I'm biased.... I already
chose your product:-).
Amongst *nix mailadmins... I'd actually imagine a majority to at least
have heard the name (but many of those no more than that). If you add
in the M-Sexchangers and Dominoes and those Wise in a Cluster and
whatnot..... I'm sad to say the "ratings" will plummet.
(snip)

So when all is said and done, you've a bit to go yet before Total
World Domination... But it's a well-regarded package (apart from by
some pf devs....:-).
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Mon Oct 24 22:08:27 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:01 2006
Subject: Spamassassin Timeouts
Message-ID: <mailman.16279.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Quintin Giesbrecht wrote:
> Does anyone have any ideas why Spamassassin would suddenly start timing out?  I have set the timeout to 600 and Max Children to 3.  It still times out - I have made no changes to the box in weeks.  This started 3 days ago.
> 
> Thanks for any help with this.
> 
> Quintin Giesbrecht
> IT Manager
> Smith Neufeld Jodoin LLP
> 

http://wiki.mailscanner.info/doku.php?id=documentation:test_troubleshoot:spamassassin:timeouts

-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Oct 24 22:30:39 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo -- concepts
Message-ID: <mailman.16280.1137101461.24926.mailscanner@lists.mailscanner.info>

On 24 Oct 2005, at 17:23, Julian Field wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> What would anyone think of the old logo with the new text font?
>
> I agree with someone's thought that the text looks like an old
> typewriter. But maybe age ==> stability ==> reliability? (==> is  
> "implies")
>
> The MailScanner logo has to say "reliable and trustworthy" as well as
> "safe and speedy" which is what the shield device implies at the  
> moment.
> Is "new and zippy" compatible with "reliable and trustworthy"? Is  
> "new"
> even a concept we should consider at all? "Old" ==> "staid and  
> solid and
> traditional".
>
> It's all about working out what graphics imply what concepts, and what
> concept we want to associate with MailScanner, and more importantly  
> what
> concepts we do *not* want to associate with it.
>
> I have no training in marketing, but I think this is the basic idea.
>
You have to consider that organisations re-brand usually because they  
have offered a mark 1 version that wasn't quite good enough or had a  
poor reputation. This is not the case with MailScanner. I agree it is  
appropriate that the logo should be brought up to-date but you  
shouldn't depart too far from the original trusted design (You can  
see the reaction already from list members). The shield is indeed  
'old and trusty' (For old read stable or mature), the lines read  
speed and the envelope is what it's all about. I like the impact of  
the logo tweak on the front cover of the book with just the shield,  
lines and envelope turned at a slight angle. You could add beneath  
that, also at the same angle, the word 'MailScanner' as if part of  
the speed lines underneath the shield and with a little shoving about  
you ought to include the URL but underneath the 'Scanner' part.

I feel a refreshing of the look is worthwhile but don't re-brand as  
you will run the risk of losing the following the current branding has.

My 2p

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Mon Oct 24 22:09:45 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:01 2006
Subject: Bypassing Bad Content filter for one user: foundscript
Message-ID: <mailman.16281.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis Willson wrote:
> I believe you want to make a ruleset for:
> Dangerous Content Scanning =
> 
> Or maybe multiple rulesets in the section labeled:
> #
> # Removing/Logging dangerous or potentially offensive content
> # -----------------------------------------------------------
> #
> 
> I have gotten to the point where I tell the users it's part of the 
> anti-virus and can't be controlled per user or per domain (even though 
> it can) just because even the users that say "I know enough to know what 
> not to do with bad content" really don't (In fact these are the most 
> dangerous users that will mess themselves up and I will get the support 
> call for). They grumble a bit, but since it's part of the anti-virus 
> they'll live with it.
> 
> You can also create whitelists for specific senders and/or receivers and 
> with MailWatch they (the users) can do that themselves.

Be aware that whitelists/blacklists only relates to spam, not dangerous 
content.

Ugo
> 
> Dennis
> 
> 
> 
> 
> J.F. Charland wrote:
>> Hi
>>
>> How does one bypass the bad content filters for a particular sender or
>> recipient for warnings such as "foundscript"?  I can't seem to find
>> out where I can create a ruleset for this in MailScanner.conf.
>>
>> Can someone point me to a resource or briefly describe the procedure?
>> I promise don't need hand-holding, just a pointer.  :)
>>
>> Thanks,
>> JF
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lhaig at HAIGMAIL.COM  Tue Oct 25 00:15:56 2005
From: lhaig at HAIGMAIL.COM (Lance Haig)
Date: Thu Jan 12 21:31:01 2006
Subject: Problems with wiki
Message-ID: <mailman.16282.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

How can I get my password sent to me.

I want to maintain the SUSE install page.

Thanks

Lance

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jfcharland at GMAIL.COM  Tue Oct 25 03:18:27 2005
From: jfcharland at GMAIL.COM (J.F. Charland)
Date: Thu Jan 12 21:31:01 2006
Subject: Bypassing Bad Content filter for one user: foundscript
Message-ID: <mailman.16283.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 10/24/05, Dennis Willson <taz@taz-mania.com> wrote:
> I believe you want to make a ruleset for:
> Dangerous Content Scanning =
>
> Or maybe multiple rulesets in the section labeled:
> #
> # Removing/Logging dangerous or potentially offensive content
> # -----------------------------------------------------------
> #
>
> I have gotten to the point where I tell the users it's part of the anti-virus and can't be controlled per user or per domain (even
> though it can) just because even the users that say "I know enough to know what not to do with bad content" really don't (In fact
> these are the most dangerous users that will mess themselves up and I will get the support call for). They grumble a bit, but since
> it's part of the anti-virus they'll live with it.
>
> You can also create whitelists for specific senders and/or receivers and with MailWatch they (the users) can do that themselves.
>
> Dennis
>
>
>
>
> J.F. Charland wrote:
> > Hi
> >
> > How does one bypass the bad content filters for a particular sender or
> > recipient for warnings such as "foundscript"?  I can't seem to find
> > out where I can create a ruleset for this in MailScanner.conf.
> >
> > Can someone point me to a resource or briefly describe the procedure?
> > I promise don't need hand-holding, just a pointer.  :)
> >
> > Thanks,
> > JF
>



Puzzled, I wanted to see if there was such actually such a paramater
as "Dangerous Content Scanning =" by doing a   man MailScanner.conf

There isn't.  :-)  But I DID find the "Allow Script Tags" parameter so
I would try something like:
   Allow Script Tags = %rules-dir%/allow.script.tags

 I would put the following in the rules file:

   FromOrTo:       default         no
   To:             scripts.galore@mailbox-at-risk.com      yes


... am I on the right track?

From tac.forums at GMAIL.COM  Tue Oct 25 06:45:01 2005
From: tac.forums at GMAIL.COM (TAC Forums)
Date: Thu Jan 12 21:31:01 2006
Subject: Oversized.zip disabling
Message-ID: <mailman.16284.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

We posted a query regarding disabling the "ArchiveMaxCompressionRatio"
and got few replies , please refer the link below.

http://lurker.clamav.net/message/20051020.105849.0c849241.en.html

Is there something we need to do with MailScanner configuration ?

Some help / tips  would be appreciated.

--
TAC Support Team

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct 25 08:14:43 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:01 2006
Subject: Oversized.zip disabling
Message-ID: <mailman.16285.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

TAC Forums wrote:
> Hi,
> 
> We posted a query regarding disabling the "ArchiveMaxCompressionRatio"
> and got few replies , please refer the link below.
> 
> http://lurker.clamav.net/message/20051020.105849.0c849241.en.html
> 
> Is there something we need to do with MailScanner configuration ?
> 
> Some help / tips  would be appreciated.
> 
> --
> TAC Support Team

What do you use? clamscan or clamavmodule (Mail::ClamAV).

clamscan: Search for ExtraScanOptions="" in the clamav-wrapper script 
and add the following to it "--max-ratio=0", remember that setting this 
would effectively disable some DOS protection within Clam. It should 
look like this: ExtraScanOptions="--max-ratio=0"

Julian: do you recommend doing this? do you have any suggestions?

clamavmodule: Set "ArchiveMaxCompressionRatio 0" in clamd.conf since 
Mail::ClamAV reads default values from clamd.conf (if found and 
readable), also try simply deleting (move clamd.conf to a different 
location OR 'chmod 000 clamd.conf')

Hope that helps, please make sure that you post your observations / 
findings back to the list.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 25 09:11:26 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Problems with wiki
Message-ID: <mailman.16286.1137101461.24926.mailscanner@lists.mailscanner.info>

Can one of the wiki-masters help this guy out please? I haven't a clue.

On 25 Oct 2005, at 00:15, Lance Haig wrote:

> How can I get my password sent to me.
>
> I want to maintain the SUSE install page.
>
> Thanks
>
> Lance

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 25 09:12:47 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Bypassing Bad Content filter for one user: foundscript
Message-ID: <mailman.16287.1137101461.24926.mailscanner@lists.mailscanner.info>

On 25 Oct 2005, at 03:18, J.F. Charland wrote:

> On 10/24/05, Dennis Willson <taz@taz-mania.com> wrote:
>
>> I believe you want to make a ruleset for:
>> Dangerous Content Scanning =
>>
>> Or maybe multiple rulesets in the section labeled:
>> #
>> # Removing/Logging dangerous or potentially offensive content
>> # -----------------------------------------------------------
>> #
>>
>> I have gotten to the point where I tell the users it's part of the  
>> anti-virus and can't be controlled per user or per domain (even
>> though it can) just because even the users that say "I know enough  
>> to know what not to do with bad content" really don't (In fact
>> these are the most dangerous users that will mess themselves up  
>> and I will get the support call for). They grumble a bit, but since
>> it's part of the anti-virus they'll live with it.
>>
>> You can also create whitelists for specific senders and/or  
>> receivers and with MailWatch they (the users) can do that themselves.
>>
>> Dennis
>>
>>
>>
>>
>> J.F. Charland wrote:
>>
>>> Hi
>>>
>>> How does one bypass the bad content filters for a particular  
>>> sender or
>>> recipient for warnings such as "foundscript"?  I can't seem to find
>>> out where I can create a ruleset for this in MailScanner.conf.
>>>
>>> Can someone point me to a resource or briefly describe the  
>>> procedure?
>>> I promise don't need hand-holding, just a pointer.  :)
>>>
>>> Thanks,
>>> JF
>>>
>>
>>
>
>
>
> Puzzled, I wanted to see if there was such actually such a paramater
> as "Dangerous Content Scanning =" by doing a   man MailScanner.conf
>
> There isn't.  :-)  But I DID find the "Allow Script Tags" parameter so
> I would try something like:
>    Allow Script Tags = %rules-dir%/allow.script.tags
>
>  I would put the following in the rules file:
>
>    FromOrTo:       default         no
>    To:             scripts.galore@mailbox-at-risk.com      yes
>
Don't trust the man page for that, it's a bit behind. Look in the  
MailScanner.conf and you will find it if it is implemented in your  
version.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Tue Oct 25 09:46:15 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:01 2006
Subject: MS/SA Upgrade Advice
Message-ID: <mailman.16288.1137101461.24926.mailscanner@lists.mailscanner.info>

Rich

Upgrade MS first, make sure that's working fine - follow the instructions in
the wiki for doing the upgrade..

Then once you are happy with that upgrade SA. Now this is more fun as
there's lots of changes from 2.6x to 3.x. Look in their wiki about bayes and
rules name changed esp. make sure 

spamassassin -p /opt/MailScanner/etc/spam.assassin.prefs.conf -D --lint


runs clean before you start MS again...

nice and slowly, make one change then make sure thigns are OK etc. Don't be
afraid to ask for advice - the IRC channel is normally good for immedidate
issues, but be patient there as we have day jobs and don't respond within 50
milliseconds of the question coming in ;-)

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Richard Bollinger
> Sent: 24 October 2005 17:43
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] MS/SA Upgrade Advice
> 
> I plan to upgrade an old Mailscanner / SpamAssassin installation to
> current versions of each.  The running versions are MailScanner-4.21-9
> and Mail-SpamAssassin-2.63, hand installed from tar files in a
> Slackware Linux environment.
> 
> Any quick advice before I dive in?  Chapter / page references in the
> book would be appreciated as well.
> 
> Thanks, Rich B
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From tac.forums at GMAIL.COM  Tue Oct 25 09:58:06 2005
From: tac.forums at GMAIL.COM (TAC Forums)
Date: Thu Jan 12 21:31:01 2006
Subject: Oversized.zip disabling
Message-ID: <mailman.16289.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi Dhawal,

> What do you use? clamscan or clamavmodule (Mail::ClamAV).

We use clamscan.
>
> clamscan: Search for ExtraScanOptions="" in the clamav-wrapper script
> and add the following to it "--max-ratio=0", remember that setting this
> would effectively disable some DOS protection within Clam. It should
> look like this: ExtraScanOptions="--max-ratio=0"

Thanks for the help, it worked...

TAC Support Team

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From marcin.rozek at IOS.EDU.PL  Tue Oct 25 11:03:09 2005
From: marcin.rozek at IOS.EDU.PL ([ISO-8859-2] Marcin Ro¿ek)
Date: Thu Jan 12 21:31:01 2006
Subject: Oversized.zip disabling
Message-ID: <mailman.16290.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-2" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

TAC Forums wrote:
> Hi,
> 
> We posted a query regarding disabling the "ArchiveMaxCompressionRatio"
> and got few replies , please refer the link below.
> 
> http://lurker.clamav.net/message/20051020.105849.0c849241.en.html
> 
> Is there something we need to do with MailScanner configuration ?
Set
ClamAVmodule Maximum Compression  Ratio = 0
in MailScanner.conf

-- 
Marcin

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 25 11:54:37 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:01 2006
Subject: Problems with wiki
Message-ID: <mailman.16291.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 25/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> Can one of the wiki-masters help this guy out please? I haven't a clue.
>
> On 25 Oct 2005, at 00:15, Lance Haig wrote:
>
> > How can I get my password sent to me.
> >
> > I want to maintain the SUSE install page.
> >
> > Thanks
> >
> > Lance
>
> --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>

I might be wrong, but the old version you've installed is likely not
capable of resending (or rather resetting) the passwd.

I don't know if the latest stable release of DW includes it, but it
definitely is in the darcs repository... One could well go with one of
the nightly snapshots... There are a lot of improvements (and "fun"
plugins, templates etc) that work well with the devel version. Main
thing is that you have the very nice Admin additions (just enable
plugin manager etc, then add user_manager (the experimental one) and
you'll be able, as an admin to reset passwords etc from the admin
"gui").

But as it stands, we cannot help much... You could of course implement
the feature by hand... look at
http://wiki.splitbrain.org/wiki:tips:resetpassword ...

-- Glenn

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 25 13:57:05 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: Problems with wiki
Message-ID: <mailman.16292.1137101461.24926.mailscanner@lists.mailscanner.info>

On 25 Oct 2005, at 11:54, Glenn Steen wrote:

> On 25/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
>
>> Can one of the wiki-masters help this guy out please? I haven't a  
>> clue.
>>
>> On 25 Oct 2005, at 00:15, Lance Haig wrote:
>>
>>
>>> How can I get my password sent to me.
>>>
>>> I want to maintain the SUSE install page.
>>>
>>> Thanks
>>>
>>> Lance
>>>
>
> I might be wrong, but the old version you've installed is likely not
> capable of resending (or rather resetting) the passwd.
>
> I don't know if the latest stable release of DW includes it, but it
> definitely is in the darcs repository... One could well go with one of
> the nightly snapshots... There are a lot of improvements (and "fun"
> plugins, templates etc) that work well with the devel version. Main
> thing is that you have the very nice Admin additions (just enable
> plugin manager etc, then add user_manager (the experimental one) and
> you'll be able, as an admin to reset passwords etc from the admin
> "gui").
>
> But as it stands, we cannot help much... You could of course implement
> the feature by hand... look at
> http://wiki.splitbrain.org/wiki:tips:resetpassword ...

Is it really worth me upgrading? It basically appears to work okay,  
so I'm not inclined to do it. And how hard is it to upgrade? PHP apps  
are often hard to upgrade in my experience.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dave.list at PIXELHAMMER.COM  Tue Oct 25 14:18:58 2005
From: dave.list at PIXELHAMMER.COM (DAve)
Date: Thu Jan 12 21:31:01 2006
Subject: Oversized.zip disabling
Message-ID: <mailman.16293.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

TAC Forums wrote:
> Hi Dhawal,
> 
> 
>>What do you use? clamscan or clamavmodule (Mail::ClamAV).
> 
> 
> We use clamscan.
> 
>>clamscan: Search for ExtraScanOptions="" in the clamav-wrapper script
>>and add the following to it "--max-ratio=0", remember that setting this
>>would effectively disable some DOS protection within Clam. It should
>>look like this: ExtraScanOptions="--max-ratio=0"
> 
> 
> Thanks for the help, it worked...

We expreienced this issue several months ago with clients sending Access 
DBs back and forth. If they are small DBs the compress very well. I set 
the ArchiveMaxCompressionRatio from the default of 250 to 400 and the 
DBs regularly go through now. This required a bit of trial and error on 
my part with a sample zipped DB.

Tuning the setting rather than disabling it seems a better option to me.

DAve

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 25 14:57:03 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:01 2006
Subject: Problems with wiki
Message-ID: <mailman.16294.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 25/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
(snip)
>
> Is it really worth me upgrading? It basically appears to work okay,
> so I'm not inclined to do it. And how hard is it to upgrade? PHP apps
> are often hard to upgrade in my experience.
>
It's not that bad normally, if one goes from a "new" version to
another "new" version, since most (if not all) changes you'd done
would be in files that the "install" wouldn't touch anyway
(conf/local.php, conf/acl.auth.php, conf/users.auth.php and data/*
more or less)... But you'd not be able to use such a convenient
method, since there's been a slight directory reshuffle between the
verion you're at and the current version(s)...
Perhaps not a big thing, mostly a question of doing some controlled
copying etc. And I'd do it as a "stand-aside-upgrade"... mostly a
question of setting up a new one, moving the data (and relevant
configs), renaming the old one and moving the new one into place. More
or less as described on the install page at splitbrain.

I'm fairly certain you'd need go to the devel version to get the
desired options (profile handling and administrator-driven user
managing), so perhaps one should hold off a while, until Andreas
releases it into the "stable branch".

You could actually do a stopgap thing to help Lance though. You two
should get together off-list and decide a password for him, then you
could use plain ol' linux crypt to generate the "salted MD5"... If
your boxes have MD5 passwords it'd just eb to set that password on
some stray user, then copy'n'paste the cipher-string from the shadow
file into the conf/users.auth.php file. Would solve the immediate
problem and push the need for updates a bit further into the future.

Things to consider adding when you *do* update:
- enable the plugin manager (already included in modern versions)
- enable the spellchecker (already included in modern versions)
- the twikidraw plugin... Tremendoulsy useful for making simple visualizations.
- the box/boxes plugin... Rounded/colorized boxes (I'd urge you to go
for the note plugin, but I've not been able to get that one to
actually work:-). For "highlighted notes" type things.
- a nice theme/template. Simplest would be the sidebar theme, which
just add the index in a nice little sidebar on the left side (else
it's pretty much the default theme), but it'd perhaps be nice with a
propery logotyped MailScanner theme... Perhpas based on the mediawiki
tpl, or something more elaborate like roundbox.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lhaig at HAIGMAIL.COM  Tue Oct 25 15:08:02 2005
From: lhaig at HAIGMAIL.COM (Lance Haig)
Date: Thu Jan 12 21:31:01 2006
Subject: Problems with wiki
Message-ID: <mailman.16295.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn I am so glad you guys know what you are talking about. :-)

I got lost there and will need to read this again later when I am not so
run down :-)

Lance

Glenn Steen wrote:

 On 25/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
(snip)
  

 Is it really worth me upgrading? It basically appears to work okay,
so I'm not inclined to do it. And how hard is it to upgrade? PHP apps
are often hard to upgrade in my experience.

    

 It's not that bad normally, if one goes from a "new" version to
another "new" version, since most (if not all) changes you'd done
would be in files that the "install" wouldn't touch anyway
(conf/local.php, conf/acl.auth.php, conf/users.auth.php and data/*
more or less)... But you'd not be able to use such a convenient
method, since there's been a slight directory reshuffle between the
verion you're at and the current version(s)...
Perhaps not a big thing, mostly a question of doing some controlled
copying etc. And I'd do it as a "stand-aside-upgrade"... mostly a
question of setting up a new one, moving the data (and relevant
configs), renaming the old one and moving the new one into place. More
or less as described on the install page at splitbrain.

I'm fairly certain you'd need go to the devel version to get the
desired options (profile handling and administrator-driven user
managing), so perhaps one should hold off a while, until Andreas
releases it into the "stable branch".

You could actually do a stopgap thing to help Lance though. You two
should get together off-list and decide a password for him, then you
could use plain ol' linux crypt to generate the "salted MD5"... If
your boxes have MD5 passwords it'd just eb to set that password on
some stray user, then copy'n'paste the cipher-string from the shadow
file into the conf/users.auth.php file. Would solve the immediate
problem and push the need for updates a bit further into the future.

Things to consider adding when you *do* update:
- enable the plugin manager (already included in modern versions)
- enable the spellchecker (already included in modern versions)
- the twikidraw plugin... Tremendoulsy useful for making simple visualizations.
- the box/boxes plugin... Rounded/colorized boxes (I'd urge you to go
for the note plugin, but I've not been able to get that one to
actually work:-). For "highlighted notes" type things.
- a nice theme/template. Simplest would be the sidebar theme, which
just add the index in a nice little sidebar on the left side (else
it's pretty much the default theme), but it'd perhaps be nice with a
propery logotyped MailScanner theme... Perhpas based on the mediawiki
tpl, or something more elaborate like roundbox.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

  


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From glenn.steen at GMAIL.COM  Tue Oct 25 15:46:20 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:01 2006
Subject: Problems with wiki
Message-ID: <mailman.16296.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 25/10/05, Lance Haig <lhaig@haigmail.com> wrote:
>  Glenn I am so glad you guys know what you are talking about. :-)
>
>  I got lost there and will need to read this again later when I am not so
> run down :-)
>
>  Lance
>
>  Glenn Steen wrote:
>  On 25/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
(snip)
> You could actually do a stopgap thing to help Lance though. You two
> should get together off-list and decide a password for him, then you
> could use plain ol' linux crypt to generate the "salted MD5"... If
> your boxes have MD5 passwords it'd just eb to set that password on
> some stray user, then copy'n'paste the cipher-string from the shadow
> file into the conf/users.auth.php file. Would solve the immediate
> problem and push the need for updates a bit further into the future.
>

This is the bit I think you and Jules should concern yourself with ...
No real need for you (Lance) to wade through the rest:-).

Basically: Mail Jules at his off-list address and tell him what you'd
like your new password to be, then it'll be up to him to find the time
to actually generate that password and put it into the correct place.

And when DokuWiki has gotten all the new (*shiny*:-) features into
it's stable branch, then we'll worry about updating it.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at GMAIL.COM  Tue Oct 25 16:47:21 2005
From: lbcadmin at GMAIL.COM (Information Services)
Date: Thu Jan 12 21:31:01 2006
Subject: HIPPA password protected zip files
Message-ID: <mailman.16297.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I see in MailScanner.conf, after looking through the archives, and a
previous post about password protected zip files, that I can turn this
option to Yes and allow all password protected zips.

# Should archives which contain any password-protected files be allowed?
# Leaving this set to "no" is a good way of protecting against all the
# protected zip files used by viruses at the moment.
# This can also be the filename of a ruleset.
Allow Password-Protected Archives = yes

I can also set it to a path with a ruleset.  I would much rather set a
path instead of letting password protected zip files come through
unchecked.  From reading the MailScanner.conf file, and other posts,
it is not a wise idea to allow password protected zip files, but for
some clarity, even if you did allow these files, the antivirus
programs used in conjunction with mailscanner should still work
properly and notice virus related password protected zip's  right?

In either case, what would be the proper format to create a ruleset to
allow HIPPA related password protected zip files?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Tue Oct 25 17:21:12 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:01 2006
Subject: HIPPA password protected zip files
Message-ID: <mailman.16298.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Information Services wrote:
> I can also set it to a path with a ruleset.  I would much rather set a
> path instead of letting password protected zip files come through
> unchecked.  From reading the MailScanner.conf file, and other posts,
> it is not a wise idea to allow password protected zip files, but for
> some clarity, even if you did allow these files, the antivirus
> programs used in conjunction with mailscanner should still work
> properly and notice virus related password protected zip's  right?
>   
No, if by password protected you mean encrypted. There is no way to 
detect a virus in an encrypted file until its is unencrypted, which MS 
can't do.
> In either case, what would be the proper format to create a ruleset to
> allow HIPPA related password protected zip files?
>
>   

You have to determine that. I would suggest using the IP address and not 
a domain.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 25 18:02:07 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:01 2006
Subject: HIPPA password protected zip files
Message-ID: <mailman.16299.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ed Bruce wrote:

> Information Services wrote:
>
>> I can also set it to a path with a ruleset.  I would much rather set a
>> path instead of letting password protected zip files come through
>> unchecked.  From reading the MailScanner.conf file, and other posts,
>> it is not a wise idea to allow password protected zip files, but for
>> some clarity, even if you did allow these files, the antivirus
>> programs used in conjunction with mailscanner should still work
>> properly and notice virus related password protected zip's  right?
>>   
>
> No, if by password protected you mean encrypted. There is no way to 
> detect a virus in an encrypted file until its is unencrypted, which MS 
> can't do.

However, what it can do with password-protected zip files is read the 
filenames of the contents of the archive. This means that you can still 
do all the filename.rules.conf rules on the contents of 
password-protected zips. The protection is done on the files within the 
archive, not the archive itself.

>> In either case, what would be the proper format to create a ruleset to
>> allow HIPPA related password protected zip files?
>>
>>   
>
>
> You have to determine that. I would suggest using the IP address and 
> not a domain.

Definitely safer to use an IP address, the spammers can forge your 
domain name in an email address a whole lot easier than forging the IP 
address the message came from.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ15lHxH2WUcUFbZUEQINEACfW+s/BK8h2v5NAs5koDxF3IOSQS0An29i
vNQK1YxkVlnmEdsVoARnIkU7
=IibD
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Tue Oct 25 19:10:24 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:01 2006
Subject: Poll: New logo -- concepts
Message-ID: <mailman.16300.1137101461.24926.mailscanner@lists.mailscanner.info>

Drew Marshall <mailto:drew@THEMARSHALLS.CO.UK>
    on Monday, October 24, 2005 2:31 PM said:

> I feel a refreshing of the look is worthwhile but don't re-brand as
> you will run the risk of losing the following the current branding
> has. 

I agree, though I like the current (old) design just fine.

I think the current design is just as professional looking as the others
you've linked to so far.

However, I don't agree that the skewed logo on the book is worthy of
becoming the main look of the logo. The traight ahead standard version
is much more suitable as a logo in itself.


Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Tue Oct 25 19:53:18 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:01 2006
Subject: HIPPA password protected zip files
Message-ID: <mailman.16301.1137101461.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

To answer more specifically your HIPAA (I assume that is what you meant) 
question:

If you can set it up I would suggest you don't allow encrypted zip files 
but either use encrypted emails or setup a secure ftp server. Yes I know 
this is easier said then done. I face the same issue with trying to 
communicate with several hundred health providers and the nightmare of 
setting up, let alone teaching them all how to use encrypted email (we 
don't). I'm currently looking at PostX to provide encrypted emails, but 
I just don't trust the interface. Ok, I don't really understand their 
implementation. I haven't found a real technical description yet, mainly 
a bunch of market speak that doesn't give me the warm fuzzies.

I would prefer the two methods I recommend, but most health care 
providers just don't understand email encryption. Took me 2 months to 
set up just one with a major hospital with a professional IT department. 
They actually had to contract out the work to get one of their staff to 
communicate with us using encrypted emails. So I can see why the PostX 
solution will appeal to a lot of businesses that need to be HIPAA compliant.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Tue Oct 25 19:50:57 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16302.1137101461.24926.mailscanner@lists.mailscanner.info>

Hello,

I am (trying) to follow along with
http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass
assin:plugins:dcc:dccifd_install but I seem to have done something
wrong. Possibly downloaded the wrong package or what I don't know.

I downloaded dcc.tar.Z from www.dcc-servers.net/dcc/. I unpacked it and
ran ./configure, make, and make install ''. There was an error with make
install '' so I did just make install and that seemed to work.

When I ran ./configure I got the following message:

look for sendmail milter library in
./../sendmail/obj.Linux.2.6.9-11.EL.i686
        *** cannot build dccm without sendmail headers in ./../sendmail
                and libraries in
./../sendmail/obj.Linux.2.6.9-11.EL.i686 ***

I have no idea what this means so I went ahead (as indicated above) and
ran install and make install anyway since I thought maybe that message
was just a defualt message and not necessarily an error.

Then I turned on debugging for both MailScanner and Spamassassin and
restarted MailScanner but I never saw any messages regarding DCC.

In /etc/mail/spamassassin/init.pre I have the following line
uncommented:

loadplugin Mail::SpamAssassin::Plugin::DCC

In /etc/MailScanner/spam.assassin.prefs.conf I have the following:

dcc_path /usr/local/bin/dccproc

# To stop DCC checks, uncomment the following line
#  use_dcc              0

When I go to /usr/local/bin/ I see that cdcc and dccproc are white with
a red background. What does that mean?

MailScanner -V output:

Linux filter.swatgear.com 2.6.9-11.EL #1 Wed Jun 8 16:59:52 CDT 2005
i686 i686 i386 GNU/Linux
This is CentOS release 4.1 (Final)
This is Perl version 5.008005 (5.8.5)

This is MailScanner version 4.46.2
Module versions are:
1.00    AnyDBM_File
1.14    Archive::Zip
1.03    Carp
1.119   Convert::BinHex
1.00    DirHandle
1.05    Fcntl
2.73    File::Basename
2.08    File::Copy
2.01    FileHandle
1.06    File::Path
0.14    File::Temp
1.29    HTML::Entities
3.45    HTML::Parser
2.30    HTML::TokeParser
1.21    IO
1.10    IO::File
1.123   IO::Pipe
1.50    Mail::Header
3.05    MIME::Base64
5.417   MIME::Decoder
5.417   MIME::Decoder::UU
5.417   MIME::Head
5.417   MIME::Parser
3.03    MIME::QuotedPrint
5.417   MIME::Tools
0.10    Net::CIDR
1.08    POSIX
1.77    Socket
0.05    Sys::Syslog
1.02    Time::localtime

Optional module versions are:
0.17    Convert::TNEF
1.810   DB_File
1.08    Digest
1.01    Digest::HMAC
2.33    Digest::MD5
2.10    Digest::SHA1
0.44    Inline
0.17    Mail::ClamAV
3.001000        Mail::SpamAssassin
1.997   Mail::SPF::Query
0.15    Net::CIDR::Lite
0.48    Net::DNS
0.31    Net::LDAP
1.94    Parse::RecDescent
missing SAVI
1.2     Sys::Hostname::Long
2.42    Test::Harness
0.47    Test::Simple
1.95    Text::Balanced
1.35    URI


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Tue Oct 25 20:08:17 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16303.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> Hello,
> 
> I am (trying) to follow along with
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass
> assin:plugins:dcc:dccifd_install but I seem to have done something
> wrong. Possibly downloaded the wrong package or what I don't know.

It looks to me like you've tried to install the wrong package. Check the
archives - the correct link was supplied a couple of days ago

> 
> I downloaded dcc.tar.Z from www.dcc-servers.net/dcc/. I unpacked it and
> ran ./configure, make, and make install ''. There was an error with make
> install '' so I did just make install and that seemed to work.
> 
> When I ran ./configure I got the following message:
> 
> look for sendmail milter library in
> ./../sendmail/obj.Linux.2.6.9-11.EL.i686
>         *** cannot build dccm without sendmail headers in ./../sendmail
>                 and libraries in
> ./../sendmail/obj.Linux.2.6.9-11.EL.i686 ***

It's asking for the sendmail headers, which are part of the
sendmail-devel (or similar) package

> 
> I have no idea what this means so I went ahead (as indicated above) and
> ran install and make install anyway since I thought maybe that message
> was just a defualt message and not necessarily an error.

Read the error message :)

> 
> Then I turned on debugging for both MailScanner and Spamassassin and
> restarted MailScanner but I never saw any messages regarding DCC.

You won't as you don't have it installed properly

> 
> In /etc/mail/spamassassin/init.pre I have the following line
> uncommented:
> 
> loadplugin Mail::SpamAssassin::Plugin::DCC
> 
> In /etc/MailScanner/spam.assassin.prefs.conf I have the following:
> 
> dcc_path /usr/local/bin/dccproc
> 
> # To stop DCC checks, uncomment the following line
> #  use_dcc              0
> 
> When I go to /usr/local/bin/ I see that cdcc and dccproc are white with
> a red background. What does that mean?

That's just how your bash profile renders them

The Perl information is irrelevant as DCC doesn't use Perl

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From peter at UCGBOOK.COM  Tue Oct 25 20:18:34 2005
From: peter at UCGBOOK.COM (Peter Bonivart)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16304.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:
> When I ran ./configure I got the following message:
> 
> look for sendmail milter library in
> ./../sendmail/obj.Linux.2.6.9-11.EL.i686
>         *** cannot build dccm without sendmail headers in ./../sendmail
>                 and libraries in
> ./../sendmail/obj.Linux.2.6.9-11.EL.i686 ***
> 
> I have no idea what this means so I went ahead (as indicated above) and
> ran install and make install anyway since I thought maybe that message
> was just a defualt message and not necessarily an error.

You probably don't have milter enabled for Sendmail. You don't need it 
for what you want to do with DCC either so don't bother. Try ./configure 
--help if you want to learn more.

After make install, you can try cdcc help, cdcc info and dccproc. Also 
run spamassassin -D --lint and look for the part about DCC. It should 
say that dccproc was found.

-- 
/Peter Bonivart

--Unix lovers do it in the Sun

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Tue Oct 25 20:49:43 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16305.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

We only get about 2k-3k incoming email/day - but over the last 15 days 
no virii were detected. Normally we get around 2-3 infected emails/day. 
Anybody else seeing a lot fewer infected emails then normal? I just get 
a little worried when nothing is seen.

later,
Ed

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Tue Oct 25 20:52:32 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16306.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I got one yesterday, none so far today and none for the previous two days. Normally I see 1-2 a day. I used to see more, but when I 
added Greylisting most of them went away :)

Dennis

Ed Bruce wrote:
> We only get about 2k-3k incoming email/day - but over the last 15 days 
> no virii were detected. Normally we get around 2-3 infected emails/day. 
> Anybody else seeing a lot fewer infected emails then normal? I just get 
> a little worried when nothing is seen.
> 
> later,
> Ed
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Tue Oct 25 20:39:54 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16307.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "utf-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker writes: 

> Hello, 
> 
> I am (trying) to follow along with
> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass
> assin:plugins:dcc:dccifd_install but I seem to have done something
> wrong. Possibly downloaded the wrong package or what I don't know. 
> 
> I downloaded dcc.tar.Z from www.dcc-servers.net/dcc/. I unpacked it and
> ran ./configure, make, and make install ''. There was an error with make
> install '' so I did just make install and that seemed to work. 
> 

Try this:
wget http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccd.tar.Z
uncompress dcc-dccd.tar.Z
tar xf dcc-dccd.tar
cd dcc-dccd-1.x.x/ # the current version number
./configure --disable-dccm # since we don't need milter support
make
make install
vi /var/dcc/dcc_conf
#locate the line stating 'DCCIFD_ENABLE=off' and replace it with 
'DCCIFD_ENABLE=on'.
ln -s /var/dcc/libexec/rcDCC /etc/init.d/DCC
chkconfig --level 3 DCC on 

hope that helps,
 - dhawal 

**************** CAUTION - Disclaimer *****************
This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely
for the use of the addressee(s). If you are not the intended recipient, 
please
notify the sender by e-mail requesting deletion of the original message.
Further, you are not to copy, disclose, or distribute this e-mail or its
contents to any other person and any such actions are unlawful. NetMagic
Solutions Pvt. Ltd. has taken every reasonable precaution to minimize the 
risk
of virus infection & spam, but is not liable for any damage, you may sustain
as a result of any virus in this e-mail. You should carry out your own virus
checks before opening the e-mail or attachment. NetMagic Solutions Pvt. Ltd.
reserves the right to monitor and review the content of all messages sent to
or from this e-mail address. 

Messages sent to or from this e-mail address may be stored on the NetMagic
Solutions Pvt. Ltd.'s e-mail system.
***************** End of Disclaimer *******************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Tue Oct 25 20:59:12 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16308.1137101462.24926.mailscanner@lists.mailscanner.info>

I too have noticed low, but not non-zero, virus detection rates
from Sophos and Clam in the last week or two.  Clam is more
useful for phishing than anything else.  I've wondered about this
trend.

Jeff Earickson
Colby College

On Tue, 25 Oct 2005, Dennis Willson wrote:

> Date: Tue, 25 Oct 2005 12:52:32 -0700
> From: Dennis Willson <taz@TAZ-MANIA.COM>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Virii detection very low
> 
> I got one yesterday, none so far today and none for the previous two days. 
> Normally I see 1-2 a day. I used to see more, but when I added Greylisting 
> most of them went away :)
>
> Dennis
>
> Ed Bruce wrote:
>> We only get about 2k-3k incoming email/day - but over the last 15 days no 
>> virii were detected. Normally we get around 2-3 infected emails/day. 
>> Anybody else seeing a lot fewer infected emails then normal? I just get a 
>> little worried when nothing is seen.
>> 
>> later,
>> Ed
>> 
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>> 
>> Support MailScanner development - buy the book off the website!
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Tue Oct 25 21:05:31 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16309.1137101462.24926.mailscanner@lists.mailscanner.info>

Dhawal Doshy <mailto:dhawal@NETMAGICSOLUTIONS.COM>
    on Tuesday, October 25, 2005 12:40 PM said:

> Try this:
[snip]

Actually, now that I've restarted MS for a second time I am seeing
DCC_CHECK 2.17 in the logs. Is this all I should be seeing and is 2.17
the highest score DCC generates by defualt? In other words, does it
either simply generate a score of 0 or 2.17?


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KGoods at AIAINSURANCE.COM  Tue Oct 25 21:11:52 2005
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16310.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Bruce wrote:
> We only get about 2k-3k incoming email/day - but over the last 15 days
> no virii were detected. Normally we get around 2-3 infected
> emails/day. Anybody else seeing a lot fewer infected emails then
> normal? I just get a little worried when nothing is seen.
> 
> later,
> Ed
> 

Funny... I was just getting ready to post a message exactly like this. We
too process 2-5k messages per day and I haven't seen a virus since I
upgraded MailScanner a week ago Friday. I received 14 the day before the
upgrade. Thought something went wrong with the upgrade so I used GFI to send
myself the virus laden test emails and they were caught (and I was notified)
perfectly. But still, I went from an average of 7 per day to zero! A little
concerning.... Then again, I have the luxury of being able to block several
countries at the firewall and that cut them to about 10% of what I was
seeing before. 

Still keeping a close watch though... seems a little to coincidental.

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 25 21:14:28 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16311.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Well, they must all be coming to us instead. Noticeably higher detection 
rate over the past week than the 3 weeks before it.

Jeff A. Earickson wrote:

> I too have noticed low, but not non-zero, virus detection rates
> from Sophos and Clam in the last week or two.  Clam is more
> useful for phishing than anything else.  I've wondered about this
> trend.
>
> Jeff Earickson
> Colby College
>
> On Tue, 25 Oct 2005, Dennis Willson wrote:
>
>> Date: Tue, 25 Oct 2005 12:52:32 -0700
>> From: Dennis Willson <taz@TAZ-MANIA.COM>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: Re: Virii detection very low
>>
>> I got one yesterday, none so far today and none for the previous two 
>> days. Normally I see 1-2 a day. I used to see more, but when I added 
>> Greylisting most of them went away :)
>>
>> Dennis
>>
>> Ed Bruce wrote:
>>
>>> We only get about 2k-3k incoming email/day - but over the last 15 
>>> days no virii were detected. Normally we get around 2-3 infected 
>>> emails/day. Anybody else seeing a lot fewer infected emails then 
>>> normal? I just get a little worried when nothing is seen.
>>>
>>> later,
>>> Ed
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ16SJRH2WUcUFbZUEQLR6gCgy/PZxQ2ffTK0jVRovwlXFmI/btYAnRPg
QcNS8RLj0XPp3ATar3NT/dxI
=vZGv
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 25 21:28:16 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:02 2006
Subject: HIPPA password protected zip files
Message-ID: <mailman.16312.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 25/10/05, Ed Bruce <ebruce@hpmich.com> wrote:
> Information Services wrote:
> > I can also set it to a path with a ruleset.  I would much rather set a
> > path instead of letting password protected zip files come through
> > unchecked.  From reading the MailScanner.conf file, and other posts,
> > it is not a wise idea to allow password protected zip files, but for
> > some clarity, even if you did allow these files, the antivirus
> > programs used in conjunction with mailscanner should still work
> > properly and notice virus related password protected zip's  right?
> >
> No, if by password protected you mean encrypted. There is no way to
> detect a virus in an encrypted file until its is unencrypted, which MS
> can't do.

To add some clarification (or confusion, depending on how you look at
it:), some AVs might have signatures for specific files, even though
they don't really decode the files.... But, the main benefit of saying
"No" to password protected archives is that this is a "proactive
defense" s where the AV programs mainly are "reactive defenses"....
The AV signature makers need see the malicious code to be able to make
signatures for them (yeah, I'm aware of the "new" buzz about heuristic
scans and sandboxing... won't come into play with a pwd protected
archive), while saying no will deny any threat posed by allowing it...
But if you need allow, then yes, do make a ruleset and keep the
allowed set small (and "numeric";).

> > In either case, what would be the proper format to create a ruleset to
> > allow HIPPA related password protected zip files?
> >
> >
>
> You have to determine that. I would suggest using the IP address and not
> a domain.
>
There are some examples in the install, and in the wiki
(http://wiki.mailscanner.info/doku.php?id=&idx=documentation:configuration:rulesets)...
And why not take this as a reason to buy the book?-):-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Tue Oct 25 21:45:58 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16313.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 25/10/05, Ken Goods <KGoods@aiainsurance.com> wrote:
> Ed Bruce wrote:
> > We only get about 2k-3k incoming email/day - but over the last 15 days
> > no virii were detected. Normally we get around 2-3 infected
> > emails/day. Anybody else seeing a lot fewer infected emails then
> > normal? I just get a little worried when nothing is seen.
> >
> > later,
> > Ed
> >
>
> Funny... I was just getting ready to post a message exactly like this. We
> too process 2-5k messages per day and I haven't seen a virus since I
> upgraded MailScanner a week ago Friday. I received 14 the day before the
> upgrade. Thought something went wrong with the upgrade so I used GFI to send
> myself the virus laden test emails and they were caught (and I was notified)
> perfectly. But still, I went from an average of 7 per day to zero! A little
> concerning.... Then again, I have the luxury of being able to block several
> countries at the firewall and that cut them to about 10% of what I was
> seeing before.
>
> Still keeping a close watch though... seems a little to coincidental.
>
> Ken Goods
> Network Administrator
> AIA/CropUSA Insurance, Inc.
>

About the same load, and pretty much only see some stray Mytobs (short
bursts of 2-10 evrey third day or so)... And clam catching the normal
2-5 phishes/day. You do run clamav?

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Tue Oct 25 21:58:32 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: HIPPA password protected zip files
Message-ID: <mailman.16314.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glenn Steen wrote:

>
>To add some clarification (or confusion, depending on how you look at
>it:), some AVs might have signatures for specific files, even though
>they don't really decode the files.... But, the main benefit of saying
>"No" to password protected archives is that this is a "proactive
>defense" s where the AV programs mainly are "reactive defenses"....
>The AV signature makers need see the malicious code to be able to make
>signatures for them (yeah, I'm aware of the "new" buzz about heuristic
>scans and sandboxing... won't come into play with a pwd protected
>archive), while saying no will deny any threat posed by allowing it...
>But if you need allow, then yes, do make a ruleset and keep the
>allowed set small (and "numeric";).
>  
>
As most of you probably realise, I am very strongly in favour of 
pro-active protection. It's one of the main differences between 
MailScanner and most of the competition, multiple layers of pro-active 
defence, meaning that it doesn't matter if your AV signatures are a 
little behind while the AV vendors work out their new detection patterns.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ16cfBH2WUcUFbZUEQIDFwCgp5pMsPImx5Q+Dwih0Z/6LjI+0tcAniXx
u5hbeLaZW8jpefnAjs/4oqJ/
=1Bdk
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct 25 22:00:59 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16315.1137101462.24926.mailscanner@lists.mailscanner.info>

On 25 Oct 2005, at 21:45, Glenn Steen wrote:

> On 25/10/05, Ken Goods <KGoods@aiainsurance.com> wrote:
>
>> Ed Bruce wrote:
>>
>>> We only get about 2k-3k incoming email/day - but over the last 15  
>>> days
>>> no virii were detected. Normally we get around 2-3 infected
>>> emails/day. Anybody else seeing a lot fewer infected emails then
>>> normal? I just get a little worried when nothing is seen.
>>>
>>> later,
>>> Ed
>>>
>>>
>>
>> Funny... I was just getting ready to post a message exactly like  
>> this. We
>> too process 2-5k messages per day and I haven't seen a virus since I
>> upgraded MailScanner a week ago Friday. I received 14 the day  
>> before the
>> upgrade. Thought something went wrong with the upgrade so I used  
>> GFI to send
>> myself the virus laden test emails and they were caught (and I was  
>> notified)
>> perfectly. But still, I went from an average of 7 per day to zero!  
>> A little
>> concerning.... Then again, I have the luxury of being able to  
>> block several
>> countries at the firewall and that cut them to about 10% of what I  
>> was
>> seeing before.
>>
>> Still keeping a close watch though... seems a little to coincidental.
>>
>> Ken Goods
>> Network Administrator
>> AIA/CropUSA Insurance, Inc.
>>
>>
>
> About the same load, and pretty much only see some stray Mytobs (short
> bursts of 2-10 evrey third day or so)... And clam catching the normal
> 2-5 phishes/day. You do run clamav?

Lull before the storm? It's been quiet on the list for ages now. I  
can't believe the virus writers have given up.

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike.patchen at GMAIL.COM  Tue Oct 25 22:14:26 2005
From: mike.patchen at GMAIL.COM (Mike Patchen)
Date: Thu Jan 12 21:31:02 2006
Subject: Messages not getting scanned (still)
Message-ID: <mailman.16316.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Good day.

I am still battling this little problem, but finally have something to
go on.  It appears that the only time messages are sneeking by is when
there is at least one defered message in the queue.  I have reviewed
log files from several (about a dozen) messages that got past
unscanned, and each one has a defered messages after it with the same
sendmail PID of the message that was let go.  Attached is a log
snippit showing what I mean.  Anyone have any clue where I should go
from here? (please, please, please)

Oct 24 14:34:40 mail sendmail[9133]: j9OJYecB009133:
from=<Gaylin@evmarketing002s.net>, size=3169, class=0, nrcpts=1,
msgid=<20051024193641.BFB712BC507@email.chaska.net>, proto=ESMTP,
daemon=MTA, relay=email.chaska.net [x.x.x.x]
Oct 24 14:34:40 mail sendmail[9133]: j9OJYecB009133:
to=<user@domain.com>, delay=00:00:00, mailer=smtp, pri=33169,
stat=queued
Oct 24 14:34:41 mail sendmail[9134]: j9OJYecB009133:
to=<user@domain.com>, delay=00:00:01, xdelay=00:00:00, mailer=smtp,
pri=123169, relay=[x.x.x.x] [x.x.x.x], dsn=2.0.0, stat=Sent (Requested
mail action okay, completed)
Oct 24 14:34:41 mail sendmail[9134]: j9OIBgvF031340:
to=<603-16157978-1-13-12-48684mpxas@chipblank.com>, delay=01:22:59,
xdelay=00:00:00, mailer=esmtp, pri=3093324, relay=chipblank.com.
[209.51.220.26], dsn=4.0.0, stat=Deferred: Connection reset by
chipblank.com.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From KGoods at AIAINSURANCE.COM  Tue Oct 25 22:12:46 2005
From: KGoods at AIAINSURANCE.COM (Ken Goods)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16317.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Glenn Steen wrote:
> On 25/10/05, Ken Goods <KGoods@aiainsurance.com> wrote:
>> Ed Bruce wrote:
>>> We only get about 2k-3k incoming email/day - but over the last 15
>>> days no virii were detected. Normally we get around 2-3 infected
>>> emails/day. Anybody else seeing a lot fewer infected emails then
>>> normal? I just get a little worried when nothing is seen.
>>> 
>>> later,
>>> Ed
>>> 
>> 
>> Funny... I was just getting ready to post a message exactly like
>> this. We too process 2-5k messages per day and I haven't seen a
>> virus since I upgraded MailScanner a week ago Friday. I received 14
>> the day before the upgrade. Thought something went wrong with the
>> upgrade so I used GFI to send myself the virus laden test emails and
>> they were caught (and I was notified) perfectly. But still, I went
>> from an average of 7 per day to zero! A little concerning.... Then
>> again, I have the luxury of being able to block several countries at
>> the firewall and that cut them to about 10% of what I was seeing
>> before.  
>> 
>> Still keeping a close watch though... seems a little to coincidental.
>> 
>> Ken Goods
>> Network Administrator
>> AIA/CropUSA Insurance, Inc.
>> 
> 
> About the same load, and pretty much only see some stray Mytobs (short
> bursts of 2-10 evrey third day or so)... And clam catching the normal
> 2-5 phishes/day. You do run clamav?

Yes, MailScanner/Spamassassin/ClamAV. All upgraded Friday before last. Hence
the strange coincidence.... maillog looks fine stating that virus scanning
is happening and like I said, the GFI email virus tests were all caught
correctly... strange. But now that I think about it I'm not getting the
normal amount of bad filetype/content/phish notification messages from
MailScanner nor any Phish notification messages from Clam (via MailScanner).
But they are getting caught as I just received a phish that MailScanner
caught and modified the message (with no postmaster notification). So it
looks like I'm just not getting the notifications like I did before. Also
mailScanner-MRTG is not reporting any viruses....

I did look through the notification section of MailScanner.conf and nothing
has changed that I could see. (ran upgrade_MailScanner_conf after the
upgrade)

hummm.... back to Sherlock Holmes mode..... 

Ken Goods
Network Administrator
AIA/CropUSA Insurance, Inc.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Tue Oct 25 22:14:30 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16318.1137101462.24926.mailscanner@lists.mailscanner.info>

On Tue, 25 Oct 2005, Drew Marshall wrote:

>
> Lull before the storm? It's been quiet on the list for ages now. I can't 
> believe the virus writers have given up.
>
> Drew

Drew,
    Not true.  We have been getting our butts kicked in the last week
by Windoze boxes infected with Mytob variants that quickly morph into
spambots.  Some spambots go directly out to the Internet, and some route 
email via our mail server.  Our legit mail server ended up in Spamcop 
this morning.  Ouch.  The IPBlock feature of MailScanner has been some 
help here but it isn't pretty.  The virus writers have an unholy alliance 
with the spammers now.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raylund.lai at KANKANWOO.COM  Tue Oct 25 22:29:01 2005
From: raylund.lai at KANKANWOO.COM (Raylund Lai)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16319.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I think some major isp are doing their homework that they block port 25 
now.  At least it's true for Canadian isp Rogers.

Cheers
Raylund

Ed Bruce wrote:
> We only get about 2k-3k incoming email/day - but over the last 15 days 
> no virii were detected. Normally we get around 2-3 infected 
> emails/day. Anybody else seeing a lot fewer infected emails then 
> normal? I just get a little worried when nothing is seen.
>
> later,
> Ed
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Tue Oct 25 22:30:59 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16320.1137101462.24926.mailscanner@lists.mailscanner.info>

On 25 Oct 2005, at 22:14, Jeff A. Earickson wrote:

> On Tue, 25 Oct 2005, Drew Marshall wrote:
>
>
>>
>> Lull before the storm? It's been quiet on the list for ages now. I  
>> can't believe the virus writers have given up.
>>
>> Drew
>>
>
> Drew,
>    Not true.  We have been getting our butts kicked in the last week
> by Windoze boxes infected with Mytob variants that quickly morph into
> spambots.  Some spambots go directly out to the Internet, and some  
> route email via our mail server.  Our legit mail server ended up in  
> Spamcop this morning.  Ouch.  The IPBlock feature of MailScanner  
> has been some help here but it isn't pretty.  The virus writers  
> have an unholy alliance with the spammers now.
>
> Jeff Earickson
> Colby College

Jeff

Ouch, not nice. Looks like I am one of the lucky few. i don't have  
huge numbers of messages but I would expect 1-2% used to be viruses  
and currently I haven't seen a virus for a good couple of days.  
Doesn't stop the Spam (Which is still being eaten my MS/ SA) which is  
at it's normal levels.

Do/ (Did!) you have a rule set not spam scanning internal clients? I  
guess if you have a load of spambot infected boxes from Mr Gates you  
have to scan for spam in both directions but the internal stuff must  
be a nightmare :-(

Drew

-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From max at KIPNESS.COM  Tue Oct 25 22:35:32 2005
From: max at KIPNESS.COM (Max Kipness)
Date: Thu Jan 12 21:31:02 2006
Subject: Problem with Ignore Whitelist
Message-ID: <mailman.16321.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi,

I'm having an issue with a someone who has their email hosted on the
server that is running MailScanner.

She is using Outlook to connect via POP/SMTP to a Sendmail system.
However, for some reason her SBC DSL IP is on the dsbl.org list (it seems
there are many SBC IPs on this list.

The problem is that she is trying to mail to all 250 of her clients and
keeps getting blocked.

I have the Ignore Whitelist... setting at the default of 20, yet I have a
rule called spam.scanning.rules that has the both her domain and IP block
listed:

To:   write***.us yes
From: write***.us no
From: 68.94.      no #SBC Block

FromTo: default no

However, I keep getting this in the logs when she tries to send out this
email:

Oct 25 14:16:31 *** sendmail[24582]: j9PJFnmv024582:
from=<***@write***.us>, size=86684, class=0, nrcpts=251,
msgid=<000601c5d998$99b0bbc0$210110ac@PAUL7U9KBH7L1D>, proto=ESMTP,
daemon=MTA, relay=adsl-xx-xx-xx-xx.dsl.rcsntx.swbell.net [xx.xx.xx.xx]
Oct 25 14:16:39 xxx MailScanner[3174]: Message j9PJFnmv024582 from
xx.xx.xx.xx (xxx@write***.us) ignored whitelist, had 251 recipients (>20)
Oct 25 14:16:42 xxx MailScanner[3174]: RBL checks: j9PJFnmv024582 found in
dsbl.org
Oct 25 14:16:43 xxx MailScanner[3174]: Message j9PJFnmv024582 from
xx.xxx.xx.xx (xxx@writexxx.us) to
earthlink.net,wmconnect.com,us.ibm.com,msn.com,biomechanicsplus.com...(long
list of domains...)
Oct 25 14:16:43 xxx MailScanner[3174]: Spam Actions: message
j9PJFnmv024582 actions are store

What am I doing wrong? I may have to put the Ignore Whitelist rule at 10k
temporarily and risk the inbound spam for now.

Is there another solution?

Thanks,
Max

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Tue Oct 25 22:46:16 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:02 2006
Subject: Problem with Ignore Whitelist
Message-ID: <mailman.16322.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

There's a setting in the MailScanner.conf called:
Spam List =

This can be a ruleset. You may want to try and make a ruleset and have no RBL for this user.
Can they send when they only have one user?

At 250 recipients, they should probably be using a real eMail list. I believe most email hosting services won't allow this many 
addresses at once from a workstation or standard client program, I know I don't.

Max Kipness wrote:
> Hi,
> 
> I'm having an issue with a someone who has their email hosted on the
> server that is running MailScanner.
> 
> She is using Outlook to connect via POP/SMTP to a Sendmail system.
> However, for some reason her SBC DSL IP is on the dsbl.org list (it seems
> there are many SBC IPs on this list.
> 
> The problem is that she is trying to mail to all 250 of her clients and
> keeps getting blocked.
> 
> I have the Ignore Whitelist... setting at the default of 20, yet I have a
> rule called spam.scanning.rules that has the both her domain and IP block
> listed:
> 
> To:   write***.us yes
> From: write***.us no
> From: 68.94.      no #SBC Block
> 
> FromTo: default no
> 
> However, I keep getting this in the logs when she tries to send out this
> email:
> 
> Oct 25 14:16:31 *** sendmail[24582]: j9PJFnmv024582:
> from=<***@write***.us>, size=86684, class=0, nrcpts=251,
> msgid=<000601c5d998$99b0bbc0$210110ac@PAUL7U9KBH7L1D>, proto=ESMTP,
> daemon=MTA, relay=adsl-xx-xx-xx-xx.dsl.rcsntx.swbell.net [xx.xx.xx.xx]
> Oct 25 14:16:39 xxx MailScanner[3174]: Message j9PJFnmv024582 from
> xx.xx.xx.xx (xxx@write***.us) ignored whitelist, had 251 recipients (>20)
> Oct 25 14:16:42 xxx MailScanner[3174]: RBL checks: j9PJFnmv024582 found in
> dsbl.org
> Oct 25 14:16:43 xxx MailScanner[3174]: Message j9PJFnmv024582 from
> xx.xxx.xx.xx (xxx@writexxx.us) to
> earthlink.net,wmconnect.com,us.ibm.com,msn.com,biomechanicsplus.com...(long
> list of domains...)
> Oct 25 14:16:43 xxx MailScanner[3174]: Spam Actions: message
> j9PJFnmv024582 actions are store
> 
> What am I doing wrong? I may have to put the Ignore Whitelist rule at 10k
> temporarily and risk the inbound spam for now.
> 
> Is there another solution?
> 
> Thanks,
> Max
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Wed Oct 26 00:47:04 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:02 2006
Subject: Maximum Attachment Per Message question
Message-ID: <mailman.16323.1137101462.24926.mailscanner@lists.mailscanner.info>

Hello,

If my server is not setup to respond automatically to any kind of
spam/virus/etc. is there still a danger for my mail server being
overloaded with automatic responses? (e.g. The kind of responses that
the Maximum Attachment Per Message setting is supposed to stop.)

Are there any kind of viruses or other malicious email that have a high
number of attachments? So far the only thing that is tripping that rule
is people sending tons of picture attachments to friends.

Can I safely set it to something high like 100?



Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Wed Oct 26 01:09:59 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:02 2006
Subject: Bypassing Bad Content filter for one user: foundscript
Message-ID: <mailman.16324.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

> On 25 Oct 2005, at 03:18, J.F. Charland wrote:
>
>> On 10/24/05, Dennis Willson <taz@taz-mania.com> wrote:
>>
>>> I believe you want to make a ruleset for:
>>> Dangerous Content Scanning =
>>>
>>> Or maybe multiple rulesets in the section labeled:
>>> #
>>> # Removing/Logging dangerous or potentially offensive content
>>> # -----------------------------------------------------------
>>> #
>>>
>>> I have gotten to the point where I tell the users it's part of the  
>>> anti-virus and can't be controlled per user or per domain (even
>>> though it can) just because even the users that say "I know enough  
>>> to know what not to do with bad content" really don't (In fact
>>> these are the most dangerous users that will mess themselves up  and 
>>> I will get the support call for). They grumble a bit, but since
>>> it's part of the anti-virus they'll live with it.
>>>
>>> You can also create whitelists for specific senders and/or  
>>> receivers and with MailWatch they (the users) can do that themselves.
>>>
>>> Dennis
>>>
>>>
>>>
>>>
>>> J.F. Charland wrote:
>>>
>>>> Hi
>>>>
>>>> How does one bypass the bad content filters for a particular  
>>>> sender or
>>>> recipient for warnings such as "foundscript"?  I can't seem to find
>>>> out where I can create a ruleset for this in MailScanner.conf.
>>>>
>>>> Can someone point me to a resource or briefly describe the  procedure?
>>>> I promise don't need hand-holding, just a pointer.  :)
>>>>
>>>> Thanks,
>>>> JF
>>>>
>>>
>>>
>>
>>
>>
>> Puzzled, I wanted to see if there was such actually such a paramater
>> as "Dangerous Content Scanning =" by doing a   man MailScanner.conf
>>
>> There isn't.  :-)  But I DID find the "Allow Script Tags" parameter so
>> I would try something like:
>>    Allow Script Tags = %rules-dir%/allow.script.tags
>>
>>  I would put the following in the rules file:
>>
>>    FromOrTo:       default         no
>>    To:             scripts.galore@mailbox-at-risk.com      yes
>>
> Don't trust the man page for that, it's a bit behind. Look in the  
> MailScanner.conf and you will find it if it is implemented in your  
> version.
>
True, and remember rulesets must end in ".rules", not ".tags"...

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at GMAIL.COM  Wed Oct 26 01:24:23 2005
From: lbcadmin at GMAIL.COM (Information Services)
Date: Thu Jan 12 21:31:02 2006
Subject: HIPPA password protected zip files
Message-ID: <mailman.16325.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks for everyones help....and as much as I would prefer to deny all
pwd protected zip files, I can see I will have no choice but to modify
the security of the email server to the needs of certain people in the
company....I love doing that.

Ed, thanks for correcting me on HIPAA, and thanks for presenting the
paths you took to give users what they need.

As far as the book, I would love to buy it...but I will have to get
the Senior Sys Admin to go for it.

Julian, since we started using your software, we have had a major
decrease in spam, and viruses.  Thanks for all you do.

Casey

On 10/25/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Glenn Steen wrote:
>
> >
> >To add some clarification (or confusion, depending on how you look at
> >it:), some AVs might have signatures for specific files, even though
> >they don't really decode the files.... But, the main benefit of saying
> >"No" to password protected archives is that this is a "proactive
> >defense" s where the AV programs mainly are "reactive defenses"....
> >The AV signature makers need see the malicious code to be able to make
> >signatures for them (yeah, I'm aware of the "new" buzz about heuristic
> >scans and sandboxing... won't come into play with a pwd protected
> >archive), while saying no will deny any threat posed by allowing it...
> >But if you need allow, then yes, do make a ruleset and keep the
> >allowed set small (and "numeric";).
> >
> >
> As most of you probably realise, I am very strongly in favour of
> pro-active protection. It's one of the main differences between
> MailScanner and most of the competition, multiple layers of pro-active
> defence, meaning that it doesn't matter if your AV signatures are a
> little behind while the AV vendors work out their new detection patterns.
>
> - --
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
>
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
>
> iQA/AwUBQ16cfBH2WUcUFbZUEQIDFwCgp5pMsPImx5Q+Dwih0Z/6LjI+0tcAniXx
> u5hbeLaZW8jpefnAjs/4oqJ/
> =1Bdk
> -----END PGP SIGNATURE-----
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Wed Oct 26 03:23:49 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16326.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "UTF-8" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dhawal Doshy wrote:
> Chris W. Parker writes:
>> Hello,
>> I am (trying) to follow along with
>> http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamass
>> assin:plugins:dcc:dccifd_install but I seem to have done something
>> wrong. Possibly downloaded the wrong package or what I don't know.
>> I downloaded dcc.tar.Z from www.dcc-servers.net/dcc/. I unpacked it and
>> ran ./configure, make, and make install ''. There was an error with make
>> install '' so I did just make install and that seemed to work.
> 
> Try this:
> wget http://www.rhyolite.com/anti-spam/dcc/source/dcc-dccd.tar.Z
> uncompress dcc-dccd.tar.Z
> tar xf dcc-dccd.tar
> cd dcc-dccd-1.x.x/ # the current version number
> ./configure --disable-dccm # since we don't need milter support
> make
> make install
> vi /var/dcc/dcc_conf
> #locate the line stating 'DCCIFD_ENABLE=off' and replace it with 
> 'DCCIFD_ENABLE=on'.
> ln -s /var/dcc/libexec/rcDCC /etc/init.d/DCC
> chkconfig --level 3 DCC on
> hope that helps,

Basically, the solution to your problem lies in the 'disable-dccm' 
parameter to ./configure.

Note: You probably forgot something dhawal.  You must define the 
dcc_home in /etc/MailScanner/spam.assassin.prefs.conf.

dcc_home /var/dcc

Then test spamassassin.

See 
http://wiki.mailscanner.info/doku.php?id=documentation:anti_spam:spamassassin:plugins:dcc:dccifd_install

> - dhawal
> **************** CAUTION - Disclaimer *****************
> This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended 
> solely
> for the use of the addressee(s). If you are not the intended recipient, 
> please
> notify the sender by e-mail requesting deletion of the original message.
> Further, you are not to copy, disclose, or distribute this e-mail or its
> contents to any other person and any such actions are unlawful. NetMagic
> Solutions Pvt. Ltd. has taken every reasonable precaution to minimize 
> the risk
> of virus infection & spam, but is not liable for any damage, you may 
> sustain
> as a result of any virus in this e-mail. You should carry out your own 
> virus
> checks before opening the e-mail or attachment. NetMagic Solutions Pvt. 
> Ltd.
> reserves the right to monitor and review the content of all messages 
> sent to
> or from this e-mail address.
> Messages sent to or from this e-mail address may be stored on the NetMagic
> Solutions Pvt. Ltd.'s e-mail system.
> ***************** End of Disclaimer *******************
> 



-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Wed Oct 26 09:28:27 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight Solutions)
Date: Thu Jan 12 21:31:02 2006
Subject: OT: Australian Server Providers
Message-ID: <mailman.16327.1137101462.24926.mailscanner@lists.mailscanner.info>

Hi all

Way off topic ...

Can anyone recommend a dedicated server provider in Australia? (Servers must
be physically in Australia)

Please contact me offlist

TIA

Michele


Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Wed Oct 26 13:56:00 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16328.1137101462.24926.mailscanner@lists.mailscanner.info>

On Tue, 25 Oct 2005, Drew Marshall wrote:

>>> 
>>> Lull before the storm? It's been quiet on the list for ages now. I can't 
>>> believe the virus writers have given up.
>>> 
>>> Drew
>>> 
>> 
>> Drew,
>>   Not true.  We have been getting our butts kicked in the last week
>> by Windoze boxes infected with Mytob variants that quickly morph into
>> spambots.  Some spambots go directly out to the Internet, and some route 
>> email via our mail server.  Our legit mail server ended up in Spamcop this 
>> morning.  Ouch.  The IPBlock feature of MailScanner has been some help here 
>> but it isn't pretty.  The virus writers have an unholy alliance with the 
>> spammers now.
>> 
>> Jeff Earickson
>> Colby College
>
> Jeff
>
> Ouch, not nice. Looks like I am one of the lucky few. i don't have huge 
> numbers of messages but I would expect 1-2% used to be viruses and currently 
> I haven't seen a virus for a good couple of days. Doesn't stop the Spam 
> (Which is still being eaten my MS/ SA) which is at it's normal levels.
>
> Do/ (Did!) you have a rule set not spam scanning internal clients? I guess if 
> you have a load of spambot infected boxes from Mr Gates you have to scan for 
> spam in both directions but the internal stuff must be a nightmare :-(

I always have.  The only thing that is trusted is 127.0.0.1 on the mail 
server itself.  The IPBlock feature of MS has been a help.

Jeff

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Oct 26 14:39:41 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16329.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Chris W. Parker wrote:

>Dhawal Doshy <mailto:dhawal@NETMAGICSOLUTIONS.COM>
>    on Tuesday, October 25, 2005 12:40 PM said:
>
>  
>
>>Try this:
>>    
>>
>[snip]
>
>Actually, now that I've restarted MS for a second time I am seeing
>DCC_CHECK 2.17 in the logs. Is this all I should be seeing and is 2.17
>the highest score DCC generates by defualt? In other words, does it
>either simply generate a score of 0 or 2.17?
>
>  
>

Chris,

I found this line in /usr/share/spamassassin/50_scores.cf:
score DCC_CHECK 0 1.37 0 2.17

It means DCC will only score 0 1.37 or 2.17 depending on your SA 
config.  With Bayes on, the score will be 2.17.

If you believe it should be higher, just add the following line to 
spam.assassin.prefs.conf and reload MS:
score DCC_CHECK new_score

The following comes from man Mail::SpamAssassin::Conf :
  If only one valid score is listed, then that score is always used for 
a test.

  If four valid scores are listed, then the score that is used depends 
on how SpamAssassin is being used. The first score is used when both 
Bayes and network tests are disabled (score set 0). The second score is 
used when Bayes is disabled, but network tests are enabled (score set 
1). The third score is used when Bayes is enabled and network tests are 
disabled (score set 2). The fourth score is used when Bayes is enabled 
and network tests are enabled (score set 3).

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 26 15:25:56 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16330.1137101462.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 26 Oct 2005, at 13:56, Jeff A. Earickson wrote:

> On Tue, 25 Oct 2005, Drew Marshall wrote:
>
>
>>>> Lull before the storm? It's been quiet on the list for ages now.  
>>>> I can't believe the virus writers have given up.
>>>> Drew
>>>>
>>> Drew,
>>>   Not true.  We have been getting our butts kicked in the last week
>>> by Windoze boxes infected with Mytob variants that quickly morph  
>>> into
>>> spambots.  Some spambots go directly out to the Internet, and  
>>> some route email via our mail server.  Our legit mail server  
>>> ended up in Spamcop this morning.  Ouch.  The IPBlock feature of  
>>> MailScanner has been some help here but it isn't pretty.  The  
>>> virus writers have an unholy alliance with the spammers now.
>>> Jeff Earickson
>>> Colby College
>>>
>>
>> Jeff
>>
>> Ouch, not nice. Looks like I am one of the lucky few. i don't have  
>> huge numbers of messages but I would expect 1-2% used to be  
>> viruses and currently I haven't seen a virus for a good couple of  
>> days. Doesn't stop the Spam (Which is still being eaten my MS/ SA)  
>> which is at it's normal levels.
>>
>> Do/ (Did!) you have a rule set not spam scanning internal clients?  
>> I guess if you have a load of spambot infected boxes from Mr Gates  
>> you have to scan for spam in both directions but the internal  
>> stuff must be a nightmare :-(
>>
>
> I always have.  The only thing that is trusted is 127.0.0.1 on the  
> mail server itself.  The IPBlock feature of MS has been a help.

Glad to hear that IPBlock is useful to some people. I wasn't sure it  
would actually help much.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ1+R9/w32o+k+q+hAQF3nAf+IByt9OqlMOJAwRLItwEsMywykLsRXnEw
gle5IsmcBAq2ASl9LLlStQBOlAbfd7a7FXFHfRcl5c7zJhYAesFQ32I1xn5HxJn1
QmD05Fc5cn4QN6kRAX+s57cSQA9iBio2Z4WWrxQ/xuUkvT8P6wrtI2OTAp2Ma/XO
tGM8aAVVKnhcU00DitRRsvJ3L48GPpsyLHUfwdmvLgEi3T2Gm+6x5MAiqNi7Enyf
onT2tdInsRkYBiy6WiDX0uR7Il84b5Fj0/CsruhTRuGGSImXRs1KI6tcd1FCvI3d
AgTEgb6fLu2ZDWJjhnv4nfga+hp8pBDC8QpThy7cbSi1wGVEgEqCLw==
=VJoS
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Oct 26 15:45:52 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16331.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>On 26 Oct 2005, at 13:56, Jeff A. Earickson wrote:
>
>  
>
>>On Tue, 25 Oct 2005, Drew Marshall wrote:
>>
>>I always have.  The only thing that is trusted is 127.0.0.1 on the  
>>mail server itself.  The IPBlock feature of MS has been a help.
>>    
>>
>
>Glad to hear that IPBlock is useful to some people. I wasn't sure it  
>would actually help much.
>  
>

Julian,

It is really helpful here!  Please don't remove it from future releases.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Wed Oct 26 16:45:39 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:02 2006
Subject: DCC install not going well
Message-ID: <mailman.16332.1137101462.24926.mailscanner@lists.mailscanner.info>

Denis Beauchemin <mailto:Denis.Beauchemin@USHERBROOKE.CA>
    on Wednesday, October 26, 2005 6:40 AM said:

> I found this line in /usr/share/spamassassin/50_scores.cf:
> score DCC_CHECK 0 1.37 0 2.17
> 
> It means DCC will only score 0 1.37 or 2.17 depending on your SA
> config.  With Bayes on, the score will be 2.17.
[snip]

Thanks Denis!


Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Wed Oct 26 17:41:43 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:02 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16333.1137101462.24926.mailscanner@lists.mailscanner.info>

Julian,

I spoke too soon about IPBlock.  We got slammed by one IP
number last night and no blocks.  If IPBlock had worked right,
one poor slob would not have gotten 2500 "Lender of last Resort"
messages from a mailing list run amok.  I've stared at my crontabs,
checked my IPBlock.conf file, looked at the IPBlock code
in lib/MailScanner (and uncommented the logfile stuff there).
I find zilch in IPBlock.log after I turned it on.  I also get
zero info out of a debug run.   How to debug this?

My setup: Solaris 9, 4.46.2, sendmail 8.13.5.

Also, could the final "Delivered" message have a timer on it?
Instead of

    Uninfected: Delivered 10 messages

could it say instead:

    Uninfected: Delivered 10 messages in 3.42 seconds

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Wed Oct 26 17:56:02 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:02 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16334.1137101462.24926.mailscanner@lists.mailscanner.info>

Julian,

    I discovered that I was getting syslog entries like:

IPBlock: Cannot open /var/spool/MailScanner/IPBlock.log for writing

My /var/spool/MailScanner directory is chmod 700, owner root, group
other.  I touched IPBlock.log to create it and set perms to 666,
but no luck.

Also, a minor point...  The syslog says:

Read 115 IP blocking whitelist entries from /etc/MailScanner/IPBlock.conf
                      ^^^^^^^^^

Ummm, I always viewed IPBlock as a blacklist, not a whitelist...
How about just "IP blocking entries"?

Otherwise still puzzled...

Jeff Earickson
Colby College

On Wed, 26 Oct 2005, Jeff A. Earickson wrote:

> Date: Wed, 26 Oct 2005 12:41:43 -0400
> From: Jeff A. Earickson <jaearick@colby.edu>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: How to debug IPBlock?
> 
> Julian,
>
> I spoke too soon about IPBlock.  We got slammed by one IP
> number last night and no blocks.  If IPBlock had worked right,
> one poor slob would not have gotten 2500 "Lender of last Resort"
> messages from a mailing list run amok.  I've stared at my crontabs,
> checked my IPBlock.conf file, looked at the IPBlock code
> in lib/MailScanner (and uncommented the logfile stuff there).
> I find zilch in IPBlock.log after I turned it on.  I also get
> zero info out of a debug run.   How to debug this?
>
> My setup: Solaris 9, 4.46.2, sendmail 8.13.5.
>
> Also, could the final "Delivered" message have a timer on it?
> Instead of
>
>   Uninfected: Delivered 10 messages
>
> could it say instead:
>
>   Uninfected: Delivered 10 messages in 3.42 seconds
>
> Jeff Earickson
> Colby College
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 26 18:11:18 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16335.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

You are running an old version of IP Block. The current code doesn't 
contain "for writing" except for in a commented out chunk of code.

As for debugging it, replace "#print STDERR" with "print STDERR" in the 
code to re-enable all the debug output. That should help you quite a lot.

Do you know if it is the adding to the access db, using the db, or 
cleaning up the db that is going wrong?

As for logging the speed, check out the "Log Speed" MailScanner.conf 
setting.

Jeff A. Earickson wrote:

> Julian,
>
>    I discovered that I was getting syslog entries like:
>
> IPBlock: Cannot open /var/spool/MailScanner/IPBlock.log for writing
>
> My /var/spool/MailScanner directory is chmod 700, owner root, group
> other.  I touched IPBlock.log to create it and set perms to 666,
> but no luck.
>
> Also, a minor point...  The syslog says:
>
> Read 115 IP blocking whitelist entries from /etc/MailScanner/IPBlock.conf
>                      ^^^^^^^^^
>
> Ummm, I always viewed IPBlock as a blacklist, not a whitelist...
> How about just "IP blocking entries"?
>
> Otherwise still puzzled...
>
> Jeff Earickson
> Colby College
>
> On Wed, 26 Oct 2005, Jeff A. Earickson wrote:
>
>> Date: Wed, 26 Oct 2005 12:41:43 -0400
>> From: Jeff A. Earickson <jaearick@colby.edu>
>> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: How to debug IPBlock?
>>
>> Julian,
>>
>> I spoke too soon about IPBlock.  We got slammed by one IP
>> number last night and no blocks.  If IPBlock had worked right,
>> one poor slob would not have gotten 2500 "Lender of last Resort"
>> messages from a mailing list run amok.  I've stared at my crontabs,
>> checked my IPBlock.conf file, looked at the IPBlock code
>> in lib/MailScanner (and uncommented the logfile stuff there).
>> I find zilch in IPBlock.log after I turned it on.  I also get
>> zero info out of a debug run.   How to debug this?
>>
>> My setup: Solaris 9, 4.46.2, sendmail 8.13.5.
>>
>> Also, could the final "Delivered" message have a timer on it?
>> Instead of
>>
>>   Uninfected: Delivered 10 messages
>>
>> could it say instead:
>>
>>   Uninfected: Delivered 10 messages in 3.42 seconds
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1+4txH2WUcUFbZUEQLELwCgq8lRxrB99uBDh3YpvnHKQ6cvL9MAoNb7
0HF8xgRxsc++K6EmR3vvTxv0
=SU1I
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct 26 18:17:39 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16336.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Drew Marshall spake the following on 10/25/2005 2:00 PM:
> On 25 Oct 2005, at 21:45, Glenn Steen wrote:
> 
>> On 25/10/05, Ken Goods <KGoods@aiainsurance.com> wrote:
>>
>>> Ed Bruce wrote:
>>>
>>>> We only get about 2k-3k incoming email/day - but over the last 15  days
>>>> no virii were detected. Normally we get around 2-3 infected
>>>> emails/day. Anybody else seeing a lot fewer infected emails then
>>>> normal? I just get a little worried when nothing is seen.
>>>>
>>>> later,
>>>> Ed
>>>>
>>>>
>>>
>>> Funny... I was just getting ready to post a message exactly like 
>>> this. We
>>> too process 2-5k messages per day and I haven't seen a virus since I
>>> upgraded MailScanner a week ago Friday. I received 14 the day  before
>>> the
>>> upgrade. Thought something went wrong with the upgrade so I used  GFI
>>> to send
>>> myself the virus laden test emails and they were caught (and I was 
>>> notified)
>>> perfectly. But still, I went from an average of 7 per day to zero!  A
>>> little
>>> concerning.... Then again, I have the luxury of being able to  block
>>> several
>>> countries at the firewall and that cut them to about 10% of what I  was
>>> seeing before.
>>>
>>> Still keeping a close watch though... seems a little to coincidental.
>>>
>>> Ken Goods
>>> Network Administrator
>>> AIA/CropUSA Insurance, Inc.
>>>
>>>
>>
>> About the same load, and pretty much only see some stray Mytobs (short
>> bursts of 2-10 evrey third day or so)... And clam catching the normal
>> 2-5 phishes/day. You do run clamav?
> 
> 
> Lull before the storm? It's been quiet on the list for ages now. I 
> can't believe the virus writers have given up.
> 
> Drew
> 
I think they are just hitting the more open targets (the competing
products).

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct 26 18:22:28 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16337.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ken Goods spake the following on 10/25/2005 2:12 PM:
> Glenn Steen wrote:
> 
>>On 25/10/05, Ken Goods <KGoods@aiainsurance.com> wrote:
>>
>>>Ed Bruce wrote:
>>>
>>>>We only get about 2k-3k incoming email/day - but over the last 15
>>>>days no virii were detected. Normally we get around 2-3 infected
>>>>emails/day. Anybody else seeing a lot fewer infected emails then
>>>>normal? I just get a little worried when nothing is seen.
>>>>
>>>>later,
>>>>Ed
>>>>
>>>
>>>Funny... I was just getting ready to post a message exactly like
>>>this. We too process 2-5k messages per day and I haven't seen a
>>>virus since I upgraded MailScanner a week ago Friday. I received 14
>>>the day before the upgrade. Thought something went wrong with the
>>>upgrade so I used GFI to send myself the virus laden test emails and
>>>they were caught (and I was notified) perfectly. But still, I went
>>>from an average of 7 per day to zero! A little concerning.... Then
>>>again, I have the luxury of being able to block several countries at
>>>the firewall and that cut them to about 10% of what I was seeing
>>>before.  
>>>
>>>Still keeping a close watch though... seems a little to coincidental.
>>>
>>>Ken Goods
>>>Network Administrator
>>>AIA/CropUSA Insurance, Inc.
>>>
>>
>>About the same load, and pretty much only see some stray Mytobs (short
>>bursts of 2-10 evrey third day or so)... And clam catching the normal
>>2-5 phishes/day. You do run clamav?
> 
> 
> Yes, MailScanner/Spamassassin/ClamAV. All upgraded Friday before last. Hence
> the strange coincidence.... maillog looks fine stating that virus scanning
> is happening and like I said, the GFI email virus tests were all caught
> correctly... strange. But now that I think about it I'm not getting the
> normal amount of bad filetype/content/phish notification messages from
> MailScanner nor any Phish notification messages from Clam (via MailScanner).
> But they are getting caught as I just received a phish that MailScanner
> caught and modified the message (with no postmaster notification). So it
> looks like I'm just not getting the notifications like I did before. Also
> mailScanner-MRTG is not reporting any viruses....
> 
> I did look through the notification section of MailScanner.conf and nothing
> has changed that I could see. (ran upgrade_MailScanner_conf after the
> upgrade)
> 
> hummm.... back to Sherlock Holmes mode..... 
> 
> Ken Goods
> Network Administrator
> AIA/CropUSA Insurance, Inc.
> 
You could also add the Bitdefender package. It is also free, and can be
an added safety net just in case a wild Clam update renders it useless
for a day or more.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct 26 18:19:54 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16338.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jeff A. Earickson spake the following on 10/25/2005 2:14 PM:
> On Tue, 25 Oct 2005, Drew Marshall wrote:
> 
>>
>> Lull before the storm? It's been quiet on the list for ages now. I
>> can't believe the virus writers have given up.
>>
>> Drew
> 
> 
> Drew,
>    Not true.  We have been getting our butts kicked in the last week
> by Windoze boxes infected with Mytob variants that quickly morph into
> spambots.  Some spambots go directly out to the Internet, and some route
> email via our mail server.  Our legit mail server ended up in Spamcop
> this morning.  Ouch.  The IPBlock feature of MailScanner has been some
> help here but it isn't pretty.  The virus writers have an unholy
> alliance with the spammers now.
> 
> Jeff Earickson
> Colby College
> 
Don't you scan outgoing mail?
I wouldn't let my users send out unmolested, and this isn't a college
campus. Bot then I can be a BOFH sometimes! ;)

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 26 18:54:35 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16339.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Scott Silva wrote:

>>You could also add the Bitdefender package. It is also free, and can be
>>an added safety net just in case a wild Clam update renders it useless
>>for a day or more.
>>
>>    
>>
What exactly is the licensing situation for Bitdefender?
Is it really free as in beer for all situations? Or when do you have to 
pay for it?
How do Bitdefender make any profit? (assuming it's not free-as-in-speech)

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1/C3BH2WUcUFbZUEQLmRACgw8XW4CF6xaWmUz65EGZQnhAjIr4An1Ww
Vy5BS6Ihrunhh3FrvXRqZw3h
=9CUf
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct 26 18:15:06 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16340.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ed Bruce spake the following on 10/25/2005 12:49 PM:
> We only get about 2k-3k incoming email/day - but over the last 15 days
> no virii were detected. Normally we get around 2-3 infected emails/day.
> Anybody else seeing a lot fewer infected emails then normal? I just get
> a little worried when nothing is seen.
> 
> later,
> Ed
> 
Sometimes I go weeks without seeing any. It depends if they are caught
as spam first, or in my case as I block at the MTA with sbl-xbl list,
the addresses are blacklisted.

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Wed Oct 26 19:20:06 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16341.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Wednesday, October 26, 2005 12:55 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Virii detection very low
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Scott Silva wrote:
>
> >>You could also add the Bitdefender package. It is also free, and can be
> >>an added safety net just in case a wild Clam update renders it useless
> >>for a day or more.
> >>
> >>
> >>
> What exactly is the licensing situation for Bitdefender?
> Is it really free as in beer for all situations? Or when do you have to
> pay for it?
> How do Bitdefender make any profit? (assuming it's not free-as-in-speech)
>

From chris at scorpion.nl  Wed Oct 26 19:24:46 2005
From: chris at scorpion.nl (Christiaan den Besten)
Date: Thu Jan 12 21:31:02 2006
Subject: Forward "Spam" (action) mail to single mailbox ..
Message-ID: <mailman.16343.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hi all !

I would like all my 'highspam' to be 'forwarded' to a single 'spambox@scorpion.nl' box for processing. The original rcpt should not 
receive this message.

"Spam Actions = forward spambox@scorpion.nl delete" does not seem te be doing the trick :(. The forward works, but the message still 
gets delivered to its original rcpt :(

Bug, or missing feature ? :)

bye,
Chris

PS: The mailscanner log shows: "Oct 26 20:13:08 hannibal MailScanner[10565]: Spam Actions: message 1EUplg-0002kU-2Y actions are 
forward,spambox@scorpion.nl"

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Wed Oct 26 19:31:13 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:02 2006
Subject: Has the list been unusually quite lately?
Message-ID: <mailman.16344.1137101462.24926.mailscanner@lists.mailscanner.info>

I haven't received anything since the 19th - was a change made to the list
server?



...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500
 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 26 19:33:03 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16345.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


>>What exactly is the licensing situation for Bitdefender?
>>Is it really free as in beer for all situations? Or when do you have to
>>pay for it?
>>How do Bitdefender make any profit? (assuming it's not free-as-in-speech)
>>
>>    
>>
>
>From the BitDefender site (Linux Free - Console)
>http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html
>
>
>BitDefender Linux Edition is a freeware product, which doesn't require a
>license to be used.
>  
>
That's pretty clear. Thanks for the pointer. I will start recommending 
it in addition to ClamAV.
Apart from being free, how good is its reputation for high detection 
rate and fast updates compared to other products?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1/L4RH2WUcUFbZUEQJqrwCfaYO3S9txogN1Lk5fIp3gANSPGs0An2/0
CurBJqk1F/oQyuXpx5fc2KmB
=ztYM
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 26 19:44:14 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: Forward "Spam" (action) mail to single mailbox ..
Message-ID: <mailman.16346.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I just tested this and it is working fine. The maillog says this:

Oct 26 19:42:42 karla MailScanner[15619]: Spam Actions: message 
h8N7jHpf022110 actions are delete,spambox@scorpion.nl,forward
Oct 26 19:42:42 karla MailScanner[15619]: Spam Actions: message 
g4KAPXR04047 actions are delete,spambox@scorpion.nl,forward

Did you do a "service MailScanner reload" or "service MailScanner 
restart" (in RedHat Linux) after changing MailScanner.conf?
You have to tell it the config file has changed.

It explicitly does not automatically detect changes in the file as you 
might save a half-edited file which would cause mail to be lost if it 
was used. So once you are happy with the file, you have to tell it to 
re-read the file. The last thing you want is it to start using a file 
that accidentally says "delete" instead of "deliver", as you didn't have 
a chance to check your new file first!

What version of MailScanner are you running? And what MTA?

Christiaan den Besten wrote:

> Hi all !
>
> I would like all my 'highspam' to be 'forwarded' to a single 
> 'spambox@scorpion.nl' box for processing. The original rcpt should not 
> receive this message.
>
> "Spam Actions = forward spambox@scorpion.nl delete" does not seem te 
> be doing the trick :(. The forward works, but the message still gets 
> delivered to its original rcpt :(
>
> Bug, or missing feature ? :)
>
> bye,
> Chris
>
> PS: The mailscanner log shows: "Oct 26 20:13:08 hannibal 
> MailScanner[10565]: Spam Actions: message 1EUplg-0002kU-2Y actions are 
> forward,spambox@scorpion.nl"
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1/OgBH2WUcUFbZUEQKDGQCfRqQURG2WcFLWNc0X0T8wEE0JRBgAoLkk
wcZiwO6mNF13PhBIs56181LF
=uvxY
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 26 19:46:13 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: Has the list been unusually quite lately?
Message-ID: <mailman.16347.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nothing that I have changed, no. The list has been pretty quiet, but 
there have been some posts every day.
But it is always possible the IP addresses of the list servers have 
changed or something like that. Try unsubscribing and resubscribing, to 
make sure you get the responses from the list server that should 
accompany these operations.

Kevin Miller wrote:

>I haven't received anything since the 19th - was a change made to the list
>server?
>
>
>
>...Kevin
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1/O9RH2WUcUFbZUEQJq6QCfZTgCXDUJxCarEroPWyiryikWueoAoJde
7hNTZbWcN2/TM+f84tvZNHka
=v984
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jdavis at CS.ARIZONA.EDU  Wed Oct 26 19:53:19 2005
From: jdavis at CS.ARIZONA.EDU (Jim Davis)
Date: Thu Jan 12 21:31:02 2006
Subject: attachment spam action
Message-ID: <mailman.16348.1137101462.24926.mailscanner@lists.mailscanner.info>

I've set up MailScanner 4.46 on a FreeBSD 5.4 system with Postfix 2.2.5.
I have

Spam Actions = header "X-Spam-Status: Yes" header "X-Spam-Flag: YES"
attachment deliver
High Scoring Spam Actions = header "X-Spam-Status: Yes" header
"X-Spam-Flag: YES" attachment deliver

in MailScanner.conf, and the logs suggest that those actions are being
taken:

Oct 26 11:50:34 hackberry MailScanner[43424]: Spam Actions: message
157B5D4081D.E2BD3 actions are attachment,deliver,header

But I'm not actually seeing the spam body as an attachment.  The specified
headers are appearing.  Any ideas?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rcooper at DWFORD.COM  Wed Oct 26 19:55:47 2005
From: rcooper at DWFORD.COM (Rick Cooper)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16349.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> Behalf Of Julian Field
> Sent: Wednesday, October 26, 2005 1:33 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Virii detection very low
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> >>What exactly is the licensing situation for Bitdefender?
> >>Is it really free as in beer for all situations? Or when do you have to
> >>pay for it?
> >>How do Bitdefender make any profit? (assuming it's not
> free-as-in-speech)
> >>
> >>
> >>
> >
> >From the BitDefender site (Linux Free - Console)
> >http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html
> >
> >
> >BitDefender Linux Edition is a freeware product, which doesn't require a
> >license to be used.
> >
> >
> That's pretty clear. Thanks for the pointer. I will start recommending
> it in addition to ClamAV.
> Apart from being free, how good is its reputation for high detection
> rate and fast updates compared to other products?
>

Assuming the Linux version is the same as the windows version, because I
don't keep track of how often the Linux version updates even though I use
it, it updates quite frequently and it's not uncommon for the Linux version
to catch the viruses before clam or f-prot even though they are before BD in
my exim scan acls. I use the windows professional version 8 on my laptop and
have been quite happy with it for more than a year.

If you would like to see an interesting update frequency comparison check
this link

http://www.pcmag.com/article2/0,1895,1760884,00.asp

Note that the products marked beta are updated MUCH more often than there
general release version. Not a single one of the release versions is in the
top 50% while the betas are all in the top 5% or so. BD comes in the top 4
when you remove the beta products from the list.

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Wed Oct 26 20:22:47 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: attachment spam action
Message-ID: <mailman.16350.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just like the last question on this subject (see the thread "Forward 
"Spam" (action) mail to single mailbox ..") it appears to work fine for me.
So I'm not sure quite what to suggest, other than what I have already said.

What exactly do you mean by "not actually seeing the spam body as an 
attachment"? What do you see?

Jim Davis wrote:

>I've set up MailScanner 4.46 on a FreeBSD 5.4 system with Postfix 2.2.5.
>I have
>
>Spam Actions = header "X-Spam-Status: Yes" header "X-Spam-Flag: YES"
>attachment deliver
>High Scoring Spam Actions = header "X-Spam-Status: Yes" header
>"X-Spam-Flag: YES" attachment deliver
>
>in MailScanner.conf, and the logs suggest that those actions are being
>taken:
>
>Oct 26 11:50:34 hackberry MailScanner[43424]: Spam Actions: message
>157B5D4081D.E2BD3 actions are attachment,deliver,header
>
>But I'm not actually seeing the spam body as an attachment.  The specified
>headers are appearing.  Any ideas?
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ1/XiBH2WUcUFbZUEQKvvACg6hSpo5gWWuFN/fQvry63RFXTAlUAoLta
hRvukjbgZxlHST/pNm3pykdc
=N6/X
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jdavis at CS.ARIZONA.EDU  Wed Oct 26 20:31:05 2005
From: jdavis at CS.ARIZONA.EDU (Jim Davis)
Date: Thu Jan 12 21:31:02 2006
Subject: attachment spam action
Message-ID: <mailman.16351.1137101462.24926.mailscanner@lists.mailscanner.info>

On Wed, 26 Oct 2005, Julian Field wrote:

> What exactly do you mean by "not actually seeing the spam body as an
> attachment"? What do you see?

The spam message body, inline.  Before, with the stock spamd/spamc setup,
I'd get something like

>Spam detection software, running on the system
[...]
>    [ Part 2: "original message before SpamAssassin" ]
[...]

Now I get something like
[...]
X-CS-MailScanner-SpamCheck: spam, SpamAssassin (score=32.216, required 5,
	ADVANCE_FEE_1 0.00, ADVANCE_FEE_2 1.39, ADVANCE_FEE_3 3.34,
	ADVANCE_FEE_4 3.73, BAYES_99 3.50, DEAR_SOMETHING 2.10,
	DNS_FROM_RFC_BOGUSMX 1.94, DNS_FROM_RFC_DSN 2.60,
	DNS_FROM_RFC_POST 1.71, MISSING_MIMEOLE 1.61,
	RCVD_IN_BL_SPAMCOP_NET 1.56, SARE_FRAUD_X3 1.67, SARE_FRAUD_X4 1.67,
	SARE_FRAUD_X5 1.67, SARE_FRAUD_X6 1.67, SARE_URGBIZ 0.72,
	SUBJ_ALL_CAPS 1.00, URG_BIZ 0.35)
X-Spam-Level: ********************************
X-Spam-Status: Yes
X-Spam-Flag: YES

Dear Sir/Madam,

I am Mrs Mariam Abacha the wife of Abacha, late Nigerian head of state-
[...]

So the headers I asked for are being inserted, but the spam message itself
appears inline, not as an attachment.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Oct 26 20:34:50 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16352.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 26/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Scott Silva wrote:
>
> >>You could also add the Bitdefender package. It is also free, and can be
> >>an added safety net just in case a wild Clam update renders it useless
> >>for a day or more.
> >>
> >>
> >>
> What exactly is the licensing situation for Bitdefender?
> Is it really free as in beer for all situations? Or when do you have to
> pay for it?
> How do Bitdefender make any profit? (assuming it's not free-as-in-speech)
>
There is a note on this in the wiki
(http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefender:install)
...
I think they don't really realize just how useful the "cli onlt"
version is to us:-). And then, as with most AV vendors, the
bread&butter likely comes from windoze desktops... I'm not sure we
want to dig any deeper here;-)

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Wed Oct 26 20:47:20 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16353.1137101462.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Glenn Steen
> Sent: Wednesday, October 26, 2005 3:35 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Virii detection very low
> 
> On 26/10/05, Julian Field <MailScanner@ecs.soton.ac.uk> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Scott Silva wrote:
> >
> > >>You could also add the Bitdefender package. It is also free, and can
> be
> > >>an added safety net just in case a wild Clam update renders it useless
> > >>for a day or more.
> > >>
> > >>
> > >>
> > What exactly is the licensing situation for Bitdefender?
> > Is it really free as in beer for all situations? Or when do you have to
> > pay for it?
> > How do Bitdefender make any profit? (assuming it's not free-as-in-
> speech)
> >
> There is a note on this in the wiki
> (http://wiki.mailscanner.info/doku.php?id=documentation:anti_virus:bitdefe
> nder:install)
> ...
> I think they don't really realize just how useful the "cli onlt"
> version is to us:-). And then, as with most AV vendors, the
> bread&butter likely comes from windoze desktops... I'm not sure we
> want to dig any deeper here;-)
> 

I bought and use the Windows Bitdefender 9 Professional Plus version on
three desktops and am very pleased with the product. I think it's much
better behaved than the McAfee and Symantec products. There have been NO
problems, infections, web junk, etc. in the 1 1/2 years+ I've been using the
product (ringing endorsement). Note that thanks to MailScanner I do find the
e-mail scanning function a bit unnecessary :)

I don't think I would have considered or known about the desktop version
unless I'd used the free Linux version. 

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Wed Oct 26 20:38:24 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16354.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field spake the following on 10/26/2005 10:54 AM:
> Scott Silva wrote:
> 
> 
>>>>You could also add the Bitdefender package. It is also free, and can be
>>>>an added safety net just in case a wild Clam update renders it useless
>>>>for a day or more.
>>>>
>>>>   
>>>>
> 
> What exactly is the licensing situation for Bitdefender?
> Is it really free as in beer for all situations? Or when do you have to 
> pay for it?
> How do Bitdefender make any profit? (assuming it's not free-as-in-speech)
> 
It seems to be two versions version back, and only a commandline client.
But it still seems to be updated regularly, as per this last update message;
	Update time: Wed Oct 26 21:40:20 2005
	Signature number: 229539
	Update time GMT: 1130344820
	Version: 7.04147"
I think they assume it to be a teaser for their "more full featured"
(bloated) products. I don't think they see the command client as a
threat to their sales base, more like a sales tool. Little do they know
that MailScanner only requires a commandline scanner to function.

As quoted from their Linux downloads page;
" Please download our products in order to use them for free.
Thank you for choosing BitDefender AntiVirus solutions. "

and;
"BitDefender Linux Edition is a freeware product, which doesn't require
a license to be used."



-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Wed Oct 26 20:53:44 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:02 2006
Subject: Virii detection very low
Message-ID: <mailman.16355.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 26/10/05, Rick Cooper <rcooper@dwford.com> wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > Behalf Of Julian Field
> > Sent: Wednesday, October 26, 2005 1:33 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: Re: Virii detection very low
> >
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > >>What exactly is the licensing situation for Bitdefender?
> > >>Is it really free as in beer for all situations? Or when do you have to
> > >>pay for it?
> > >>How do Bitdefender make any profit? (assuming it's not
> > free-as-in-speech)
> > >>
> > >>
> > >>
> > >
> > >From the BitDefender site (Linux Free - Console)
> > >http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition.html
> > >
> > >
> > >BitDefender Linux Edition is a freeware product, which doesn't require a
> > >license to be used.
> > >
> > >
> > That's pretty clear. Thanks for the pointer. I will start recommending
> > it in addition to ClamAV.
> > Apart from being free, how good is its reputation for high detection
> > rate and fast updates compared to other products?
> >
>
> Assuming the Linux version is the same as the windows version, because I
> don't keep track of how often the Linux version updates even though I use
> it, it updates quite frequently and it's not uncommon for the Linux version
> to catch the viruses before clam or f-prot even though they are before BD in
> my exim scan acls. I use the windows professional version 8 on my laptop and
> have been quite happy with it for more than a year.
>
> If you would like to see an interesting update frequency comparison check
> this link
>
> http://www.pcmag.com/article2/0,1895,1760884,00.asp
>
> Note that the products marked beta are updated MUCH more often than there
> general release version. Not a single one of the release versions is in the
> top 50% while the betas are all in the top 5% or so. BD comes in the top 4
> when you remove the beta products from the list.
>
> Rick
>

I've been running it with McAfee and Clamav for more than a year now.
If one looks at the stats for detections *without* Phishing, then BD
and Clam are tied for first place (note that both have been the "sole
detector" at some time), with McAfee just a hair or two behind (but
even so, McAfee has also been the sole detector too, just not as
often). With phishing detection included, clamav is the sole leader,
with McAfee well behind... BD is rumoured to have begun detecting
phises too, but I've not seen it happen in any bulk.
During this time I've had one (1) bad update that required manual
intervention, compared to zero (0) for clamav and two (2) for mcafee.

I'd say that at that price, you can't afford to not use it.
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Wed Oct 26 21:01:03 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:02 2006
Subject: Problem with ClamAVModule
Message-ID: <mailman.16356.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

I started using ClamAV recently and just noticed the following:
Oct 26 15:06:55 132.210.244.90 sendmail[27535]: j9QJ6iY3027535: 
from=<Kontounterstutzung02@vr-networld.de>, size=29459, class=0, 
nrcpts=1, msgid=<001601c5da60$60144486$18af6650@xx-xqth3pasqtbn>, 
proto=SMTP, daemon=MTA, relay=80-102-175-24.bcn1.adsl.uni2.es 
[80.102.175.24]
Oct 26 15:06:55 132.210.244.90 sendmail[27535]: j9QJ6iY3027535: 
to=<user@USherbrooke.ca>, delay=00:00:05, mailer=relay, pri=59459, 
stat=queued
Oct 26 15:06:59 132.210.244.90 MailScanner[28920]: Message 
j9QJ6iY3027535 from 80.102.175.24 (kontounterstutzung02@vr-networld.de) 
to usherbrooke.ca is est un polluriel, SpamAssassin (score=10.283, 
requis 5, BAYES_50 0.00, DCC_CHECK 2.17, HTML_90_100 0.02, 
HTML_FONT_LOW_CONTRAST 0.79, HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, 
INVALID_DATE 0.24, J_CHICKENPOX_27 0.60, J_CHICKENPOX_31 0.60, 
J_CHICKENPOX_52 0.60, MIME_QP_LONG_LINE 0.04, NO_REAL_NAME 0.01, 
RCVD_IN_NJABL_DUL 0.09, RCVD_IN_SORBS_DUL 1.99, WEIRD_PORT 0.11)
Oct 26 15:07:03 132.210.244.90 MailScanner[28920]: Spam Actions: message 
j9QJ6iY3027535 actions are attachment,deliver
Oct 26 15:07:08 132.210.244.90 MailScanner[28920]: 
ClamAVModule::INFECTED:: HTML.Phishing.Bank-1:: 
./j9QJ6iY3027535/msg-28920-1410.html
Oct 26 15:07:08 132.210.244.90 MailScanner[28920]: Infected message 
j9QJ6iY3027535 came from 80.102.175.24
Oct 26 15:07:08 132.210.244.90 MailScanner[28920]: <A> tag found in 
message j9QJ6iY3027535 from kontounterstutzung02@vr-networld.de


The line troubling me is the one with "actions are attachment,deliver".  
Why has it been delivered if Clam detected an infection?

My setup is as follows:
Virus Scanners = mcafee bitdefender clamavmodule
Silent Viruses = All-Viruses HTML-IFrame HTML-Codebase HTML-Form HTML-Script
Still Deliver Silent Viruses = %rules-dir%/virus.to.quarantine.rules

and rules/virus.to.quarantine.rules :
Virus:  Win32    no
Virus:  W32/     no
Virus:  Phish-BankFraud     no
Virus:  HTML.Phishing       no
Virus:  Exploit.HTML.IFrame no
Virus:  Worm     no
Virus:  BackDoor- no
Virus:  default yes

So, do I have a problem with Clam or MS? 

Relevant versions follow...
ClamAV 0.87/1148/Tue Oct 25 15:34:12 2005
This is Red Hat Enterprise Linux AS release 3 (Taroon Update 6)
This is Perl version 5.008000 (5.8.0)
This is MailScanner version 4.44.6
0.17    Mail::ClamAV

Thanks!

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From wubba at VIPERSHELLS.COM  Wed Oct 26 21:04:30 2005
From: wubba at VIPERSHELLS.COM (Brian)
Date: Thu Jan 12 21:31:02 2006
Subject: Has the list been unusually quite lately?
Message-ID: <mailman.16357.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I have noticed the same thing till I realized that 
Vispan had blocked the list ip's "oopsy"

> >-----Original Message-----
> >From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> >Behalf Of Julian Field
> >Sent: Wednesday, October 26, 2005 2:46 PM
> >To: MAILSCANNER@JISCMAIL.AC.UK
> >Subject: Re: Has the list been unusually quite lately?
> >
> >
> >-----BEGIN PGP SIGNED MESSAGE-----
> >Hash: SHA1
> >
> >Nothing that I have changed, no. The list has been pretty quiet, but 
> >there have been some posts every day.
> >But it is always possible the IP addresses of the list servers have 
> >changed or something like that. Try unsubscribing and resubscribing, to 
> >make sure you get the responses from the list server that should 
> >accompany these operations.
> >
> >Julian Field

Brian
From brent at ELECTRICEMBERS.NET  Wed Oct 26 22:47:38 2005
From: brent at ELECTRICEMBERS.NET (Brent Emerson)
Date: Thu Jan 12 21:31:02 2006
Subject: does Find Phishing Fraud alone imply disarming?
Message-ID: <mailman.16358.1137101462.24926.mailscanner@lists.mailscanner.info>

Hi,

We've really been looking forward to using the phishing detection, but we
don't like to modify message content.  I've just recently upgraded to
4.46.2 and assumed that

	Find Phishing Fraud = yes
	Highlight Phishing Fraud = no
	Phishing Modify Subject = yes

would detect phishing attempts and then modify the subject without
disarming the phishing tags.  But I see lines like:

Oct 26 14:16:49 smtp2 MailScanner[79047]: Content Checks: Detected and
have disarmed phishing tags in HTML message

in my logs, and my clients report some mangling of the content in affected
messages.  Is there a setting I've missed, or is there currently no way to
do phishing detection without disarming?  If not, could detection be
separated from disarming in a future release, perhaps with a setting like:

	Allow Phishing = yes/no/disarm

similar to the treatment of Scripts/WebBugs/etc.


Brent Emerson

P.S. We want to avoid disarming (1) because it violates a basic principle
we have of not modifying message bodies except to remove whole viral MIME
parts and (2) because we've found the phishing system to sometimes make
mistakes in putting links back together, for instance shifting the
position of formatting tags around within/around an anchor tag.


----Electric Embers: Powering the fires of change--------------------
  NPOGroups  |  NPOMail  |  NPOShield  |  web/database/email hosting
----http://electricembers.net--------A member of N-TEN and NoBAWC----

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jdavis at CS.ARIZONA.EDU  Wed Oct 26 23:02:53 2005
From: jdavis at CS.ARIZONA.EDU (Jim Davis)
Date: Thu Jan 12 21:31:02 2006
Subject: attachment spam action
Message-ID: <mailman.16359.1137101462.24926.mailscanner@lists.mailscanner.info>

On Wed, 26 Oct 2005, Julian Field wrote:

> If you can get to the raw message source, see if the start of the spam
> message looks like this:
>
>  > --======15897==59866======
>  > Content-Type: message/rfc822
>  > Content-Disposition: attachment
>  > Content-Transfer-Encoding: binary
>
> I just inserted the > to stop your mail client getting confused. If it
> does look like that, then for some reason your mail client is screwing
> it up. What mail program are you using?

I'm using pine (4.58) on Solaris 9 and Thunderbird 1.0.7 on Fedora Core 4.

Here's one I traced through the system:

Oct 26 14:50:39 hackberry MailScanner[43434]: Message 9ABDAD40826.E9E0C
from 192.12.69.5 (susanna_n.burris@image.dk) to hackberry.cs.arizona.edu
is spam, SpamAssassin (score=29.02, required 5, autolearn=spam, BAYES_99
3.50, FORGED_RCVD_HELO 0.14, FUZZY_MILLION 3.60, INVESTMENT_ADVICE 3.70,
RATWARE_GECKO_BUILD 1.69, RATWARE_MOZ_MALFORMED 1.85,
RAZOR2_CF_RANGE_51_100 0.50, RAZOR2_CF_RANGE_E4_51_100 1.50, RAZOR2_CHECK
0.50, RCVD_IN_BL_SPAMCOP_NET 1.56, RCVD_IN_DSBL 2.60, RCVD_IN_NJABL_DUL
1.95, RCVD_IN_SORBS_DUL 2.05, RCVD_IN_XBL 3.90)
Oct 26 14:50:39 hackberry MailScanner[43434]: Spam Actions: message
9ABDAD40826.E9E0C actions are attachment,deliver,header

Procmail delivers it,

From Dave  Wed Oct 26 23:21:59 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:02 2006
Subject: Bounce Rules
Message-ID: <mailman.16360.1137101462.24926.mailscanner@lists.mailscanner.info>

I did order the book and I do recommend it.

Question, for bounce rules, ho do I bounce spam > a score of 7.5 ?

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Wed Oct 26 23:24:05 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:02 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16361.1137101462.24926.mailscanner@lists.mailscanner.info>

On Wed, 26 Oct 2005, Julian Field wrote:

> Date: Wed, 26 Oct 2005 18:11:18 +0100
> From: Julian Field <MailScanner@ECS.SOTON.AC.UK>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: How to debug IPBlock?
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You are running an old version of IP Block. The current code doesn't
> contain "for writing" except for in a commented out chunk of code.

I *am* running a current version, including the cronjob at the end.
I checked.  I had uncommented that code in an earlier debug attempt.

>
> As for debugging it, replace "#print STDERR" with "print STDERR" in the
> code to re-enable all the debug output. That should help you quite a lot.

Bingo!  This revealed a typo that I had recently introduced to IPBlock.conf,
see attached debug output.  I had defined AFRINIC as
     410.0.0/8  30
instead of
     41.0.0.0/8  30
Oops.  As the author Net-CIDR says, "garbage in, garbage out".
Any way to program around my typing ability?  :)

> As for logging the speed, check out the "Log Speed" MailScanner.conf
> setting.

I tried that, too much detail.  I would just like the total time to
process a batch of messages noted in the Delivered line.

Jeff Earickson
Colby College

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Thu Oct 27 00:02:22 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:02 2006
Subject: Bounce Rules
Message-ID: <mailman.16362.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
Problem spake the following on 10/26/2005 3:21 PM:
> I did order the book and I do recommend it.
> 
> Question, for bounce rules, ho do I bounce spam > a score of 7.5 ?
> 
I am sure that the book says, as do many other places, please do not
bounce spam. You will not bother the spammers, but will succeed in
annoying many other mail administrators around the world.
What is the purpose for bouncing spam? The spammers already know it is
spam, you're informing them of such will not change their opinions in
the matter. I just whitelist content that my users ask to be
whitelisted, and only to that user. The only sitewide whitelists here
are an industry specific newsletter that half of the company gets, and
some occasional forwards from a lobbyist my company works with.

And if you are getting false positives, you need to play with the score
levels and maybe add some rules.

I haven't had one false hit for high scoring spam in over a year. They
usually fall in the 3 to 7 point range, and get sent to the users as an
attachment. They can bug me to whitelist them if they want them.

If it is slow, I look for obvious breaches and see what I can do with them.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Oct 27 00:20:52 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:02 2006
Subject: Released emails still being quarantined
Message-ID: <mailman.16363.1137101462.24926.mailscanner@lists.mailscanner.info>

Hello,

I've got the following two lines in spam.whitelist.rules but my released
emails are still being flagged due to there being too many attachments
in the released email.

From: 127.0.0.1 yes
From: localhost yes

I didn't find anything useful in the MAQ or the MailScanner wiki.

What else do I need to do?

I'm using MailWatch 1.0.2 to manage the quarantine with MS 4.46.2 and
sendmail 8.13.1.


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Oct 27 00:08:48 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:02 2006
Subject: Bounce Rules
Message-ID: <mailman.16364.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote:
> I did order the book and I do recommend it.
> 
> Question, for bounce rules, ho do I bounce spam > a score of 7.5 ?
> 

Don't..

Rejecting spam at SMTP delivery time is fine, but don't _ever_ bounce it. I for
one treat it as intentional malicious misconfiguration and will *immediately*
blacklist a network that bounces a joe-jobbed spam to me.

Unfortunately, all of mailscanner is done post-delivery, so you can't do SMTP
time rejects using it.

Of course, the post-delivery scanning part of Mailscanner's design is what makes
it deal with bursty loads so well.

Sadly, you can't have it both ways. Delivery time scanners can reject, but the
fact that they scan at delivery time severely limits your peak delivery rate.
SpamAssassin instances are large, and you'll wind up memory limited in terms of
the number of simultaneous scanners you can have running. Eventually this will
lead to dropped connections which will have to retry delivery later.

Admittedly the average delivery rate is the same, but queue-first-then scan
methods like MailScanner can deal with a short term burst at the expense of
increasing the mail queue depth.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Thu Oct 27 00:17:49 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:02 2006
Subject: Bounce Rules
Message-ID: <mailman.16365.1137101462.24926.mailscanner@lists.mailscanner.info>

On Wed, Oct 26, 2005 at 04:02:22PM -0700, Scott Silva wrote:
> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
> Problem spake the following on 10/26/2005 3:21 PM:
> > I did order the book and I do recommend it.
> > 
> > Question, for bounce rules, ho do I bounce spam > a score of 7.5 ?
> > 
> I am sure that the book says, as do many other places, please do not
> bounce spam. You will not bother the spammers, but will succeed in
> annoying many other mail administrators around the world.
> What is the purpose for bouncing spam? The spammers already know it is
> spam, you're informing them of such will not change their opinions in
> the matter. I just whitelist content that my users ask to be
> whitelisted, and only to that user. The only sitewide whitelists here
> are an industry specific newsletter that half of the company gets, and
> some occasional forwards from a lobbyist my company works with.
> 
> And if you are getting false positives, you need to play with the score
> levels and maybe add some rules.
> 
> I haven't had one false hit for high scoring spam in over a year. They
> usually fall in the 3 to 7 point range, and get sent to the users as an
> attachment. They can bug me to whitelist them if they want them.
> 
> If it is slow, I look for obvious breaches and see what I can do with them.
>

Then what about just making it undeliverable? 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From chris at TAC.ESI.NET  Thu Oct 27 00:53:06 2005
From: chris at TAC.ESI.NET (chris hammond)
Date: Thu Jan 12 21:31:02 2006
Subject: Released emails still being quarantined
Message-ID: <mailman.16366.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Do the following
 
Edit MailScanner.conf
 
Virus Scanning = %rules-dir%/virus.scanning.rules
Spam Checks = %rules-dir%/spam.scanning.rules
 
touch /etc/MailScanner/rules/spam.scanning.rules
Then add the following lines.
        From:     127.0.0.1       no
        FromOrTo: default yes
touch /etc/MailScanner/rules/virus.scanning.rules
Then add the following lines.
        From:     127.0.0.1       no
        FromOrTo: default yes
 
Chris
 


>>>cparker@SWATGEAR.COM 10/26/05 7:20 pm >>>
Hello,

I've got the following two lines in spam.whitelist.rules but my released
emails are still being flagged due to there being too many attachments
in the released email.

From: 127.0.0.1 yes
From: localhost yes

I didn't find anything useful in the MAQ or the MailScanner wiki.

What else do I need to do?

I'm using MailWatch 1.0.2 to manage the quarantine with MS 4.46.2 and
sendmail 8.13.1.


Thanks,
Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From Dave  Thu Oct 27 01:08:22 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:02 2006
Subject: Bounce Rules
Message-ID: <mailman.16367.1137101462.24926.mailscanner@lists.mailscanner.info>

On Wed, Oct 26, 2005 at 07:08:48PM -0400, Matt Kettler wrote:
> Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem wrote:
> > I did order the book and I do recommend it.
> > 
> > Question, for bounce rules, ho do I bounce spam > a score of 7.5 ?
> > 
> 
> Don't..
> 
> Rejecting spam at SMTP delivery time is fine, but don't _ever_ bounce it. I for
> one treat it as intentional malicious misconfiguration and will *immediately*
> blacklist a network that bounces a joe-jobbed spam to me.
> 
> Unfortunately, all of mailscanner is done post-delivery, so you can't do SMTP
> time rejects using it.
> 
> Of course, the post-delivery scanning part of Mailscanner's design is what makes
> it deal with bursty loads so well.
> 
> Sadly, you can't have it both ways. Delivery time scanners can reject, but the
> fact that they scan at delivery time severely limits your peak delivery rate.
> SpamAssassin instances are large, and you'll wind up memory limited in terms of
> the number of simultaneous scanners you can have running. Eventually this will
> lead to dropped connections which will have to retry delivery later.
> 
> Admittedly the average delivery rate is the same, but queue-first-then scan
> methods like MailScanner can deal with a short term burst at the expense of
> increasing the mail queue depth.
>

delete works better.
 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From cparker at SWATGEAR.COM  Thu Oct 27 01:09:20 2005
From: cparker at SWATGEAR.COM (Chris W. Parker)
Date: Thu Jan 12 21:31:02 2006
Subject: Released emails still being quarantined
Message-ID: <mailman.16368.1137101462.24926.mailscanner@lists.mailscanner.info>

chris hammond <mailto:chris@tac.esi.net>
    on Wednesday, October 26, 2005 4:53 PM said:

> Do the following
> 
> Edit MailScanner.conf
> 
> Virus Scanning = %rules-dir%/virus.scanning.rules
> Spam Checks = %rules-dir%/spam.scanning.rules
[snip]

Thanks Chris. I've made the changes and will have one of my users try it
tomorrow when they get in.


Chris.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Thu Oct 27 01:17:01 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:02 2006
Subject: Bounce Rules
Message-ID: <mailman.16369.1137101462.24926.mailscanner@lists.mailscanner.info>

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
 
> Then what about just making it undeliverable?

There are two score levels in MailScanner: Spam and High Scoring Spam.  In
MailScanner.conf is a line that sets the value of high scoring spam.  If you
want to get rid of any spam above 7.5, set your high scoring spam to that
level, and "High Scoring Spam Actions = delete".  For regular spam, you
assign a lower value, say 5.  Many people will store that, or forward it to
a spam catcher account where you can check for false positives (valid emails
that were wrongly tagged as spam).

This is snipped from my MailScanner.conf.  Just set the actions as
appropriate for your site.  

#
# What to do with spam
# --------------------
#

# This is a list of actions to take when a message is spam.
# It can be any combination of the following:
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    bounce                  - send a rejection message back to the sender
#    forward user@domain.com - forward a copy of the message to
user@domain.com
#    striphtml               - convert all in-line HTML content to plain
text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an
attachment
#                              of the message. This means the user has to
take
#                              an extra step to open the spam, and stops
"web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered.
They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any
spaces.
#
# This can also be the filename of a ruleset, in which case the filename
# must end in ".rule" or ".rules".
# - mkm - Spam Actions = forward Alphonse_Spamdog@ci.juneau.ak.us store
Spam Actions = store

# This is just like the "Spam Actions" option above, except that it applies
# then the score from SpamAssassin is higher than the "High SpamAssassin
Score"
# value.
#    deliver                 - deliver the message as normal
#    delete                  - delete the message
#    store                   - store the message in the quarantine
#    forward user@domain.com - forward a copy of the message to
user@domain.com
#    striphtml               - convert all in-line HTML content to plain
text.
#                              You need to specify "deliver" as well for the
#                              message to reach the original recipient.
#    attachment              - Convert the original message into an
attachment
#                              of the message. This means the user has to
take
#                              an extra step to open the spam, and stops
"web
#                              bugs" very effectively.
#    notify                  - Send the recipients a short notification that
#                              spam addressed to them was not delivered.
They
#                              can then take action to request retrieval of
#                              the original message if they think it was not
#                              spam.
#    header "name: value"    - Add the header
#                                name: value
#                              to the message. name must not contain any
spaces.
#
# This can also be the filename of a ruleset, in which case the filename
# must end in ".rule" or ".rules".
High Scoring Spam Actions = delete



...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Thu Oct 27 06:13:09 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:31:02 2006
Subject: Bounce Rules
Message-ID: <mailman.16370.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

---- Original Message ----
From: "Dave Shariff Yadallee - System Administrator a.k.a. The Root of

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From john at TRADOC.FR  Thu Oct 27 07:32:41 2005
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:31:02 2006
Subject: Problem with ClamAVModule
Message-ID: <mailman.16371.1137101462.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:
> Oct 26 15:06:59 132.210.244.90 MailScanner[28920]: Message 
> j9QJ6iY3027535 from 80.102.175.24 (kontounterstutzung02@vr-networld.de) 
> to usherbrooke.ca is est un polluriel, SpamAssassin (score=10.283, 
                        ^^^^^^^^^^^^^^^^
Looks like your clamav is using a French locale, whereas MailScanner is 
no doubt looking for clam's standard English messages...

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 27 08:58:15 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:02 2006
Subject: does Find Phishing Fraud alone imply disarming?
Message-ID: <mailman.16372.1137101462.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Bug.

Apply this patch to /usr/lib/MailScanner/MailScanner/Message.pm
- ----- SNIP -----
- --- Message.pm.old 2005-10-24 20:06:03.000000000 +0100
+++ Message.pm        2005-10-27 08:54:46.122216809 +0100
@@ -4421,7 +4421,7 @@
      if MailScanner::Config::Value('tagphishingsubject', $this) =~ /1/;
    #print STDERR "PhishingSubjectTag = $PhishingSubjectTag\n";
    $PhishingHighlight = 1
- -    if MailScanner::Config::Value('phishinghighlight', this) =~ /1/;
+    if MailScanner::Config::Value('phishinghighlight', $this) =~ /1/;
    #print STDERR "PhishingHighlight = $PhishingHighlight\n";
    $DisarmPhishingFound = 0;
    $DisarmHTMLChangedMessage = 0;
- ----- SNIP -----

So it was 1 missing $ symbol.
Sorry about that, should have tested it better.

On 26 Oct 2005, at 22:47, Brent Emerson wrote:

> Hi,
>
> We've really been looking forward to using the phishing detection,  
> but we
> don't like to modify message content.  I've just recently upgraded to
> 4.46.2 and assumed that
>
>     Find Phishing Fraud = yes
>     Highlight Phishing Fraud = no
>     Phishing Modify Subject = yes
>
> would detect phishing attempts and then modify the subject without
> disarming the phishing tags.  But I see lines like:
>
> Oct 26 14:16:49 smtp2 MailScanner[79047]: Content Checks: Detected and
> have disarmed phishing tags in HTML message
>
> in my logs, and my clients report some mangling of the content in  
> affected
> messages.  Is there a setting I've missed, or is there currently no  
> way to
> do phishing detection without disarming?  If not, could detection be
> separated from disarming in a future release, perhaps with a  
> setting like:
>
>     Allow Phishing = yes/no/disarm
>
> similar to the treatment of Scripts/WebBugs/etc.
>
>
> Brent Emerson
>
> P.S. We want to avoid disarming (1) because it violates a basic  
> principle
> we have of not modifying message bodies except to remove whole  
> viral MIME
> parts and (2) because we've found the phishing system to sometimes  
> make
> mistakes in putting links back together, for instance shifting the
> position of formatting tags around within/around an anchor tag.
>
>
> ----Electric Embers: Powering the fires of change--------------------
>   NPOGroups  |  NPOMail  |  NPOShield  |  web/database/email hosting
> ----http://electricembers.net--------A member of N-TEN and NoBAWC----
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2CImPw32o+k+q+hAQEhUQgAnHrOwd5o2JLp82odsfDkufO0RlbwOUk/
jovJhhASl6l+WKhKD+ATFIk/Kra3m8+uQ1lomKOQ4XWTa+47lTlaJG9XVULP0uGl
EhWVqmBe8z7z2FfXaJx0Z/aEwsEU56zyZIjLu0tpi/GC54kBOmYiXqQOrS2ta7l5
unQ9xILiT2qjMhKxSnWvOgPMYP+lFdGcKMJsXmS+/FpeqvwlLh+Lwqb224MDX8Rj
//rIO3jEdfoaB5pFyz/U4cD+Snxpqva8FH3D5j6tPAsYVH9oN3bCpoBmvObLFM68
IntHSD+rrKb2PdjbZBbdhweUEOfzgsONUKoUZhQHXwXSFlqyECkwrg==
=/KaG
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From prandal at HEREFORDSHIRE.GOV.UK  Thu Oct 27 11:34:32 2005
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:31:03 2006
Subject: Virii detection very low
Message-ID: <mailman.16373.1137101463.24926.mailscanner@lists.mailscanner.info>

Bitdefender caught 149 copies of W32/Brepibot.B overnight here which
McAfee and ClamAV both missed.  Spamassassin did a brilliant job and
flagged all but 5 as high-scoring spam too.  None got through.

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Glenn Steen
> Sent: 26 October 2005 20:54
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Virii detection very low
> 
> On 26/10/05, Rick Cooper <rcooper@dwford.com> wrote:
> > > -----Original Message-----
> > > From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK]On
> > > Behalf Of Julian Field
> > > Sent: Wednesday, October 26, 2005 1:33 PM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: Re: Virii detection very low
> > >
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > >
> > > >>What exactly is the licensing situation for Bitdefender?
> > > >>Is it really free as in beer for all situations? Or when do you 
> > > >>have to pay for it?
> > > >>How do Bitdefender make any profit? (assuming it's not
> > > free-as-in-speech)
> > > >>
> > > >>
> > > >>
> > > >
> > > >From the BitDefender site (Linux Free - Console) 
> > > 
> >http://www.bitdefender.com/PRODUCT-63-en--BitDefender-Linux-Edition
> > > >.html
> > > >
> > > >
> > > >BitDefender Linux Edition is a freeware product, which doesn't 
> > > >require a license to be used.
> > > >
> > > >
> > > That's pretty clear. Thanks for the pointer. I will start 
> > > recommending it in addition to ClamAV.
> > > Apart from being free, how good is its reputation for 
> high detection 
> > > rate and fast updates compared to other products?
> > >
> >
> > Assuming the Linux version is the same as the windows 
> version, because 
> > I don't keep track of how often the Linux version updates 
> even though 
> > I use it, it updates quite frequently and it's not uncommon for the 
> > Linux version to catch the viruses before clam or f-prot 
> even though 
> > they are before BD in my exim scan acls. I use the windows 
> > professional version 8 on my laptop and have been quite 
> happy with it for more than a year.
> >
> > If you would like to see an interesting update frequency comparison 
> > check this link
> >
> > http://www.pcmag.com/article2/0,1895,1760884,00.asp
> >
> > Note that the products marked beta are updated MUCH more often than 
> > there general release version. Not a single one of the release 
> > versions is in the top 50% while the betas are all in the top 5% or 
> > so. BD comes in the top 4 when you remove the beta products 
> from the list.
> >
> > Rick
> >
> 
> I've been running it with McAfee and Clamav for more than a year now.
> If one looks at the stats for detections *without* Phishing, 
> then BD and Clam are tied for first place (note that both 
> have been the "sole detector" at some time), with McAfee just 
> a hair or two behind (but even so, McAfee has also been the 
> sole detector too, just not as often). With phishing 
> detection included, clamav is the sole leader, with McAfee 
> well behind... BD is rumoured to have begun detecting phises 
> too, but I've not seen it happen in any bulk.
> During this time I've had one (1) bad update that required 
> manual intervention, compared to zero (0) for clamav and two 
> (2) for mcafee.
> 
> I'd say that at that price, you can't afford to not use it.
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Thu Oct 27 13:11:37 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:03 2006
Subject: whitelist group mail address
Message-ID: <mailman.16374.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello,

How would I whitelist a yahoo group mailing list? Mail is sent to 
groupname@yahoo.com. The list is moderated so no junk gets through. For 
some reason some mail from the group started getting blocked this morning.

Thanks,
Rod

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Thu Oct 27 13:30:01 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:03 2006
Subject: whitelist group mail address
Message-ID: <mailman.16375.1137101463.24926.mailscanner@lists.mailscanner.info>

Rod

Why did it start getting blocked.....surbl misfires??? What rules are
getting triggered?

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Rodney Green
> Sent: 27 October 2005 13:12
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] whitelist group mail address
> 
> Hello,
> 
> How would I whitelist a yahoo group mailing list? Mail is sent to
> groupname@yahoo.com. The list is moderated so no junk gets through. For
> some reason some mail from the group started getting blocked this morning.
> 
> Thanks,
> Rod
> 
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Thu Oct 27 13:37:35 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:03 2006
Subject: Problem with ClamAVModule
Message-ID: <mailman.16376.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

John Wilcock wrote:

> Denis Beauchemin wrote:
>
>> Oct 26 15:06:59 132.210.244.90 MailScanner[28920]: Message 
>> j9QJ6iY3027535 from 80.102.175.24 
>> (kontounterstutzung02@vr-networld.de) to usherbrooke.ca is est un 
>> polluriel, SpamAssassin (score=10.283, 
>
>                        ^^^^^^^^^^^^^^^^
> Looks like your clamav is using a French locale, whereas MailScanner 
> is no doubt looking for clam's standard English messages...
>
> John.
>
John,

ClamAV's message is in English:
Oct 26 15:07:08 132.210.244.90 MailScanner[28920]: 
ClamAVModule::INFECTED:: HTML.Phishing.Bank-1:: 
./j9QJ6iY3027535/msg-28920-1410.html

I agree that MS runs with French locale but it doesn't cause any problem 
with McAfee or Bitdefender.  Why would it act this way with ClamAV?

I looked in MS' source file SweepViruses.pm but couldn't figure out why 
it didn't see that message as indicating an infection.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From john at TRADOC.FR  Thu Oct 27 14:01:28 2005
From: john at TRADOC.FR (John Wilcock)
Date: Thu Jan 12 21:31:03 2006
Subject: Problem with ClamAVModule
Message-ID: <mailman.16377.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:
> John Wilcock wrote:
>> Looks like your clamav is using a French locale, whereas MailScanner 
>> is no doubt looking for clam's standard English messages...
>>
> ClamAV's message is in English:
> Oct 26 15:07:08 132.210.244.90 MailScanner[28920]: 
> ClamAVModule::INFECTED:: HTML.Phishing.Bank-1:: 
> ./j9QJ6iY3027535/msg-28920-1410.html
> 
> I agree that MS runs with French locale but it doesn't cause any problem 
> with McAfee or Bitdefender.  Why would it act this way with ClamAV?

Sorry, I had a vague recollection of problems parsing certain virus 
scanner output with the system locale set to French, but on closer 
inspection I think I was barking up the wrong tree there.

John.

-- 
-- Over 2500 webcams from ski resorts around the world - www.snoweye.com
-- Translate your technical documents and web pages    - www.tradoc.fr

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mike at CAMAROSS.NET  Thu Oct 27 14:06:45 2005
From: mike at CAMAROSS.NET (Mike Kercher)
Date: Thu Jan 12 21:31:03 2006
Subject: OT: WAV/MP3 to TXT
Message-ID: <mailman.16378.1137101463.24926.mailscanner@lists.mailscanner.info>

I am trying to find an application (if one even exists) to take a .WAV or
.MP3 file and transcribe (voice recognition) the audio to a text file.
Please reply off-list if you know of anything that will do this.

TIA

Mike

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Thu Oct 27 14:35:24 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:03 2006
Subject: Virii detection very low
Message-ID: <mailman.16379.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Randal, Phil wrote:

>Bitdefender caught 149 copies of W32/Brepibot.B overnight here which
>McAfee and ClamAV both missed.  Spamassassin did a brilliant job and
>flagged all but 5 as high-scoring spam too.  None got through.
>
>  
>

Phil,

My Bitdefender never calls anything "W32/".  It calls them "Win32.".  
Was that a typo on your part?

Denis
PS: I didn't get any Brepibot.B.

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From prandal at HEREFORDSHIRE.GOV.UK  Thu Oct 27 14:42:12 2005
From: prandal at HEREFORDSHIRE.GOV.UK (Randal, Phil)
Date: Thu Jan 12 21:31:03 2006
Subject: Virii detection very low
Message-ID: <mailman.16380.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

No, I just used another vendor's name for it, sorry!

"Bitdefender: Found virus BehavesLike:Win32.IRC-Backdoor in file Photo
and Article.zip"

Cheers,

Phil

----
Phil Randal
Network Engineer
Herefordshire Council
Hereford, UK  

> -----Original Message-----
> From: MailScanner mailing list 
> [mailto:MAILSCANNER@JISCMAIL.AC.UK] On Behalf Of Denis Beauchemin
> Sent: 27 October 2005 14:35
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: Virii detection very low
> 
> Randal, Phil wrote:
> 
> >Bitdefender caught 149 copies of W32/Brepibot.B overnight here which 
> >McAfee and ClamAV both missed.  Spamassassin did a brilliant job and 
> >flagged all but 5 as high-scoring spam too.  None got through.
> >
> >  
> >
> 
> Phil,
> 
> My Bitdefender never calls anything "W32/".  It calls them "Win32.".  
> Was that a typo on your part?
> 
> Denis
> PS: I didn't get any Brepibot.B.
> 
> -- 
>    _
>   °v°   Denis Beauchemin, analyste
>  /(_)\  Université de Sherbrooke, S.T.I.
>   ^ ^   T: 819.821.8000x2252 F: 819.821.8045
> 
> ------------------------ MailScanner list 
> ------------------------ To unsubscribe, email 
> jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) 
> and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Thu Oct 27 14:58:28 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: Problem with ClamAVModule
Message-ID: <mailman.16381.1137101463.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

On 27 Oct 2005, at 14:01, John Wilcock wrote:

> Denis Beauchemin wrote:
>
>> John Wilcock wrote:
>>
>>> Looks like your clamav is using a French locale, whereas  
>>> MailScanner is no doubt looking for clam's standard English  
>>> messages...
>>>
>>>
>> ClamAV's message is in English:
>> Oct 26 15:07:08 132.210.244.90 MailScanner[28920]:  
>> ClamAVModule::INFECTED:: HTML.Phishing.Bank-1:: ./j9QJ6iY3027535/ 
>> msg-28920-1410.html
>> I agree that MS runs with French locale but it doesn't cause any  
>> problem with McAfee or Bitdefender.  Why would it act this way  
>> with ClamAV?
>>
>
> Sorry, I had a vague recollection of problems parsing certain virus  
> scanner output with the system locale set to French, but on closer  
> inspection I think I was barking up the wrong tree there.

When using either of the module-based virus scanners, the output you  
are seeing from Clam is actually generated by MailScanner itself, and  
there is no provision for translation of the syntax of these lines.  
So, though it might be a problem when using "clamav", the locale does  
not affect "clamavmodule" or "sophossavi".
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2DdBvw32o+k+q+hAQElqwf9Hj9BykDrZoBAxTi1GZTK4Feu0N2n96sF
7Ya/3krFtJE5j2h64ili4Yx4ryY8wMvvbA+Ic3m8Mj0lwtLgeOgl428U0f1mrH+0
XReOmrFh0F1xXxmYeHQ/bNcq+6ZO+yfKh488yy4cVeFTZFjyFzsAV+fYA2PEe4j4
g2wknqEFrSiriyDI6YfOsVsXo8MTJNdsC2BamxpcC4PwJQ1WsVfSw6bHnPhO3oLY
+93b2KJRkPgkxyQzIemPAOKO2eJxZRACuw2SJQAalpkEGltdubf4pcpWbFaa9apo
BvP/7892SrnykXMsL7ChXWu6ScnyzVb05Z1dnEWSJ4OjIGEHDxRXHA==
=ogH3
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Thu Oct 27 15:19:19 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:03 2006
Subject: whitelist group mail address
Message-ID: <mailman.16382.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Rodney Green wrote:
> Hello,
> 
> How would I whitelist a yahoo group mailing list? Mail is sent to 
> groupname@yahoo.com. The list is moderated so no junk gets through. For 
> some reason some mail from the group started getting blocked this morning.

Isn't the real e-mail address something like 
"bounce-238938@groupname.groups.yahoo.com" ?

> 
> Thanks,
> Rod
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mkettler at EVI-INC.COM  Thu Oct 27 15:46:04 2005
From: mkettler at EVI-INC.COM (Matt Kettler)
Date: Thu Jan 12 21:31:03 2006
Subject: Bounce Rules
Message-ID: <mailman.16383.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the Problem
> 
> 
> Then what about just making it undeliverable? 
> 

Only if you can do it *before* the end of the SMTP session. Otherwise an
undeliverable message will cause the MTA to generate a bounce, which is
ultimately the same thing as having mailscanner generate a bounce.


The problem isn't the semantics. It's the generation of a DSN message that will
be sent to an address your can be 99.9% sure isn't the author of the message.

(If the message really is spam, there is a 100% chance that both the
Return-Path: and the From: are forged. It's also likely they point to the
mailbox of someone completely innocent, possibly someone who has irritated the
spammer.)

The same applies to most email viruses. The "sender" of the message didn't send
it. It's pure forgery and you're just spamming someone uninvolved by bouncing a
message to them.


If this doesn't make sense to you, Read up on "joe jobs" and "backscatter" or
"blowback" and how they relate to spam and network abuse.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dwinkler at ALGORITHMICS.COM  Thu Oct 27 16:12:55 2005
From: dwinkler at ALGORITHMICS.COM (Derek Winkler)
Date: Thu Jan 12 21:31:03 2006
Subject: X-MailScanner-From Available to SpamAssassin
Message-ID: <mailman.16384.1137101463.24926.mailscanner@lists.mailscanner.info>


Can someone confirm whether the X-MailScanner-From header is available to
SpamAssassin or not?

Thanks,

Derek


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


From MailScanner at ecs.soton.ac.uk  Thu Oct 27 16:20:59 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: X-MailScanner-From Available to SpamAssassin
Message-ID: <mailman.16385.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Yes, it is available to SpamAssassin so that it can use it for SPF
checks.
On 27 Oct 2005, at 16:12, Derek Winkler wrote:

      Can someone confirm whether the X-MailScanner-From header is
      available to SpamAssassin or not?

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!


    [ Part 2, Application/PGP-SIGNATURE  498bytes. ]
    [ Unable to print this part. ]


From Denis.Beauchemin at USHERBROOKE.CA  Thu Oct 27 16:24:27 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:03 2006
Subject: Problem with ClamAVModule
Message-ID: <mailman.16386.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>On 27 Oct 2005, at 14:01, John Wilcock wrote:
>
>  
>
>>Denis Beauchemin wrote:
>>
>>    
>>
>>>John Wilcock wrote:
>>>
>>>      
>>>
>>>>Looks like your clamav is using a French locale, whereas  
>>>>MailScanner is no doubt looking for clam's standard English  
>>>>messages...
>>>>
>>>>
>>>>        
>>>>
>>>ClamAV's message is in English:
>>>Oct 26 15:07:08 132.210.244.90 MailScanner[28920]:  
>>>ClamAVModule::INFECTED:: HTML.Phishing.Bank-1:: ./j9QJ6iY3027535/ 
>>>msg-28920-1410.html
>>>I agree that MS runs with French locale but it doesn't cause any  
>>>problem with McAfee or Bitdefender.  Why would it act this way  
>>>with ClamAV?
>>>
>>>      
>>>
>>Sorry, I had a vague recollection of problems parsing certain virus  
>>scanner output with the system locale set to French, but on closer  
>>inspection I think I was barking up the wrong tree there.
>>    
>>
>
>When using either of the module-based virus scanners, the output you  
>are seeing from Clam is actually generated by MailScanner itself, and  
>there is no provision for translation of the syntax of these lines.  
>So, though it might be a problem when using "clamav", the locale does  
>not affect "clamavmodule" or "sophossavi".
>  
>

Julian,

Then how could we explain the fact that MS logged an infected file but 
sent it anyways to the user?  Do I have something amiss in my config?

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Thu Oct 27 19:12:37 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:03 2006
Subject: Problem with ClamAVModule
Message-ID: <mailman.16387.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Beauchemin wrote:

> Julian Field wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>> On 27 Oct 2005, at 14:01, John Wilcock wrote:
>>
>>  
>>
>>> Denis Beauchemin wrote:
>>>
>>>   
>>>
>>>> John Wilcock wrote:
>>>>
>>>>     
>>>>
>>>>> Looks like your clamav is using a French locale, whereas  
>>>>> MailScanner is no doubt looking for clam's standard English  
>>>>> messages...
>>>>>
>>>>>
>>>>>       
>>>>
>>>> ClamAV's message is in English:
>>>> Oct 26 15:07:08 132.210.244.90 MailScanner[28920]:  
>>>> ClamAVModule::INFECTED:: HTML.Phishing.Bank-1:: ./j9QJ6iY3027535/ 
>>>> msg-28920-1410.html
>>>> I agree that MS runs with French locale but it doesn't cause any  
>>>> problem with McAfee or Bitdefender.  Why would it act this way  
>>>> with ClamAV?
>>>>
>>>>     
>>>
>>> Sorry, I had a vague recollection of problems parsing certain virus  
>>> scanner output with the system locale set to French, but on closer  
>>> inspection I think I was barking up the wrong tree there.
>>>   
>>
>>
>> When using either of the module-based virus scanners, the output you  
>> are seeing from Clam is actually generated by MailScanner itself, 
>> and  there is no provision for translation of the syntax of these 
>> lines.  So, though it might be a problem when using "clamav", the 
>> locale does  not affect "clamavmodule" or "sophossavi".
>>  
>>
>
> Julian,
>
> Then how could we explain the fact that MS logged an infected file but 
> sent it anyways to the user?  Do I have something amiss in my config?
>
> Denis
>
Julian,

I may have been fooled by MS' messages...  I think MS did the right 
thing (not deliver the message) because I have no sendmail entry in my 
maillog with stat=sent...  for that message ID; just the stat=queued as 
seen in the next example (dates and times omitted to help ligibility):

sendmail[1259]: j9RA07iO001259: from=<Unterstutzung23@vr-networld.de>, 
size=29433, class=0, nrcpts=1, 
msgid=<001a01c5dadd$3a4c2ae8$a24dfea9@jlbt-qjhfa1lk9x>, proto=SMTP, 
daemon=MTA, relay=[222.216.100.89]
sendmail[1259]: j9RA07iO001259: to=<user>, delay=00:00:23, mailer=relay, 
pri=59433, stat=queued
MailScanner[1586]: New Batch: Scanning 2 messages, 14615113 bytes
MailScanner[1586]: Spam Checks: Starting
MailScanner[1586]: Message j9RA07iO001259 from 222.216.100.89 
(unterstutzung23@vr-networld.de) to physique.usherb.ca is est un 
polluriel, SpamAssassin (score=15.839, requis 5, BAYES_99 3.50, 
DCC_CHECK 2.17, HTML_90_100 0.02, HTML_FONT_LOW_CONTRAST 0.79, 
HTML_IMAGE_ONLY_08 3.04, HTML_MESSAGE 0.00, INVALID_DATE 0.24, 
J_CHICKENPOX_22 0.60, MIME_QP_LONG_LINE 0.04, NORMAL_HTTP_TO_IP 4.00, 
SUBJ_HAS_UNIQ_ID 1.34, WEIRD_PORT 0.11)
MailScanner[1586]: Spam Checks: Found 1 spam messages
MailScanner[1586]: Spam Actions: message j9RA07iO001259 actions are 
attachment,deliver
MailScanner[1586]: Virus and Content Scanning: Starting
MailScanner[1586]: ClamAVModule::INFECTED:: HTML.Phishing.Bank-1:: 
./j9RA07iO001259/msg-1586-250.html
MailScanner[1586]: Virus Scanning: ClamAV Module found 1 infections
MailScanner[1586]: Infected message j9RA07iO001259 came from 222.216.100.89
MailScanner[1586]: Virus Scanning: Found 1 viruses
MailScanner[1586]: <A> tag found in message j9RA07iO001259 from 
unterstutzung23@vr-networld.de
MailScanner[1586]: Found ip-based phishing fraud from 
202.164.185.98:8081 in j9RA07iO001259
MailScanner[1586]: Found ip-based phishing fraud from 
202.164.185.98:8081 in j9RA07iO001259
MailScanner[1586]: Content Checks: Detected and have disarmed phishing 
tags in HTML message in j9RA07iO001259 from unterstutzung23@vr-networld.de
MailScanner[1586]: Viruses marked as silent: ClamAV Module: 
msg-1586-250.html was infected: HTML.Phishing.Bank-1
MailScanner[1586]: Uninfected: Delivered 1 messages

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jdavis at CS.ARIZONA.EDU  Thu Oct 27 19:13:58 2005
From: jdavis at CS.ARIZONA.EDU (Jim Davis)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16388.1137101463.24926.mailscanner@lists.mailscanner.info>

This slipped by my procmail filter; it looks like the spammer added a fake
spamassassin block to the headers...

>From emala@abrilpesquisa.com.br Thu Oct 27 11:01:09 2005
>Return-Path: <wwwrun@h8884.serverkompetenz.net>
>Received: from hackberry.cs.arizona.edu (hackberry.cs.arizona.edu
>    [192.12.69.6])
>	by email.cs.arizona.edu (8.13.3/8.13.3) with ESMTP id j9RAM85n048192
>	for <jdavis@hackberry.cs.arizona.edu>; Thu, 27 Oct 2005 03:22:08 -0700 (MST)
>	(envelope-from wwwrun@h8884.serverkompetenz.net)
>Received: from cheltenham.cs.arizona.edu (cheltenham.cs.arizona.edu
>    [192.12.69.60])
>	by hackberry.cs.arizona.edu (Postfix) with ESMTP id 3D2E7D4081E
>	for <jdavis@hackberry.cs.arizona.edu>; Thu, 27 Oct 2005 03:22:07 -0700 (MST)
>Received: from h8884.serverkompetenz.net (h8884.serverkompetenz.net
>    [81.169.187.232])
>	by cheltenham.cs.arizona.edu (8.13.4/8.13.4) with ESMTP id
>    j9RAM3CY081643
>	for <jdavis@cs.arizona.edu>; Thu, 27 Oct 2005 03:22:03 -0700 (MST)
>	(envelope-from wwwrun@h8884.serverkompetenz.net)
>Received: by h8884.serverkompetenz.net (Postfix, from userid 30)
>	id C039B177290; Thu, 27 Oct 2005 12:38:09 +0200 (CEST)
>X-Virus-Scanned: by amavis-ng-0.1.6.4-03dc on localhost
>From: Pesquisa Nacional Abril 2005 <emala@abrilpesquisa.com.br>
>To: jdavis@CS.Arizona.EDU
>Subject: Responda e concorra gratuitamente a um Palio Adventure 1.8
>X-Priority: 1
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1437
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441

...right about here:

>X-Spam-Checker-Version: SpamAssassin 3.0.3-spambr_20030926a (2005-04-27) on
>        localhost
>X-Spam-Status: No, score=-105.5 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00,
>        BR_CURSO_BODY,HTML_80_90,HTML_FONT_BIG,HTML_FONT_FACE_BAD,
>        HTML_MESSAGE,HTML_NONELEMENT_00_10,HTML_TAG_EXIST_TBODY,
>        USER_IN_WHITELIST autolearn=ham version=3.0.3-spambr_20030926a, Yes
>Content-type: text/html
>Message-Id: <20051027103809.C039B177290@h8884.serverkompetenz.net>
>Date: Thu, 27 Oct 2005 12:38:09 +0200 (CEST)

While this is the real thing our local server added:

>X-CS-MailScanner-SpamCheck: spam, SpamAssassin (score=11.692, required 5,
>	BAYES_99 3.50, DNS_FROM_RFC_ABUSE 0.20, FORGED_MUA_OUTLOOK 4.06,
>	FORGED_OUTLOOK_HTML 2.71, HTML_90_100 0.11, HTML_MESSAGE 0.00,
>	MIME_HEADER_CTYPE_ONLY 0.00, MIME_HTML_ONLY 0.00,
>	NORMAL_HTTP_TO_IP 0.17, RAZOR2_CHECK 0.50, X_PRIORITY_HIGH 0.43)
>X-Spam-Level: ***********
>X-Spam-Flag: YES
>
>
>
><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
[...]

With

High Scoring Spam Actions = header "X-Spam-Status: Yes" header
"X-Spam-Flag: YES attachment deliver

then there should have been a 'X-Spam-Status: Yes' header added (and the
spam itself should have been wrapped in an attachment, but that's still
not working).  Could the bogus 'X-Spam-Status: No' header somehow have
interfered with that?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Thu Oct 27 21:43:54 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16389.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "WINDOWS-1252" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 27/10/05, Jim Davis <jdavis@cs.arizona.edu> wrote:
> This slipped by my procmail filter; it looks like the spammer added a fake
> spamassassin block to the headers...
>
(snip)
> With
>
> High Scoring Spam Actions = header "X-Spam-Status: Yes" header
> "X-Spam-Flag: YES attachment deliver
>
> then there should have been a 'X-Spam-Status: Yes' header added (and the
> spam itself should have been wrapped in an attachment, but that's still
> not working).  Could the bogus 'X-Spam-Status: No' header somehow have
> interfered with that?
>
Why do you rely on procmail handling this? MailScanner can do either
of "delete", "Store", "forward" ... And you should be able to habdle
that in a ruleset too...
And why do you rely on a "publicly know" header.... for all you're
using it, you could as well invent your own... "X-Nyponsoppa: YES";-).

Just my ^À0.02
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

From glenn.steen at GMAIL.COM  Thu Oct 27 21:46:52 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16390.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 27/10/05, Glenn Steen <glenn.steen@gmail.com> wrote:
(snip)
> of "delete", "Store", "forward" ... And you should be able to habdle
Le Grand Typo strikes again... Store -> store, habdle -> handle
Now, where did I put that finger exercise equipment....
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jdavis at CS.ARIZONA.EDU  Thu Oct 27 22:21:16 2005
From: jdavis at CS.ARIZONA.EDU (Jim Davis)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16391.1137101463.24926.mailscanner@lists.mailscanner.info>

On Thu, 27 Oct 2005, Glenn Steen wrote:

> Why do you rely on procmail handling this?

Procmail handles all local delivery, and I'm moving from a standalone
spamd/spamc setup where users do something like

:0:
* ^X-Spam-Status: Yes
spam

in their .procmailrc files.  By policy, the server just tags; what users
do with that info is up to them.

As far as I can tell, that shouldn't be spoofable by a spammer simply
tacking on a 'X-Spam-Status: No' flag.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Fri Oct 28 00:15:50 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16392.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Jim Davis spake the following on 10/27/2005 2:21 PM:
> On Thu, 27 Oct 2005, Glenn Steen wrote:
> 
> 
>>Why do you rely on procmail handling this?
> 
> 
> Procmail handles all local delivery, and I'm moving from a standalone
> spamd/spamc setup where users do something like
> 
> :0:
> * ^X-Spam-Status: Yes
> spam
> 
> in their .procmailrc files.  By policy, the server just tags; what users
> do with that info is up to them.
> 
> As far as I can tell, that shouldn't be spoofable by a spammer simply
> tacking on a 'X-Spam-Status: No' flag.
> 
Wouldn't it depend on where their spoofed header is in the body of the
message. I think the earlier comment of changing the header to something
more personal,like X-SERVERNAME-Spam-Status:, and fixing that in their
.procmailrc

-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From felix.schaefer at WEB.DE  Fri Oct 28 07:41:29 2005
From: felix.schaefer at WEB.DE (Felix)
Date: Thu Jan 12 21:31:03 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16393.1137101463.24926.mailscanner@lists.mailscanner.info>

On Mon, 1 Aug 2005 14:16:03 -0700, James D. Parra 
<Jamesp@MUSICREPORTS.COM> wrote:

Hello,

is a solution for this error available?
The same error occurs on SUSE Linux 10.0 OSS.

The workaround to add the sendmail-out pid to the sendmail out
arg in mailscanner init script doesn't work on my system :-(.

The original sendmail start script from suse is attached.

Thank you,

Felix

>Hello,
>
>Whenever I start MailScanner I get the following error:
>
>MailScanner # cat /var/log/mail.err
>Jul 28 18:21:34  sendmail-out[12986]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Jul 29 15:46:35  sendmail-out[5624]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 11:14:54  sendmail-out[25226]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 13:12:13  sendmail-out[25885]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 13:15:43  sendmail-out[26006]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 13:57:47  sendmail-out[26165]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>
>No other application, outside of MailScanner starting sendmail, is 
running.
>
>Can someone point me in the right direction?
>
>Thank you,
>
>James
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>=========================================================================


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "mailscanner-mail.txt")  60 lines. ]
    [ Unable to print this part. ]


From felix.schaefer at WEB.DE  Fri Oct 28 08:22:29 2005
From: felix.schaefer at WEB.DE (No Name)
Date: Thu Jan 12 21:31:03 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16394.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]


MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK> schrieb am 28.10.05 09:02:38:

On Mon, 1 Aug 2005 14:16:03 -0700, James D. Parra 
<Jamesp@MUSICREPORTS.COM> wrote:

Sorry, i've attached the wrong file.

See suse-initscript.txt

Felix

Hello,

is a solution for this error available?
The same error occurs on SUSE Linux 10.0 OSS.

The workaround to add the sendmail-out pid to the sendmail out
arg in mailscanner init script doesn't work on my system :-(.

The original sendmail start script from suse is attached.

Thank you,

Felix

>Hello,
>
>Whenever I start MailScanner I get the following error:
>
>MailScanner # cat /var/log/mail.err
>Jul 28 18:21:34  sendmail-out[12986]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Jul 29 15:46:35  sendmail-out[5624]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 11:14:54  sendmail-out[25226]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 13:12:13  sendmail-out[25885]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 13:15:43  sendmail-out[26006]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>Aug  1 13:57:47  sendmail-out[26165]: unable to write pid to
>/var/run/sendmail.pid: file in use by another process
>
>No other application, outside of MailScanner starting sendmail, is 
running.
>
>Can someone point me in the right direction?
>
>Thank you,
>
>James
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>=========================================================================


------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!




------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, Text/PLAIN (Name: "suse-initscript.txt")  118 lines. ]
    [ Unable to print this part. ]


From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 28 09:42:44 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16395.1137101463.24926.mailscanner@lists.mailscanner.info>

Jim

This is the reason why Julian put in the organization name into the
X-MailScanner headers. Some virus writer had figured out a lot of people
where using the fact it had been scanned by an MS system and people where
trusting that based on the header information. So Jules has to make the MS
headers more unique to close that.

I also think is when we all realized how many MS installations are out
there, if the virus writers are exploiting yoursystem to fool another system
into letting malware through I think you've 'arrived' as it where ;-)

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jim Davis
> Sent: 27 October 2005 19:14
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Odd missing X-Spam-Status: Yes header
> 
> This slipped by my procmail filter; it looks like the spammer added a fake
> spamassassin block to the headers...
> 
> >From emala@abrilpesquisa.com.br Thu Oct 27 11:01:09 2005
> >Return-Path: <wwwrun@h8884.serverkompetenz.net>
> >Received: from hackberry.cs.arizona.edu (hackberry.cs.arizona.edu
> >    [192.12.69.6])
> >	by email.cs.arizona.edu (8.13.3/8.13.3) with ESMTP id j9RAM85n048192
> >	for <jdavis@hackberry.cs.arizona.edu>; Thu, 27 Oct 2005 03:22:08 -
> 0700 (MST)
> >	(envelope-from wwwrun@h8884.serverkompetenz.net)
> >Received: from cheltenham.cs.arizona.edu (cheltenham.cs.arizona.edu
> >    [192.12.69.60])
> >	by hackberry.cs.arizona.edu (Postfix) with ESMTP id 3D2E7D4081E
> >	for <jdavis@hackberry.cs.arizona.edu>; Thu, 27 Oct 2005 03:22:07 -
> 0700 (MST)
> >Received: from h8884.serverkompetenz.net (h8884.serverkompetenz.net
> >    [81.169.187.232])
> >	by cheltenham.cs.arizona.edu (8.13.4/8.13.4) with ESMTP id
> >    j9RAM3CY081643
> >	for <jdavis@cs.arizona.edu>; Thu, 27 Oct 2005 03:22:03 -0700 (MST)
> >	(envelope-from wwwrun@h8884.serverkompetenz.net)
> >Received: by h8884.serverkompetenz.net (Postfix, from userid 30)
> >	id C039B177290; Thu, 27 Oct 2005 12:38:09 +0200 (CEST)
> >X-Virus-Scanned: by amavis-ng-0.1.6.4-03dc on localhost
> >From: Pesquisa Nacional Abril 2005 <emala@abrilpesquisa.com.br>
> >To: jdavis@CS.Arizona.EDU
> >Subject: Responda e concorra gratuitamente a um Palio Adventure 1.8
> >X-Priority: 1
> >X-MSMail-Priority: Normal
> >X-Mailer: Microsoft Outlook Express 6.00.2800.1437
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
> 
> ...right about here:
> 
> >X-Spam-Checker-Version: SpamAssassin 3.0.3-spambr_20030926a (2005-04-27)
> on
> >        localhost
> >X-Spam-Status: No, score=-105.5 required=3.0
> tests=ALL_TRUSTED,AWL,BAYES_00,
> >        BR_CURSO_BODY,HTML_80_90,HTML_FONT_BIG,HTML_FONT_FACE_BAD,
> >        HTML_MESSAGE,HTML_NONELEMENT_00_10,HTML_TAG_EXIST_TBODY,
> >        USER_IN_WHITELIST autolearn=ham version=3.0.3-spambr_20030926a,
> Yes
> >Content-type: text/html
> >Message-Id: <20051027103809.C039B177290@h8884.serverkompetenz.net>
> >Date: Thu, 27 Oct 2005 12:38:09 +0200 (CEST)
> 
> While this is the real thing our local server added:
> 
> >X-CS-MailScanner-SpamCheck: spam, SpamAssassin (score=11.692, required 5,
> >	BAYES_99 3.50, DNS_FROM_RFC_ABUSE 0.20, FORGED_MUA_OUTLOOK 4.06,
> >	FORGED_OUTLOOK_HTML 2.71, HTML_90_100 0.11, HTML_MESSAGE 0.00,
> >	MIME_HEADER_CTYPE_ONLY 0.00, MIME_HTML_ONLY 0.00,
> >	NORMAL_HTTP_TO_IP 0.17, RAZOR2_CHECK 0.50, X_PRIORITY_HIGH 0.43)
> >X-Spam-Level: ***********
> >X-Spam-Flag: YES
> >
> >
> >
> ><!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> [...]
> 
> With
> 
> High Scoring Spam Actions = header "X-Spam-Status: Yes" header
> "X-Spam-Flag: YES attachment deliver
> 
> then there should have been a 'X-Spam-Status: Yes' header added (and the
> spam itself should have been wrapped in an attachment, but that's still
> not working).  Could the bogus 'X-Spam-Status: No' header somehow have
> interfered with that?
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 28 09:59:25 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16396.1137101463.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

The only time MailScanner actually uses the contents of any of the  
headers is when deciding to sign (add inline.sig.* to) messages. It  
uses the local MailScanner header to work out if it has already been  
through one of your MailScanner servers. And the envelope-from is  
added for SPF checks in SpamAssassin. But that's it.

No scanning can be bypassed by the spammers or virus writers putting  
anything in the headers.

On 28 Oct 2005, at 09:42, Martin Hepworth wrote:

> Jim
>
> This is the reason why Julian put in the organization name into the
> X-MailScanner headers. Some virus writer had figured out a lot of  
> people
> where using the fact it had been scanned by an MS system and people  
> where
> trusting that based on the header information. So Jules has to make  
> the MS
> headers more unique to close that.
>
> I also think is when we all realized how many MS installations are out
> there, if the virus writers are exploiting yoursystem to fool  
> another system
> into letting malware through I think you've 'arrived' as it where ;-)
>
> --
> Martin Hepworth
> Snr Systems Administrator
> Solid State Logic
> Tel: +44 (0)1865 842300
>
>
>> -----Original Message-----
>> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
>> Behalf Of Jim Davis
>> Sent: 27 October 2005 19:14
>> To: MAILSCANNER@JISCMAIL.AC.UK
>> Subject: [MAILSCANNER] Odd missing X-Spam-Status: Yes header
>>
>> This slipped by my procmail filter; it looks like the spammer  
>> added a fake
>> spamassassin block to the headers...
>>
>>
>>> From emala@abrilpesquisa.com.br Thu Oct 27 11:01:09 2005
>>> Return-Path: <wwwrun@h8884.serverkompetenz.net>
>>> Received: from hackberry.cs.arizona.edu (hackberry.cs.arizona.edu
>>>    [192.12.69.6])
>>>     by email.cs.arizona.edu (8.13.3/8.13.3) with ESMTP id  
>>> j9RAM85n048192
>>>     for <jdavis@hackberry.cs.arizona.edu>; Thu, 27 Oct 2005  
>>> 03:22:08 -
>>>
>> 0700 (MST)
>>
>>>     (envelope-from wwwrun@h8884.serverkompetenz.net)
>>> Received: from cheltenham.cs.arizona.edu (cheltenham.cs.arizona.edu
>>>    [192.12.69.60])
>>>     by hackberry.cs.arizona.edu (Postfix) with ESMTP id 3D2E7D4081E
>>>     for <jdavis@hackberry.cs.arizona.edu>; Thu, 27 Oct 2005  
>>> 03:22:07 -
>>>
>> 0700 (MST)
>>
>>> Received: from h8884.serverkompetenz.net (h8884.serverkompetenz.net
>>>    [81.169.187.232])
>>>     by cheltenham.cs.arizona.edu (8.13.4/8.13.4) with ESMTP id
>>>    j9RAM3CY081643
>>>     for <jdavis@cs.arizona.edu>; Thu, 27 Oct 2005 03:22:03 -0700  
>>> (MST)
>>>     (envelope-from wwwrun@h8884.serverkompetenz.net)
>>> Received: by h8884.serverkompetenz.net (Postfix, from userid 30)
>>>     id C039B177290; Thu, 27 Oct 2005 12:38:09 +0200 (CEST)
>>> X-Virus-Scanned: by amavis-ng-0.1.6.4-03dc on localhost
>>> From: Pesquisa Nacional Abril 2005 <emala@abrilpesquisa.com.br>
>>> To: jdavis@CS.Arizona.EDU
>>> Subject: Responda e concorra gratuitamente a um Palio Adventure 1.8
>>> X-Priority: 1
>>> X-MSMail-Priority: Normal
>>> X-Mailer: Microsoft Outlook Express 6.00.2800.1437
>>> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
>>>
>>
>> ...right about here:
>>
>>
>>> X-Spam-Checker-Version: SpamAssassin 3.0.3-spambr_20030926a  
>>> (2005-04-27)
>>>
>> on
>>
>>>        localhost
>>> X-Spam-Status: No, score=-105.5 required=3.0
>>>
>> tests=ALL_TRUSTED,AWL,BAYES_00,
>>
>>>        BR_CURSO_BODY,HTML_80_90,HTML_FONT_BIG,HTML_FONT_FACE_BAD,
>>>        HTML_MESSAGE,HTML_NONELEMENT_00_10,HTML_TAG_EXIST_TBODY,
>>>        USER_IN_WHITELIST autolearn=ham version=3.0.3- 
>>> spambr_20030926a,
>>>
>> Yes
>>
>>> Content-type: text/html
>>> Message-Id: <20051027103809.C039B177290@h8884.serverkompetenz.net>
>>> Date: Thu, 27 Oct 2005 12:38:09 +0200 (CEST)
>>>
>>
>> While this is the real thing our local server added:
>>
>>
>>> X-CS-MailScanner-SpamCheck: spam, SpamAssassin (score=11.692,  
>>> required 5,
>>>     BAYES_99 3.50, DNS_FROM_RFC_ABUSE 0.20, FORGED_MUA_OUTLOOK 4.06,
>>>     FORGED_OUTLOOK_HTML 2.71, HTML_90_100 0.11, HTML_MESSAGE 0.00,
>>>     MIME_HEADER_CTYPE_ONLY 0.00, MIME_HTML_ONLY 0.00,
>>>     NORMAL_HTTP_TO_IP 0.17, RAZOR2_CHECK 0.50, X_PRIORITY_HIGH 0.43)
>>> X-Spam-Level: ***********
>>> X-Spam-Flag: YES
>>>
>>>
>>>
>>> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
>>>
>> [...]
>>
>> With
>>
>> High Scoring Spam Actions = header "X-Spam-Status: Yes" header
>> "X-Spam-Flag: YES attachment deliver
>>
>> then there should have been a 'X-Spam-Status: Yes' header added  
>> (and the
>> spam itself should have been wrapped in an attachment, but that's  
>> still
>> not working).  Could the bogus 'X-Spam-Status: No' header somehow  
>> have
>> interfered with that?
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2HocPw32o+k+q+hAQFf9Qf/UAfRF1ZSwkGOk3Ba81QqOdlrTK9XTVTt
Fk/DuzEaSu685BJVKQanYiKcLzj0mhWAlrvcvMUD8NjchR2xR0jKFqIINmSXpNGr
yfT/oht5osZJYH3s1LQAZhpFyY5l/khuSocGt2oY9CSX3Pyt+LQf+t9emNRb1doA
phwUDDJBH9sr7u2+P1bN6v2YFbDOezVfb6DVpYUsR3tVQwqpGdhF0EjT1nm0z2vT
p/evgcW1iNEeoBj878Esx4yKPg5OqKc5w+UHGcxHqMGHYTwFjahMMnJrr1Dl1yQG
IjT2BacIe5Zb/VbS1+MdQyukAjti9dOyBou3Mv28jslxtHyXM/v48g==
=WfpN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at GMAIL.COM  Fri Oct 28 10:29:16 2005
From: glenn.steen at GMAIL.COM (Glenn Steen)
Date: Thu Jan 12 21:31:03 2006
Subject: Odd missing X-Spam-Status: Yes header
Message-ID: <mailman.16397.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 27/10/05, Jim Davis <jdavis@cs.arizona.edu> wrote:
> On Thu, 27 Oct 2005, Glenn Steen wrote:
>
> > Why do you rely on procmail handling this?
>
> Procmail handles all local delivery, and I'm moving from a standalone
> spamd/spamc setup where users do something like
>
> :0:
> * ^X-Spam-Status: Yes
> spam
>
> in their .procmailrc files.  By policy, the server just tags; what users
> do with that info is up to them.
>
> As far as I can tell, that shouldn't be spoofable by a spammer simply
> tacking on a 'X-Spam-Status: No' flag.
>
Well, it is, so then you either have to look at that strategy as a
whole (perhaps go for quarantining instead, and setup/use MailWatch to
let the users manage their quarantine themselves... Or something
similar), or make sure there is no such spoofable header in the mails
prior to MS scanning them. In Postfix, if you were to use that, this
is a simple header check. Something like:
/^X-Spam-Level:/   IGNORE  # This drops the SpamAssassin spam level header
/^X-Spam-Status:/ IGNORE  # This drops the SpamAssassin spam status header
... in your header_checks file (assuming you have "header_checks =
regexp:/etc/postfix/header_checks") would probably be enough. Should
work, since it is cleanup that drops them, and wouldn't come into play
on the reinjected mails.
I'm sure other MTAs have similar features.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jlmiller at MMTNETWORKS.COM.AU  Fri Oct 28 10:46:26 2005
From: jlmiller at MMTNETWORKS.COM.AU (Jon Miller)
Date: Thu Jan 12 21:31:03 2006
Subject: SA timeout
Message-ID: <mailman.16398.1137101463.24926.mailscanner@lists.mailscanner.info>

Does anyone know why this happens in SA? Is there a way to tell the system if it's disabled after x attempts mark the mail as spam?

 SpamAssassin (Disabled due to 20 consecutive timeouts) 

Thanks

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

    [ Part 2, "HTML"  Text/PLAIN  20 lines. ]
    [ Unable to print this part. ]


From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 28 10:55:42 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:03 2006
Subject: SA timeout
Message-ID: <mailman.16399.1137101463.24926.mailscanner@lists.mailscanner.info>

Jon

Could be many things, how many RBL's/URI-RBL's are you using (and do you use
a local caching nameserver on the MS machine?).

What's the SA timeout value in MailScanner.conf, mine's 90?

Any DCC/Razor etc called from SA?

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Jon Miller
> Sent: 28 October 2005 10:46
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] SA timeout
> 
> Does anyone know why this happens in SA? Is there a way to tell the system
> if it's disabled after x attempts mark the mail as spam?
> 
>  SpamAssassin (Disabled due to 20 consecutive timeouts)
> 
> Thanks
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 28 11:49:05 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: SA timeout
Message-ID: <mailman.16400.1137101463.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 28 Oct 2005, at 10:46, Jon Miller wrote:

> Is there a way to tell the system if it's disabled after x attempts  
> mark the mail as spam?
>
>  SpamAssassin (Disabled due to 20 consecutive timeouts)

That would make a fun denial-of-service attack :-)
Block a router so you can't reach razor, causing SA to time out. Then  
all your mail is spam, causing your users to delete everything. Cool.  
Oops.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2ICI/w32o+k+q+hAQFCdAf+L43DrdbQa9Ryqzw3hU+A9YBnyk5u5J6p
a0/ExnfOINPp5yGpsLV6myaBrTqI+CpEdRGBQTCOv5Ll7WNDKUenHkAb1xzbyVe6
jzNsFng0W3DNEk/kkGGXh7ydFzfrEaCg5FOKokgVtL3Rnj4F7gewaLSnijW7cqe9
3xVJl2WgJ5qB3WYokxAAW9XMGfQD4EufNJeRu/BwMWGe0LuOAzNv+uLuUYptbchD
McUjo2BnWRkU/xh2dRZNCD6b6npfzpKbd8JD/EYzOWa1b7cb79Ftr+kqKq8T61x8
w/vx6AMhwEE9Bf8OSABWEYQKbXEo02SbszDarfrzejh45iFQN55MJQ==
=vGJE
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Fri Oct 28 11:54:28 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:31:03 2006
Subject: does SophosSAVI detect trojans?
Message-ID: <mailman.16401.1137101463.24926.mailscanner@lists.mailscanner.info>

All the messages caught by sophosSAVI appear as W32/<foo> in the logs.
Is this trapping other kinds of malware like Troj/<bar>, WM/<fubar>,
VBS/<blah>? 

GREG
-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 28 12:01:13 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:03 2006
Subject: does SophosSAVI detect trojans?
Message-ID: <mailman.16402.1137101463.24926.mailscanner@lists.mailscanner.info>

Greg

Should do, but of the Trojans etc won't hit till you try and execute the
linked html program on the PC. 

Ie you still protection on PC if the email gets through the the user selects
to download to crud

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Greg Matthews
> Sent: 28 October 2005 11:54
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] does SophosSAVI detect trojans?
> 
> All the messages caught by sophosSAVI appear as W32/<foo> in the logs.
> Is this trapping other kinds of malware like Troj/<bar>, WM/<fubar>,
> VBS/<blah>?
> 
> GREG
> --
> Greg Matthews           01491 692445
> Head of UNIX/Linux, iTSS Wallingford
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 28 12:09:49 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: does SophosSAVI detect trojans?
Message-ID: <mailman.16403.1137101463.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----

Please see www.sophos.com.

On 28 Oct 2005, at 11:54, Greg Matthews wrote:

> All the messages caught by sophosSAVI appear as W32/<foo> in the logs.
> Is this trapping other kinds of malware like Troj/<bar>, WM/<fubar>,
> VBS/<blah>?
>
> GREG
> -- 
> Greg Matthews           01491 692445
> Head of UNIX/Linux, iTSS Wallingford
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2IHAfw32o+k+q+hAQGgTggAmqa86HfoqzZs5xBcH08Ebixir9rHMHnx
SGznWkm3pf/coxH0M77Poe4mT8zUsgZtj8pKV0RgQoMXA/b0ZQyv4bW+Dkry4NPR
yTbhmuE3XMUb9TaW35altExRAiBPlgqLww0+xVRzfmzLyIArijDIBVAu7jICBWRo
HIJat+ImR+L5qwhYVO8GyHIGVbWBesTfrvdVXRP26lAcpu9uxiBgyqPIZJ9A2V3l
XxjUduld/h0DxBk5BBUQCOkuTH28OuZvsWPwYgr0Tj1mURg1dP7ARDi9qvtT4/N9
bZG9/z2Xw5jUvETBuMWS35vMT/SSe5u5LM3eZXBMCStFOjfsirc3lw==
=xJpl
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Fri Oct 28 12:19:10 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:31:03 2006
Subject: does SophosSAVI detect trojans?
Message-ID: <mailman.16404.1137101463.24926.mailscanner@lists.mailscanner.info>

On Fri, 2005-10-28 at 12:01 +0100, Martin Hepworth wrote:
> Greg
> 
> Should do, but of the Trojans etc won't hit till you try and execute the
> linked html program on the PC. 
> 
> Ie you still protection on PC if the email gets through the the user selects
> to download to crud

so for instance, the virus detected by sophos might be w32/mytob-xx but
the payload or download is some troj/foobar - is that what you are
saying?

On Fri, 2005-10-28 at 12:09 +0100, Julian Field wrote: 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Please see www.sophos.com.

well I've looked there (obviously). perhaps I'm dumb or blind, I cant
see this explained. I'm just guessing that SAVI detects the viruses
inline while the desktop product detects the troj/ vbs/ etc payloads.
But this is just a guess. I'm looking for technical reassurance!

This all came about because one of our users wanted to know that we were
catching the (Symantec named) looksky-b trojan. So far I've found it
impossible to tell for sure as I dont use symantec on the relays.

GREG

> 
> --
> Martin Hepworth 

-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 28 13:06:17 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:03 2006
Subject: does SophosSAVI detect trojans?
Message-ID: <mailman.16405.1137101463.24926.mailscanner@lists.mailscanner.info>

Greg

Nope - sometimes it will let the email through, as it's only a html url to
the actual malware.

It will trigger on VBS macro issues....

BUT the problem is still at the desktop, so you still need AV there.

Can't see any reference to the looksky-b stuff anywhere, do you mean
netsky-b? In which case yes Sophos will detects that fine (looking at my
logs for the last few week there's still lots of them about.

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Greg Matthews
> Sent: 28 October 2005 12:19
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: [MAILSCANNER] does SophosSAVI detect trojans?
> 
> On Fri, 2005-10-28 at 12:01 +0100, Martin Hepworth wrote:
> > Greg
> >
> > Should do, but of the Trojans etc won't hit till you try and execute the
> > linked html program on the PC.
> >
> > Ie you still protection on PC if the email gets through the the user
> selects
> > to download to crud
> 
> so for instance, the virus detected by sophos might be w32/mytob-xx but
> the payload or download is some troj/foobar - is that what you are
> saying?
> 
> On Fri, 2005-10-28 at 12:09 +0100, Julian Field wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> > Please see www.sophos.com.
> 
> well I've looked there (obviously). perhaps I'm dumb or blind, I cant
> see this explained. I'm just guessing that SAVI detects the viruses
> inline while the desktop product detects the troj/ vbs/ etc payloads.
> But this is just a guess. I'm looking for technical reassurance!
> 
> This all came about because one of our users wanted to know that we were
> catching the (Symantec named) looksky-b trojan. So far I've found it
> impossible to tell for sure as I dont use symantec on the relays.
> 
> GREG
> 
> >
> > --
> > Martin Hepworth
> 
> --
> Greg Matthews           01491 692445
> Head of UNIX/Linux, iTSS Wallingford
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Fri Oct 28 14:33:16 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:03 2006
Subject: Improvement suggestion for TNEF files
Message-ID: <mailman.16406.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Hello all,

I sometimes get "Corrupt TNEF winmail.dat that cannot be analysed" using 
the internal TNEF decoder.  I have seen others have problems with it 
lately and switching to the external decoder.

If MS was modified to try both decoders if and only if the first one 
can't parse the TNEF file, would it be interesting for people?

The settings could be changed to something like:
TNEF Expander = internal external   (or any combination of these 2)
External TNEF Expander = /usr/bin/tnef --maxsize=100000000

I would like to use "internal external" because the internal one is 
faster but I would like to fall back to the external one if there was a 
problem with the expansion of the winmail.dat file.

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From gmatt at NERC.AC.UK  Fri Oct 28 14:49:52 2005
From: gmatt at NERC.AC.UK (Greg Matthews)
Date: Thu Jan 12 21:31:03 2006
Subject: does SophosSAVI detect trojans?
Message-ID: <mailman.16407.1137101463.24926.mailscanner@lists.mailscanner.info>

On Fri, 2005-10-28 at 13:06 +0100, Martin Hepworth wrote:
> Greg
> 
> Nope - sometimes it will let the email through, as it's only a html url to
> the actual malware.
> 
> It will trigger on VBS macro issues....

ok. I guess the only way to try it is to find one and send it through,
and then see if it triggeres as VBS/foo or W32/foo.

> BUT the problem is still at the desktop, so you still need AV there.

agreed.

> Can't see any reference to the looksky-b stuff anywhere, do you mean
> netsky-b? In which case yes Sophos will detects that fine (looking at my
> logs for the last few week there's still lots of them about.

looksky.b is the symantec name - I have no idea what its called by
sophos or clam.

G


-- 
Greg Matthews           01491 692445
Head of UNIX/Linux, iTSS Wallingford

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Denis.Beauchemin at USHERBROOKE.CA  Fri Oct 28 14:43:57 2005
From: Denis.Beauchemin at USHERBROOKE.CA (Denis Beauchemin)
Date: Thu Jan 12 21:31:03 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16408.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

No Name wrote:

>MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK> schrieb am 28.10.05 09:02:38:
>
>On Mon, 1 Aug 2005 14:16:03 -0700, James D. Parra 
><Jamesp@MUSICREPORTS.COM> wrote:
>
>Sorry, i've attached the wrong file.
>
>See suse-initscript.txt
>
>Felix
>
>Hello,
>
>is a solution for this error available?
>The same error occurs on SUSE Linux 10.0 OSS.
>
>The workaround to add the sendmail-out pid to the sendmail out
>arg in mailscanner init script doesn't work on my system :-(.
>
>The original sendmail start script from suse is attached.
>
>Thank you,
>
>Felix
>
>  
>
>>Hello,
>>
>>Whenever I start MailScanner I get the following error:
>>
>>MailScanner # cat /var/log/mail.err
>>Jul 28 18:21:34  sendmail-out[12986]: unable to write pid to
>>/var/run/sendmail.pid: file in use by another process
>>Jul 29 15:46:35  sendmail-out[5624]: unable to write pid to
>>/var/run/sendmail.pid: file in use by another process
>>Aug  1 11:14:54  sendmail-out[25226]: unable to write pid to
>>/var/run/sendmail.pid: file in use by another process
>>Aug  1 13:12:13  sendmail-out[25885]: unable to write pid to
>>/var/run/sendmail.pid: file in use by another process
>>Aug  1 13:15:43  sendmail-out[26006]: unable to write pid to
>>/var/run/sendmail.pid: file in use by another process
>>Aug  1 13:57:47  sendmail-out[26165]: unable to write pid to
>>/var/run/sendmail.pid: file in use by another process
>>
>>No other application, outside of MailScanner starting sendmail, is 
>>    
>>
>running.
>  
>
>>Can someone point me in the right direction?
>>
>>Thank you,
>>
>>James
>>
>>------------------------ MailScanner list ------------------------
>>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>'leave mailscanner' in the body of the email.
>>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>>Support MailScanner development - buy the book off the website!
>>=========================================================================
>>    
>>
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>
>
>
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>
>------------------------------------------------------------------------
>
>#! /bin/sh
># Copyright (c) 1996-2002 SuSE Gmbh Nuernberg, Germany.
>#
># Author: Florian La Roche, 1996, 1997
>#		   Werner Fink <feedback@suse.de>, 1996, 1999-2002
>#
>### BEGIN INIT INFO
># Provides:       sendmail
># Required-Start: $remote_fs $time
># Required-Stop:
># X-UnitedLinux-Should-Start: amavis ypbind
># X-UnitedLinux-Should-Stop:
># Default-Start:  3 5
># Default-Stop:
># Description:    Start the Sendmail MTA
>### END INIT INFO
>
>test -s /etc/sysconfig/mail && \
>      . /etc/sysconfig/mail
>
>test -s /etc/sysconfig/sendmail && \
>      . /etc/sysconfig/sendmail
>
>if test -z "$SENDMAIL_ARGS" ; then
>		 SENDMAIL_ARGS="-L sendmail -Am -bd -q30m -om"
>fi
>if test -z "$SENDMAIL_CLIENT_ARGS" ; then
>		 SENDMAIL_CLIENT_ARGS="-L sendmail-client -Ac -qp30m"
>fi
>if test "$SMTPD_LISTEN_REMOTE" != "yes" ; then
>		 SENDMAIL_ARGS="-O DaemonPortOptions=Addr=127.0.0.1 $SENDMAIL_ARGS"
>fi
>msppid=/var/spool/clientmqueue/sm-client.pid
>srvpid=/var/run/sendmail.pid
>
>#
># This function polls two seconds on port 25 of localhost
>#
>poll25 ()
>{
>    local timeout=200
>    while ! fuser -sn tcp 25,localhost ; do
>		 test $timeout -eq 0 && return 1
>		 usleep 10000
>		 : $((timeout--))
>    done
>    return 0
>}
>
>. /etc/rc.status
>rc_reset
>case "$1" in
>    start)
>		 echo -n "Initializing SMTP port (sendmail)"
>		 startproc -p $srvpid -i $msppid /usr/sbin/sendmail $SENDMAIL_ARGS
>		 rc_status
>		 poll25
>		 rc_status
>		 startproc -p $msppid -i $srvpid /usr/sbin/sendmail $SENDMAIL_CLIENT_ARGS
>		 rc_status -v
>		 ;;
>    stop)
>		 echo -n "Shutting down SMTP port"
>		 killproc  -p $msppid -i $srvpid -TERM /usr/sbin/sendmail
>		 rc_status
>		 killproc  -p $srvpid -i $msppid -TERM /usr/sbin/sendmail
>		 rc_status -v
>		 ;;
>    try-restart)
>		 $0 stop && $0 start
>		 rc_status
>		 ;;
>    restart)
>		 $0 stop
>		 $0 start
>		 rc_status
>		 ;;
>    reload|force-reload)
>		 echo -n "Reload service sendmail"
>		 killproc  -p $msppid -i $srvpid -TERM /usr/sbin/sendmail
>		 rc_status
>		 startproc -p $msppid -i $srvpid /usr/sbin/sendmail $SENDMAIL_CLIENT_ARGS
>		 rc_status
>		 killproc  -p $srvpid -i $msppid -HUP  /usr/sbin/sendmail
>		 rc_status -v
>		 ;;
>    status)
>		 echo -n "Checking for service sendmail: "
>		 checkproc -p $srvpid -i $msppid /usr/sbin/sendmail
>		 rc_status
>		 checkproc -p $msppid -i $srvpid /usr/sbin/sendmail
>		 rc_status -v
>		 ;;
>    probe)
>		 todo=""
>		 test /etc/sendmail.cf    -nt $srvpid && todo=reload
>		 test /etc/mail/submit.cf -nt $msppid && todo=reload
>		 checkproc -p $srvpid -i $msppid /usr/sbin/sendmail || todo=restart
>		 checkproc -p $msppid -i $srvpid /usr/sbin/sendmail || todo=restart
>		 test -z "$todo" || echo "$todo"
>		 ;;
>    *)
>		 echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
>		 exit 1
>esac
>rc_exit
>
>  
>
Felix,

I don't know much about Suse but the init script you included is 
sendmail's.  Sendmail should not be started on its own (at least not on 
RedHat).

On RedHat, MailScanner starts both sendmail and MailScanner.  I think it 
should be the same for Suse...

Denis

-- 
   _
  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Fri Oct 28 15:13:45 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:03 2006
Subject: Improvement suggestion for TNEF files
Message-ID: <mailman.16409.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis

Problem was with MTA's the use non-root users for their job (ie postfix,
exim etc), and the temporary files created were the wrong owner.

The latest stable should have the patch for this

--
Martin Hepworth 
Snr Systems Administrator
Solid State Logic
Tel: +44 (0)1865 842300
> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Denis Beauchemin
> Sent: 28 October 2005 14:33
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: [MAILSCANNER] Improvement suggestion for TNEF files
> 
> Hello all,
> 
> I sometimes get "Corrupt TNEF winmail.dat that cannot be analysed" using
> the internal TNEF decoder.  I have seen others have problems with it
> lately and switching to the external decoder.
> 
> If MS was modified to try both decoders if and only if the first one
> can't parse the TNEF file, would it be interesting for people?
> 
> The settings could be changed to something like:
> TNEF Expander = internal external   (or any combination of these 2)
> External TNEF Expander = /usr/bin/tnef --maxsize=100000000
> 
> I would like to use "internal external" because the internal one is
> faster but I would like to fall back to the external one if there was a
> problem with the expansion of the winmail.dat file.
> 
> Denis
> 
> --
>    _
>   °v°   Denis Beauchemin, analyste
>  /(_)\  Université de Sherbrooke, S.T.I.
>   ^ ^   T: 819.821.8000x2252 F: 819.821.8045
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!


**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 28 15:20:42 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16410.1137101463.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 28 Oct 2005, at 14:43, Denis Beauchemin wrote:
> Felix,
>
> I don't know much about Suse but the init script you included is  
> sendmail's.  Sendmail should not be started on its own (at least  
> not on RedHat).
>
> On RedHat, MailScanner starts both sendmail and MailScanner.  I  
> think it should be the same for Suse...

It is the same for SuSE.
Please follow the instructions the install.sh script tells you, this  
should sort it all out. I'll do some testing on SuSE 10 over the  
weekend, I have the DVD on my pocket-drive.
- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2IzvPw32o+k+q+hAQGGSggAtgY8WAaAZbty/sub0XrPnwdgHKGGec7E
JWse5t/zQTDPJkwkiL8ZPo8VZuA/yFf/AHRL6KjzonMEe1AGmxxCc/qyw/HPYs7H
3FsNr0uJiHIub9+S1L+Sdb5tUS/ED5UcDzXsD0kpcoE5Sre++o7MlXnig1MV8JFO
Zds8KTe2AEuv8zk4S+Ri+2LF6Rik3p8CwjtCtVQ3iuXMTZdIAuGrwalo4VM241oi
tWC4z7iKgTWwKVt/0px8GGCNvT0gNWB/vW6lreXm+CdfoF+BD/uo8ztqXIDXuBgh
apxlIcsztHOlYyRL5dNasWucU/95rBd7GnXdxR0f18TvmDSgr7Vl3Q==
=63hN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Fri Oct 28 16:46:00 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:03 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16411.1137101463.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> On 28 Oct 2005, at 14:43, Denis Beauchemin wrote:
>> Felix,
>> 
>> I don't know much about Suse but the init script you included is
>> sendmail's.  Sendmail should not be started on its own (at least not
>> on RedHat). 
>> 
>> On RedHat, MailScanner starts both sendmail and MailScanner.  I
>> think it should be the same for Suse...
> 
> It is the same for SuSE.
> Please follow the instructions the install.sh script tells you, this
> should sort it all out. I'll do some testing on SuSE 10 over the
> weekend, I have the DVD on my pocket-drive.

I've always gotten the error when starting MailScanner (using the
MailScanner script).  But it works as advertised so quit worrying about
it...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Fri Oct 28 17:07:46 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16412.1137101463.24926.mailscanner@lists.mailscanner.info>

-----BEGIN PGP SIGNED MESSAGE-----


On 28 Oct 2005, at 16:46, Kevin Miller wrote:

> Julian Field wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>>
>>
>> On 28 Oct 2005, at 14:43, Denis Beauchemin wrote:
>>
>>> Felix,
>>>
>>> I don't know much about Suse but the init script you included is
>>> sendmail's.  Sendmail should not be started on its own (at least not
>>> on RedHat).
>>>
>>> On RedHat, MailScanner starts both sendmail and MailScanner.  I
>>> think it should be the same for Suse...
>>>
>>
>> It is the same for SuSE.
>> Please follow the instructions the install.sh script tells you, this
>> should sort it all out. I'll do some testing on SuSE 10 over the
>> weekend, I have the DVD on my pocket-drive.
>>
>
> I've always gotten the error when starting MailScanner (using the
> MailScanner script).  But it works as advertised so quit worrying  
> about
> it...
>
> ...Kevin

I'll have time this weekend to give it a quick look, I would like to  
see what has been changed in SuSE 10 anyway, so I'll do a quick  
install in VMWare.
Exactly what command did you type and exactly what output did you get?
I don't like anything always producing an error, something must be  
wrong so I want to fix it. It shouldn't ever do that, it causes  
problems for novice users.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2425)

iQEVAwUBQ2JM1Pw32o+k+q+hAQF8MAf/YTmzVxbIeNmh7poA6gVGwwRF48wuBasG
2PsDr932Najim9LW8nwikok49IupLwTfYFGLapo6YAVQ/oP7t7FBh4D1fu862tut
0r6vW9yAOWTJ4tmFdu2x23wDyhIl6zDlKRXWlMqQ53Ah+4KcOf29l8lhcDQsV9xR
DCeWnjA7QJ7/LHuu2wc0b8CcdcAoNF0TwFYDPRL+Mz1mrjhF9n7dRSdhAwAxDctP
TjMOnUEs2o0eUdVYZRwxWdzzIE1LSH5hq13rBPB9cTDW/1Z3xpG2lUort7nl+rrA
tg+Dqsw51iNm2QbpSxjhf6HEsAt60SOjWGE+laaFJxBUFY8rAye1/A==
=fIR0
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mikea at MIKEA.ATH.CX  Fri Oct 28 17:54:56 2005
From: mikea at MIKEA.ATH.CX (mikea)
Date: Thu Jan 12 21:31:03 2006
Subject: OT: WAV/MP3 to TXT
Message-ID: <mailman.16413.1137101463.24926.mailscanner@lists.mailscanner.info>

On Thu, Oct 27, 2005 at 08:06:45AM -0500, Mike Kercher wrote:
> I am trying to find an application (if one even exists) to take a .WAV or
> .MP3 file and transcribe (voice recognition) the audio to a text file.
> Please reply off-list if you know of anything that will do this.

There _may_, I repeat, _may_ be a way to do this with one or more of  
the popular speech-to-text applications such as Dragon Dictate. If    
not, then you might be able to pipe the output of the player to the   
input of the dictation engine through a second sound card. Ugly, yes. 

-- 
Mike Andrews, W5EGO
mikea@mikea.ath.cx
Tired old sysadmin 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Kevin_Miller at CI.JUNEAU.AK.US  Fri Oct 28 18:17:01 2005
From: Kevin_Miller at CI.JUNEAU.AK.US (Kevin Miller)
Date: Thu Jan 12 21:31:03 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16414.1137101463.24926.mailscanner@lists.mailscanner.info>

Julian Field wrote:

> I'll have time this weekend to give it a quick look, I would like to
> see what has been changed in SuSE 10 anyway, so I'll do a quick
> install in VMWare.
> Exactly what command did you type and exactly what output did you get?
> I don't like anything always producing an error, something must be
> wrong so I want to fix it. It shouldn't ever do that, it causes
> problems for novice users.

Running on a SuSE 9.3 box.  Command was "rcMailScanner restart" (stock
script from the install - not modified).  See the 12th line down for the
error.  I interjected ERROR ---> in case line wrap screws up the line count.
.
It looks like sendmail-out apparently starts, but there is no
sendmail-out.pid created.  It seems that startproc isn't honoring the -p
flag being passed in the script.  

Oct 28 08:31:08 mxl MailScanner[12290]: MailScanner child caught a SIGHUP
Oct 28 08:31:08 mxl MailScanner[13413]: MailScanner child caught a SIGHUP
Oct 28 08:31:08 mxl MailScanner[13407]: MailScanner child caught a SIGHUP
Oct 28 08:31:08 mxl MailScanner[12290]: Config: calling custom end function
MailWatchLogging
Oct 28 08:31:08 mxl MailScanner[11828]: MailScanner child caught a SIGHUP
Oct 28 08:31:08 mxl MailScanner[13413]: Config: calling custom end function
MailWatchLogging
Oct 28 08:31:08 mxl MailScanner[13407]: Config: calling custom end function
MailWatchLogging
Oct 28 08:31:08 mxl MailScanner[11828]: Config: calling custom end function
MailWatchLogging
Oct 28 08:31:22 mxl sendmail-in[13730]: starting daemon (8.13.3): SMTP
Oct 28 08:31:22 mxl sendmail-client[13731]: starting daemon (8.13.3):
persistent-queueing@00:01:00
Oct 28 08:31:22 mxl sendmail-out[13735]: starting daemon (8.13.3):
queueing@00:30:00
ERROR ---> Oct 28 08:31:22 mxl sendmail-out[13735]: unable to write pid to
/var/run/sendmail.pid: file in use by another process
Oct 28 08:31:25 mxl MailScanner[13755]: MailScanner E-Mail Virus Scanner
version 4.43.8 starting...
Oct 28 08:31:25 mxl MailScanner[13755]: Read 129 hostnames from the phishing
whitelist
Oct 28 08:31:25 mxl MailScanner[13755]: Config: calling custom init function
MailWatchLogging
Oct 28 08:31:26 mxl MailScanner[13755]: Started SQL Logging child
Oct 28 08:31:36 mxl MailScanner[13762]: MailScanner E-Mail Virus Scanner
version 4.43.8 starting...
Oct 28 08:31:36 mxl MailScanner[13762]: Read 129 hostnames from the phishing
whitelist
Oct 28 08:31:36 mxl MailScanner[13762]: Config: calling custom init function
MailWatchLogging
Oct 28 08:31:36 mxl MailScanner[13762]: Started SQL Logging child
Oct 28 08:31:37 mxl MailScanner[13755]: ClamAV scanner using unrar command
/usr/bin/unrar
Oct 28 08:31:37 mxl MailScanner[13755]: Using locktype = posix
Oct 28 08:31:37 mxl MailScanner[13755]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Oct 28 08:31:40 mxl MailScanner[13762]: ClamAV scanner using unrar command
/usr/bin/unrar
Oct 28 08:31:40 mxl MailScanner[13762]: Using locktype = posix
Oct 28 08:31:40 mxl MailScanner[13762]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Oct 28 08:31:47 mxl MailScanner[13767]: MailScanner E-Mail Virus Scanner
version 4.43.8 starting...
Oct 28 08:31:47 mxl MailScanner[13767]: Read 129 hostnames from the phishing
whitelist
Oct 28 08:31:47 mxl MailScanner[13767]: Config: calling custom init function
MailWatchLogging
Oct 28 08:31:48 mxl MailScanner[13767]: Started SQL Logging child
Oct 28 08:31:51 mxl MailScanner[13767]: ClamAV scanner using unrar command
/usr/bin/unrar
Oct 28 08:31:51 mxl MailScanner[13767]: Using locktype = posix
Oct 28 08:31:51 mxl MailScanner[13767]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Oct 28 08:31:58 mxl MailScanner[13772]: MailScanner E-Mail Virus Scanner
version 4.43.8 starting...
Oct 28 08:31:58 mxl MailScanner[13772]: Read 129 hostnames from the phishing
whitelist
Oct 28 08:31:58 mxl MailScanner[13772]: Config: calling custom init function
MailWatchLogging
Oct 28 08:31:59 mxl MailScanner[13772]: Started SQL Logging child
Oct 28 08:32:02 mxl MailScanner[13772]: ClamAV scanner using unrar command
/usr/bin/unrar
Oct 28 08:32:02 mxl MailScanner[13772]: Using locktype = posix
Oct 28 08:32:02 mxl MailScanner[13772]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)



On 5/17 I posted a note with the subject "sendmail-out.pid missing".  The
next release of MailScanner had some SuSE related fixes, but apparently not
this problem.  Or at least it didn't fix it for me.  

In my logs we can see that there's three processes: sendmail, sendmail-in
and MailScanner:

Oct 25 02:59:30 mxl sendmail[30007]: j9PAx45L029958:
to=<****@ci.juneau.ak.us>, delay=00:00:12, xdelay=00:00:00, mailer=esmtp,
pri=121247, relay=[19
9.58.55.120] [199.58.55.120], dsn=2.0.0, stat=Sent (OK)
Oct 25 02:59:34 mxl MailScanner[30006]: ClamAV scanner using unrar command
/usr/bin/unrar
Oct 25 02:59:34 mxl MailScanner[30006]: Using locktype = posix
Oct 25 02:59:34 mxl MailScanner[30006]: Creating hardcoded struct_flock
subroutine for linux (Linux-type)
Oct 25 03:01:51 mxl sendmail-in[30044]: j9PB1WA8030044:
from=<somespammer@napanet.net>, size=248, class=0, nrcpts=5, msgid=<h[1,
proto=SMTP, daemon=MTA,
relay=12-219-68-163.client.mchsi.com [12.219.68.163]

I'm assuming that the sendmail pid is doing the sendmail-out duty...

...Kevin
-- 
Kevin Miller                Registered Linux User No: 307357
CBJ MIS Dept.               Network Systems Admin., Mail Admin.
155 South Seward Street     ph: (907) 586-0242
Juneau, Alaska 99801        fax: (907 586-4500

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at gmail.com  Fri Oct 28 21:05:08 2005
From: lbcadmin at gmail.com (Information Services)
Date: Thu Jan 12 21:31:03 2006
Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
    message
Message-ID: <mailman.16415.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Okay,

I had a user that wanted to receive a newletter, but it was being blocked.
Looking through the archives I found what I need to do to take care of
this problem.  I edited MailScanner.conf and changed to:

Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules

The contents of object.code.rules:

# This file is to allow Object Codebase Tags from APPROVED domains.
# This next line gives an example of how you might enable this option for
# a frequent customer of yours.
#From:		yourcustomer.com	yes
From:		marketwatchmail.com	yes

# Under no circumstances should this be changed to "yes".
FromOrTo:	default			no
#
#


I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
sure MailScanner and sendmail did in fact stop. Then started
MailScanner again.  I am trying to release the message to the user,
but it continues to be blocked.  What am i missing?  I went into
/var/spool/MailScanner/archives/%date%/%files% and tried to open them
in a browser but they are garbled up.  What do I need to do in order
to get this newsletter to the user?

Casey

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Fri Oct 28 21:14:53 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:03 2006
Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
    message
Message-ID: <mailman.16416.1137101463.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Information Services
> Sent: Friday, October 28, 2005 4:05 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
> message
> 
> Okay,
> 
> I had a user that wanted to receive a newletter, but it was being blocked.
> Looking through the archives I found what I need to do to take care of
> this problem.  I edited MailScanner.conf and changed to:
> 
> Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
> 
> The contents of object.code.rules:
> 
> # This file is to allow Object Codebase Tags from APPROVED domains.
> # This next line gives an example of how you might enable this option for
> # a frequent customer of yours.
> #From:		yourcustomer.com	yes
> From:		marketwatchmail.com	yes
> 
> # Under no circumstances should this be changed to "yes".
> FromOrTo:	default			no
> #
> #
> 
> 
> I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
> sure MailScanner and sendmail did in fact stop. Then started
> MailScanner again.  I am trying to release the message to the user,
> but it continues to be blocked.  What am i missing?  I went into
> /var/spool/MailScanner/archives/%date%/%files% and tried to open them
> in a browser but they are garbled up.  What do I need to do in order
> to get this newsletter to the user?
> 
> Casey

What do the log files say about the message?

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From lbcadmin at GMAIL.COM  Fri Oct 28 21:26:01 2005
From: lbcadmin at GMAIL.COM (Information Services)
Date: Thu Jan 12 21:31:03 2006
Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
    message
Message-ID: <mailman.16417.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

sendmail[8529]: j9SHoPAn008529:
from=<personalfinance-html-return-566-btinius=lovebox.com@mail2.marketwatchmail.com>,
size=23641, class=-60, nrcpts=1,
msgid=<200510281750.j9SHoPAn008529@mail.lovebox.com>, proto=SMTP,
daemon=MTA, relay=l-qmqp2.marketwatchmail.com [63.240.173.124]

MailScanner[25119]: Message j9SHoPAn008529 from 63.240.173.124
(personalfinance-html-return-566-btinius=lovebox.com@mail2.marketwatchmail.com)
to lovebox.com is not spam, SpamAssassin (score=-0.134, required 3,
ALL_TRUSTED -1.00, AWL 0.40, BAYES_00 -2.60, HTML_EMBEDS 0.21,
HTML_MESSAGE 0.00, HTML_NONELEMENT_00_10 0.00, HTML_WEB_BUGS 0.04,
INVALID_DATE 0.24, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04,
MISSING_MIMEOLE 0.01, MORTGAGE_RATES 0.20, MSGID_FROM_MTA_HEADER 0.05,
SARE_HTML_JVS_FLASH 0.99, SARE_URI_REFID1 1.11)

MailScanner[25119]: Content Checks: Detected and have disarmed HTML
message in j9SHoPAn008529 from
personalfinance-html-return-566-btinius=lovebox.com@mail2.marketwatchmail.com



On 10/28/05, Stephen Swaney <steve.swaney@fsl.com> wrote:
> > -----Original Message-----
> > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > Behalf Of Information Services
> > Sent: Friday, October 28, 2005 4:05 PM
> > To: MAILSCANNER@JISCMAIL.AC.UK
> > Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
> > message
> >
> > Okay,
> >
> > I had a user that wanted to receive a newletter, but it was being blocked.
> > Looking through the archives I found what I need to do to take care of
> > this problem.  I edited MailScanner.conf and changed to:
> >
> > Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
> >
> > The contents of object.code.rules:
> >
> > # This file is to allow Object Codebase Tags from APPROVED domains.
> > # This next line gives an example of how you might enable this option for
> > # a frequent customer of yours.
> > #From:                yourcustomer.com        yes
> > From:         marketwatchmail.com     yes
> >
> > # Under no circumstances should this be changed to "yes".
> > FromOrTo:     default                 no
> > #
> > #
> >
> >
> > I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
> > sure MailScanner and sendmail did in fact stop. Then started
> > MailScanner again.  I am trying to release the message to the user,
> > but it continues to be blocked.  What am i missing?  I went into
> > /var/spool/MailScanner/archives/%date%/%files% and tried to open them
> > in a browser but they are garbled up.  What do I need to do in order
> > to get this newsletter to the user?
> >
> > Casey
>
> What do the log files say about the message?
>
> Steve
>
> Stephen Swaney
> Fort Systems Ltd.
> stephen.swaney@fsl.com
> www.fsl.com
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From steve.swaney at fsl.com  Fri Oct 28 21:43:04 2005
From: steve.swaney at fsl.com (Stephen Swaney)
Date: Thu Jan 12 21:31:03 2006
Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
    message
Message-ID: <mailman.16418.1137101463.24926.mailscanner@lists.mailscanner.info>

> -----Original Message-----
> From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> Behalf Of Information Services
> Sent: Friday, October 28, 2005 4:26 PM
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: MailScanner: Found dangerous Object Codebase/Data tag in HTML
> message
> 
> sendmail[8529]: j9SHoPAn008529:
> from=<personalfinance-html-return-566-
> btinius=lovebox.com@mail2.marketwatchmail.com>,
> size=23641, class=-60, nrcpts=1,
> msgid=<200510281750.j9SHoPAn008529@mail.lovebox.com>, proto=SMTP,
> daemon=MTA, relay=l-qmqp2.marketwatchmail.com [63.240.173.124]
> 
> MailScanner[25119]: Message j9SHoPAn008529 from 63.240.173.124
> (personalfinance-html-return-566-
> btinius=lovebox.com@mail2.marketwatchmail.com)
> to lovebox.com is not spam, SpamAssassin (score=-0.134, required 3,
> ALL_TRUSTED -1.00, AWL 0.40, BAYES_00 -2.60, HTML_EMBEDS 0.21,
> HTML_MESSAGE 0.00, HTML_NONELEMENT_00_10 0.00, HTML_WEB_BUGS 0.04,
> INVALID_DATE 0.24, MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04,
> MISSING_MIMEOLE 0.01, MORTGAGE_RATES 0.20, MSGID_FROM_MTA_HEADER 0.05,
> SARE_HTML_JVS_FLASH 0.99, SARE_URI_REFID1 1.11)
> 
> MailScanner[25119]: Content Checks: Detected and have disarmed HTML
> message in j9SHoPAn008529 from
> personalfinance-html-return-566-
> btinius=lovebox.com@mail2.marketwatchmail.com

It's still hitting one of the other HTML checks. Try setting up rulesets
for:

Allow IFrame Tags = 
Allow Form Tags =
Allow Script Tags =

Also you might want to make the rule sets read:

From:         marketwatchmail.com     disarm
# Under no circumstances should this be changed to "yes".
FromOrTo:     default                 no

Steve

Stephen Swaney
Fort Systems Ltd.
stephen.swaney@fsl.com
www.fsl.com
 
> 
> 
> On 10/28/05, Stephen Swaney <steve.swaney@fsl.com> wrote:
> > > -----Original Message-----
> > > From: MailScanner mailing list [mailto:MAILSCANNER@JISCMAIL.AC.UK] On
> > > Behalf Of Information Services
> > > Sent: Friday, October 28, 2005 4:05 PM
> > > To: MAILSCANNER@JISCMAIL.AC.UK
> > > Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
> > > message
> > >
> > > Okay,
> > >
> > > I had a user that wanted to receive a newletter, but it was being
> blocked.
> > > Looking through the archives I found what I need to do to take care of
> > > this problem.  I edited MailScanner.conf and changed to:
> > >
> > > Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
> > >
> > > The contents of object.code.rules:
> > >
> > > # This file is to allow Object Codebase Tags from APPROVED domains.
> > > # This next line gives an example of how you might enable this option
> for
> > > # a frequent customer of yours.
> > > #From:                yourcustomer.com        yes
> > > From:         marketwatchmail.com     yes
> > >
> > > # Under no circumstances should this be changed to "yes".
> > > FromOrTo:     default                 no
> > > #
> > > #
> > >
> > >
> > > I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
> > > sure MailScanner and sendmail did in fact stop. Then started
> > > MailScanner again.  I am trying to release the message to the user,
> > > but it continues to be blocked.  What am i missing?  I went into
> > > /var/spool/MailScanner/archives/%date%/%files% and tried to open them
> > > in a browser but they are garbled up.  What do I need to do in order
> > > to get this newsletter to the user?
> > >
> > > Casey
> >
> > What do the log files say about the message?
> >
> > Steve
> >
> > Stephen Swaney
> > Fort Systems Ltd.
> > stephen.swaney@fsl.com
> > www.fsl.com
> >
> > ------------------------ MailScanner list ------------------------
> > To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> > 'leave mailscanner' in the body of the email.
> > Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> > the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> >
> > Support MailScanner development - buy the book off the website!
> >
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From mailscanner-user at NELAND.DK  Sat Oct 29 10:59:24 2005
From: mailscanner-user at NELAND.DK (Leif Neland)
Date: Thu Jan 12 21:31:03 2006
Subject: WAV/MP3 to TXT
Message-ID: <mailman.16419.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

---- Original Message ----
From: "Mike Kercher" <mike@CAMAROSS.NET>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Thursday, October 27, 2005 3:06 PM
Subject: OT: WAV/MP3 to TXT

> I am trying to find an application (if one even exists) to take a
> .WAV or .MP3 file and transcribe (voice recognition) the audio to a
> text file. Please reply off-list if you know of anything that will do
> this.
>
The speex package (asterisk uses it) supposedly can recognize spoken 
commands.

Leif

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 14:09:19 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
    message
Message-ID: <mailman.16420.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Information Services wrote:

>I had a user that wanted to receive a newletter, but it was being blocked.
>Looking through the archives I found what I need to do to take care of
>this problem.  I edited MailScanner.conf and changed to:
>
>Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
>
>The contents of object.code.rules:
>
># This file is to allow Object Codebase Tags from APPROVED domains.
># This next line gives an example of how you might enable this option for
># a frequent customer of yours.
>#From:		yourcustomer.com	yes
>From:		marketwatchmail.com	yes
>
># Under no circumstances should this be changed to "yes".
>FromOrTo:	default			no
>#
>#
>  
>
That's correct. You might want to consider saying "disarm" rather than 
"yes" as they probably don't actually need the message to be executing 
on their system, just so they can read it!

>
>I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
>sure MailScanner and sendmail did in fact stop. Then started
>MailScanner again.  I am trying to release the message to the user,
>but it continues to be blocked.  What am i missing?
>
You must have put the message in MailScanner's incoming queue. If you 
find that the ruleset isn't being obeyed, then check the 
"X-MailScanner-From" header to check the address you are blocking is the 
right one, as MailScanner doesn't ever use the "From:" header value. It 
uses the envelope address instead.

>  I went into
>/var/spool/MailScanner/archives/%date%/%files% and tried to open them
>in a browser but they are garbled up.  What do I need to do in order
>to get this newsletter to the user?
>  
>
You are probably quaranting the whole message. In this case it is in the 
form to be dropped into the outgoing queue of your MTA, as defined by 
"Outgoing Queue Dir" in MailScanner.conf. If you are using Postfix then 
you have to be careful to put it in the correct directory and get all 
the ownership and permissions correct (use a file that is already there 
to work from).

Once you have put it in the outgoing queue, then just tell your MTA to 
do a queue run, or else just leave it to be picked up by the next 
regular queue run if you aren't worried about it going out immediately.

Hope that helps.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2N0gBH2WUcUFbZUEQIy8wCdGRDs6is6THKnKSjmKfK+YyeVa1cAoJEI
ncGUMIQ7w+7eA5DXpba9gdPT
=fmeN
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 16:29:54 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: Question to Postfix users
Message-ID: <mailman.16421.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Do you always have your Incoming Work Dir and Quarantine Dir owned by 
the postfix user?
What about the postfix group as well?

I'm trying to make the init.d script better so that it sets the 
ownership automatically for postfix users to make their installation 
easier. I'm setting the ownership of the PID file too.

If I get enough responses, the new code will be in the November release.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2OVcxH2WUcUFbZUEQL9UwCg3RcHtFWNOdIdRLL116lMRI/U4zYAoN4H
wpZRA6KlEbRFAW8viNaNv0eH
=3rws
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Sat Oct 29 16:51:28 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:03 2006
Subject: Question to Postfix users
Message-ID: <mailman.16422.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Do you always have your Incoming Work Dir and Quarantine Dir owned by 
> the postfix user?
> What about the postfix group as well?

Umm no, not for "Quarantine Dir" since i use mailwatch as well.

[root@mx1 ~]# ll /var/spool/MailScanner/
total 8
drwx------  14 postfix postfix 4096 Oct 29 19:20 incoming
drwxrwxr-x  18 root    apache  4096 Oct 29 04:03 quarantine

> I'm trying to make the init.d script better so that it sets the 
> ownership automatically for postfix users to make their installation 
> easier. I'm setting the ownership of the PID file too.

PID seems fine here.

[root@mx1 ~]# ll /var/run/MailScanner.pid
-rw-------  1 postfix postfix 6 Oct 29 19:18 /var/run/MailScanner.pid

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Sat Oct 29 16:55:58 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:03 2006
Subject: Warnings on lint test
Message-ID: <mailman.16423.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> If people would use my easy-to-install ClamAV + SA installation package, 
> they wouldn't be asking this question over and over again.
> 

Hi Julian,

I am planning a move to SA 3.1.0 (can't wait any longer for redhat to 
release it). Does the tar.gz have any advantages over rpms except for 
better MS integration and of course the ease of installation? i've been 
using the SA rpms for more than a year and clam rpms for about a couple 
of years without any problems.

Would it be possible to provide a rpm based install of ClamAV+SA similar 
to the MailScanner install.sh script, i think that'll leave no room for 
a lot of users who are redhat (and clone) shops and tend to use rpms 
exclusively unless absolutely unavoidable.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From doc at MADDOC.NET  Sat Oct 29 16:55:01 2005
From: doc at MADDOC.NET (Doc Schneider)
Date: Thu Jan 12 21:31:03 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16424.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

[major snip]

Does the recent MS come equipted with IPBlock? I looked through the 
stable and dev tarballs and didn't see it in  either of them.

I love MS but guess I really need to upgrade mine. Am running a version 
from a while back but it keeps on chugging along fine!

Running 4.40.11 so I guess I'm really behind the times. Oh, well.

-Doc

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 17:09:02 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: Question to Postfix users
Message-ID: <mailman.16425.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dhawal Doshy wrote:

> Julian Field wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Do you always have your Incoming Work Dir and Quarantine Dir owned by 
>> the postfix user?
>> What about the postfix group as well?
>
>
> Umm no, not for "Quarantine Dir" since i use mailwatch as well.
>
> [root@mx1 ~]# ll /var/spool/MailScanner/
> total 8
> drwx------  14 postfix postfix 4096 Oct 29 19:20 incoming
> drwxrwxr-x  18 root    apache  4096 Oct 29 04:03 quarantine

But if you are using postfix, and "Run As User = postfix" then how does 
it write into your quarantine? What do you have as "Run As User"?

>
>> I'm trying to make the init.d script better so that it sets the 
>> ownership automatically for postfix users to make their installation 
>> easier. I'm setting the ownership of the PID file too.
>
>
> PID seems fine here.
>
> [root@mx1 ~]# ll /var/run/MailScanner.pid
> -rw-------  1 postfix postfix 6 Oct 29 19:18 /var/run/MailScanner.pid

This isn't necessarily the case on SuSE systems, as the init.d script 
functions may create the pid file as root, which then cannot be written 
by MailScanner.

I'm trying to avoid that problem, and also in new installations when 
people are using Postfix and haven't set the incoming and quarantine 
directories ownership. I'm trying to use "Run As User" to set the 
incoming and quarantine directory ownership.

Am I actually going to cause more trouble than I'm solving?

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2OenxH2WUcUFbZUEQKKWQCgkpnAT8LwazniXabFXfnSYWwYhKsAoOFz
xzqzHaHEGyHYZ4IcZuFnASlJ
=TEAr
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 17:16:20 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: Warnings on lint test
Message-ID: <mailman.16426.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dhawal Doshy wrote:

> Julian Field wrote:
>
>> If people would use my easy-to-install ClamAV + SA installation 
>> package, they wouldn't be asking this question over and over again.
>>
>
> Hi Julian,
>
> I am planning a move to SA 3.1.0 (can't wait any longer for redhat to 
> release it). Does the tar.gz have any advantages over rpms except for 
> better MS integration and of course the ease of installation? i've 
> been using the SA rpms for more than a year and clam rpms for about a 
> couple of years without any problems.
>
> Would it be possible to provide a rpm based install of ClamAV+SA 
> similar to the MailScanner install.sh script, i think that'll leave no 
> room for a lot of users who are redhat (and clone) shops and tend to 
> use rpms exclusively unless absolutely unavoidable.

I tried to do that a year ago, and the results were disastrous. So I 
abandoned that route. Even people who insist on RPMs end up installing 
the SA pre-requisites using cpan, which gives the same results as my 
package does. You can always hack out the ClamAV install step from the 
script pretty easily, it's very obvious.

Clam RPM's are okay, I have no problem with them. But SA RPM's just 
won't work on a large percentage of systems. As an example, look at the 
number of different RPM's Dag Wieers produces for something simple like 
unrar, just so it is built correctly for each variant. For unrar it's 
not strictly needed as it is a binary, but it is for something like SA 
as the paths are all different on each OS variant.

If you have struck lucky and have a system that works with the RPM's you 
are using, then by all means stick with it. No-one is forcing you to 
install it my way :-) You might still want to read the install.sh 
script, particularly the "echo" commands so that you get the handy bits 
at the end of the script.

>
> - dhawal
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!


- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA+AwUBQ2OgVBH2WUcUFbZUEQLZEwCXaaRwFuvIRmsS6cRwW0QKAG2huwCeNCvN
PqDxDl9h538z8a/GGS5Eb4E=
=M2Ro
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 17:17:49 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16427.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Doc Schneider wrote:

> Julian Field wrote:
>
> [major snip]
>
> Does the recent MS come equipted with IPBlock? I looked through the 
> stable and dev tarballs and didn't see it in  either of them.

It's in CustomConfig.pm. The bottom of the file is the script that goes 
into the cron job, above that is the actual code for the MailScanner 
Custom Function.

> I love MS but guess I really need to upgrade mine. Am running a 
> version from a while back but it keeps on chugging along fine!
>
> Running 4.40.11 so I guess I'm really behind the times. Oh, well.

Upgrade if you see a need to do so, or you are bored :-)

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2OgrhH2WUcUFbZUEQLKowCaAoQrCxqFcua4jf3QFwjIMkJ8P5YAoLXJ
P8WAS1z9nYsrn5Il2uZJad6B
=S61P
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Sat Oct 29 17:25:07 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:03 2006
Subject: Question to Postfix users
Message-ID: <mailman.16428.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Dhawal Doshy wrote:
>>Julian Field wrote:
>>>
>>>Do you always have your Incoming Work Dir and Quarantine Dir owned by 
>>>the postfix user?
>>>What about the postfix group as well?
>>
>>Umm no, not for "Quarantine Dir" since i use mailwatch as well.
>>
>>[root@mx1 ~]# ll /var/spool/MailScanner/
>>total 8
>>drwx------  14 postfix postfix 4096 Oct 29 19:20 incoming
>>drwxrwxr-x  18 root    apache  4096 Oct 29 04:03 quarantine
> 
> But if you are using postfix, and "Run As User = postfix" then how does 
> it write into your quarantine? What do you have as "Run As User"?

Yes, it is postfix for both User and Group, the install doc asks you to 
do that (iirc)..

[root@mx1 ~]# grep "^Run As" /etc/MailScanner/MailScanner.conf
Run As User = postfix
Run As Group = postfix

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From dhawal at NETMAGICSOLUTIONS.COM  Sat Oct 29 17:24:46 2005
From: dhawal at NETMAGICSOLUTIONS.COM (Dhawal Doshy)
Date: Thu Jan 12 21:31:03 2006
Subject: Warnings on lint test
Message-ID: <mailman.16429.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
>>
>>Would it be possible to provide a rpm based install of ClamAV+SA 
>>similar to the MailScanner install.sh script, i think that'll leave no 
>>room for a lot of users who are redhat (and clone) shops and tend to 
>>use rpms exclusively unless absolutely unavoidable.
> 
> I tried to do that a year ago, and the results were disastrous. So I 
> abandoned that route. Even people who insist on RPMs end up installing 
> the SA pre-requisites using cpan, which gives the same results as my 
> package does. You can always hack out the ClamAV install step from the 
> script pretty easily, it's very obvious.
> 
> Clam RPM's are okay, I have no problem with them. But SA RPM's just 
> won't work on a large percentage of systems. As an example, look at the 
> number of different RPM's Dag Wieers produces for something simple like 
> unrar, just so it is built correctly for each variant. For unrar it's 
> not strictly needed as it is a binary, but it is for something like SA 
> as the paths are all different on each OS variant.
> 
> If you have struck lucky and have a system that works with the RPM's you 
> are using, then by all means stick with it. No-one is forcing you to 
> install it my way :-) You might still want to read the install.sh 
> script, particularly the "echo" commands so that you get the handy bits 
> at the end of the script.

Cool, thanks.. in the newer versions spamassassin has been replaced by a 
single rpm, theres no Mail-SPa.., spamass-tools etc anymore, so i guess 
i've been lucky.

I'll probably try out both, your sa+clam install and the sa.rpms from 
fedora devel and stick to the most maintenance free solution.

- dhawal

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From doc at MADDOC.NET  Sat Oct 29 17:29:18 2005
From: doc at MADDOC.NET (Doc Schneider)
Date: Thu Jan 12 21:31:03 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16430.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

> Doc Schneider wrote:
> 
> 
>>Julian Field wrote:
>>
>>[major snip]
>>
>>Does the recent MS come equipted with IPBlock? I looked through the 
>>stable and dev tarballs and didn't see it in  either of them.
> 
> 
> It's in CustomConfig.pm. The bottom of the file is the script that goes 
> into the cron job, above that is the actual code for the MailScanner 
> Custom Function.
> 

Ok found the code in there. Thanks!

Is that a perl module? Or just something you coded into MS? I found 
NET-IPBlocker but doesn't seem to use the same code.

> 
>>I love MS but guess I really need to upgrade mine. Am running a 
>>version from a while back but it keeps on chugging along fine!
>>
>>Running 4.40.11 so I guess I'm really behind the times. Oh, well.
> 
> 
> Upgrade if you see a need to do so, or you are bored :-)

I may wait for your next stable release and upgrade than. I'm not all 
that bored! 8*))

-Doc (SARE/SA/URIBL/SURBL - Ninja)

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 19:54:01 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16431.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Doc Schneider wrote:

> Julian Field wrote:
>
>> Doc Schneider wrote:
>>
>>
>>> Julian Field wrote:
>>>
>>> [major snip]
>>>
>>> Does the recent MS come equipted with IPBlock? I looked through the 
>>> stable and dev tarballs and didn't see it in  either of them.
>>
>>
>>
>> It's in CustomConfig.pm. The bottom of the file is the script that 
>> goes into the cron job, above that is the actual code for the 
>> MailScanner Custom Function.
>>
>
> Ok found the code in there. Thanks!
>
> Is that a perl module? Or just something you coded into MS? I found 
> NET-IPBlocker but doesn't seem to use the same code.

No, it's all my own work.

>
>>
>>> I love MS but guess I really need to upgrade mine. Am running a 
>>> version from a while back but it keeps on chugging along fine!
>>>
>>> Running 4.40.11 so I guess I'm really behind the times. Oh, well.
>>
>>
>>
>> Upgrade if you see a need to do so, or you are bored :-)
>
>
> I may wait for your next stable release and upgrade than. I'm not all 
> that bored! 8*))

That should happen on Tuesday.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2PFSxH2WUcUFbZUEQKV7QCgsV7jbUnVyCxuSeF9+12V3FnYfuwAoJ2v
JPukt8pX/Rc7hiGw5U9Mhl1Y
=6LQr
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 20:45:17 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: Beta release 4.47.3
Message-ID: <mailman.16432.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have just released beta 4.47.3. This should be the last beta before 
the stable release of 4.47 next week.

I have improved the init.d scripts to be more helpful to new Postfix 
users, and have improved the ClamAV+SA install.sh script to 
automatically add the missing lines to your init.pre file.

Download as usual from www.mailscanner.info.

The full Change Log is :

* New Features and Improvements *
- - Automatically updates your phishing.safe.sites.conf file with new 
additions
  (and any subsequent deletions) from a master file I keep on
  www.mailscanner.info. All your local changes and additions will be kept of
  course, it will just add any new sites listed in my master list. If 
you want
  to *not* list a site which is in my master list, just put a "REMOVE 
site.com"
  line in your phishing.safe.sites.conf and that will make it ignore any
  listing for site.com that appears in my master list.
  Updates are done once per day.
- - Quietened ClamAV log output when it scans 0-length files.
- - Improved ClamAV+SA install.sh to add the 3 missing plugins to init.pre.
- - Improved init.d scripts for RedHat and SuSE so they setup the queue dir
  ownerships automatically and generally help new users get started without
  them having to follow all the instructions to the letter.

* Fixes *
- - Corrected rare problem where an empty X-MailScanner-SpamCheck header
  could appear in a non-spam email.
- - Problem with empty or null filename.rules.conf or filetype.rules.conf 
fixed.
- - Problem with Max Attachments setting not be honoured fixed.
- - Problem with "Highlight Phishing Fraud" being ignored fixed.

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2PRThH2WUcUFbZUEQJMMwCg3koI6iIoCyczpcAQE80HKZe69gcAoMmt
jZ8Oq5Fzey4QAX+WL+3aMeiv
=zl8G
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From denis at CROOMBS.ORG  Sat Oct 29 21:46:49 2005
From: denis at CROOMBS.ORG (Denis Croombs)
Date: Thu Jan 12 21:31:03 2006
Subject: Is www.mailscanner.info down ?
Message-ID: <mailman.16433.1137101463.24926.mailscanner@lists.mailscanner.info>

I only get the default apache page, has the redirect died ?

Denis 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Sat Oct 29 22:07:57 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie)
Date: Thu Jan 12 21:31:03 2006
Subject: Is www.mailscanner.info down ?
Message-ID: <mailman.16434.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Denis Croombs wrote:
> I only get the default apache page, has the redirect died ?
> 
> Denis 

Denis

I think Julian might be moving the site around at the moment, but you
can still access it at:
http://www.sng.ecs.soton.ac.uk/mailscanner/index.html

Michele

-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From MailScanner at ecs.soton.ac.uk  Sat Oct 29 22:10:11 2005
From: MailScanner at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:03 2006
Subject: Is www.mailscanner.info down ?
Message-ID: <mailman.16435.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sorry, DNS screwup on my part. Should be back up now.
I now have the DNS records mirrored at Blacknight Solutions in Ireland, 
and the site redirect is mirrored there too.

Some time soon I may mirror the site there, or even move it completely. 
Our reliability is not all it should be, but I have already added quite 
a bit of extra redundancy.

What I would like to be able to do is to change the DNS records 
automatically if the main site cannot be reached for some reason. But I 
don't think I've got any tools that could do that automatically yet. I 
might have to write something. And I also want to be able to 
automatically mirror a site onto a new location.

I'll have a chat with Blacknight about doing this.

Denis Croombs wrote:

>I only get the default apache page, has the redirect died ?
>
>Denis 
>
>------------------------ MailScanner list ------------------------
>To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>'leave mailscanner' in the body of the email.
>Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
>Support MailScanner development - buy the book off the website!
>  
>

- -- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.2 (Build 2424)

iQA/AwUBQ2PlNBH2WUcUFbZUEQIkcgCfSrmw0R1KeavsgVH+UKhI51k+dzAAn39l
59cDpdNHLpqfiwySnGJey/T1
=EHVk
-----END PGP SIGNATURE-----

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From denis at CROOMBS.ORG  Sat Oct 29 22:19:51 2005
From: denis at CROOMBS.ORG (Denis Croombs)
Date: Thu Jan 12 21:31:03 2006
Subject: Is www.mailscanner.info down ?
Message-ID: <mailman.16436.1137101463.24926.mailscanner@lists.mailscanner.info>

>Denis Croombs wrote:
>> I only get the default apache page, has the redirect died ?
>> 
>> Denis
>Denis
>
>I think Julian might be moving the site around at the moment, but you can
still access it at:
>http://www.sng.ecs.soton.ac.uk/mailscanner/index.html
Thanks for that.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Sun Oct 30 01:01:28 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:03 2006
Subject: Beta release 4.47.3
Message-ID: <mailman.16437.1137101463.24926.mailscanner@lists.mailscanner.info>

On Sat, Oct 29, 2005 at 08:45:17PM +0100, Julian Field wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> I have just released beta 4.47.3. This should be the last beta before 
> the stable release of 4.47 next week.
>

What should we be looking for in case of problem?
 
> I have improved the init.d scripts to be more helpful to new Postfix 
> users, and have improved the ClamAV+SA install.sh script to 
> automatically add the missing lines to your init.pre file.
> 
> Download as usual from www.mailscanner.info.
> 
> The full Change Log is :
> 
> * New Features and Improvements *
> - - Automatically updates your phishing.safe.sites.conf file with new 
> additions
>   (and any subsequent deletions) from a master file I keep on
>   www.mailscanner.info. All your local changes and additions will be kept of
>   course, it will just add any new sites listed in my master list. If 
> you want
>   to *not* list a site which is in my master list, just put a "REMOVE 
> site.com"
>   line in your phishing.safe.sites.conf and that will make it ignore any
>   listing for site.com that appears in my master list.
>   Updates are done once per day.
> - - Quietened ClamAV log output when it scans 0-length files.
> - - Improved ClamAV+SA install.sh to add the 3 missing plugins to init.pre.
> - - Improved init.d scripts for RedHat and SuSE so they setup the queue dir
>   ownerships automatically and generally help new users get started without
>   them having to follow all the instructions to the letter.
> 
> * Fixes *
> - - Corrected rare problem where an empty X-MailScanner-SpamCheck header
>   could appear in a non-spam email.
> - - Problem with empty or null filename.rules.conf or filetype.rules.conf 
> fixed.
> - - Problem with Max Attachments setting not be honoured fixed.
> - - Problem with "Highlight Phishing Fraud" being ignored fixed.
> 
> - -- 
> Julian Field
> www.MailScanner.info
> Buy the MailScanner book at www.MailScanner.info/store
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> 
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.2 (Build 2424)
> 
> iQA/AwUBQ2PRThH2WUcUFbZUEQJMMwCg3koI6iIoCyczpcAQE80HKZe69gcAoMmt
> jZ8Oq5Fzey4QAX+WL+3aMeiv
> =zl8G
> -----END PGP SIGNATURE-----
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Sun Oct 30 01:06:17 2005
From: michele at BLACKNIGHT.IE (Michele Neylon :: Blacknight.ie)
Date: Thu Jan 12 21:31:03 2006
Subject: Beta release 4.47.3
Message-ID: <mailman.16438.1137101463.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dave Shariff Yadallee - System Administrator a.k.a. The Root of the
Problem wrote:

>> What should we be looking for in case of problem?

Anything abnormal :)






-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jaearick at COLBY.EDU  Sun Oct 30 01:32:49 2005
From: jaearick at COLBY.EDU (Jeff A. Earickson)
Date: Thu Jan 12 21:31:03 2006
Subject: How to debug IPBlock?
Message-ID: <mailman.16439.1137101463.24926.mailscanner@lists.mailscanner.info>

IPBlock is buried in CustomConfig.pm, read the comments, follow the
instructions, implement the perl script at the bottom of the file
in crontab.  Also see the FAQ on how to Rule the World (tm) with
IPBlock.  It has been in the code for a while, works great, provided
you don't have stupid typos in your IPBlock.conf file.

Jeff Earickson
Colby College

On Sat, 29 Oct 2005, Doc Schneider wrote:

> Date: Sat, 29 Oct 2005 10:55:01 -0500
> From: Doc Schneider <doc@MADDOC.NET>
> Reply-To: MailScanner mailing list <MAILSCANNER@JISCMAIL.AC.UK>
> To: MAILSCANNER@JISCMAIL.AC.UK
> Subject: Re: How to debug IPBlock?
> 
> Julian Field wrote:
>
> [major snip]
>
> Does the recent MS come equipted with IPBlock? I looked through the stable 
> and dev tarballs and didn't see it in  either of them.
>
> I love MS but guess I really need to upgrade mine. Am running a version from 
> a while back but it keeps on chugging along fine!
>
> Running 4.40.11 so I guess I'm really behind the times. Oh, well.
>
> -Doc
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jules at ecs.soton.ac.uk  Mon Oct 31 20:53:54 2005
From: jules at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:04 2006
Subject: www.mailscanner.info
Message-ID: <mailman.16504.1137101464.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> On 30/10/05, Julian Field <jules@mailscanner.info> wrote:
>> The site is back up and running.
>>
>> The only things missing are 2 of the 3 stable distributions, which
>> aren't
>> too important as the current betas will go stable on Tuesday.
>>
>> The main thing I am missing is the wiki. There's not much I can do about
>> that right now, it will have to wait. I hope to have it back in a few
>> days
>> time.
>>
>> Many thanks for all the offers of help from everyone!
>>
>> Jules.
>
> Old faq-o-matic and the (old) maq (really .biz) seems to be shot down too.
>
> A fair bit of the wiki(!) still reference non-migrated content in
> those (well, at least the faq part), so ... this might be a wakeup
> call, to make a more concerted effort to move everything into the
> wiki, once that is up and running again. One less system to worry
> about.
>
> But I imagine you have .... more urgent difficulties to handle. Best
> wishes on getting everything together again.

Hopefully mailscanner.biz is up and running now (or will be when the whois
change occurs). I have posted the whois change for this.

But to put it mildly mailscanner.* is only up and running when I have
nothing better to do. But we haven't been let into any of the buildings
(even the one that isn't a smoking wreck) yet so I am twiddling my thumbs
with nothing to do.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From wmcdonald at GMAIL.COM  Mon Oct 31 14:13:15 2005
From: wmcdonald at GMAIL.COM (Will McDonald)
Date: Thu Jan 12 21:31:05 2006
Subject: Major fire
Message-ID: <mailman.16510.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 30/10/05, Denis Croombs <denis@croombs.org> wrote:
> Good luck, the BBC report does not look good !
>
> http://news.bbc.co.uk/1/hi/england/hampshire/4390048.stm

It certainly doesn't:

"No-one was hurt but the building, which housed valuable equipment for
research, was gutted."

I assume they're referring to Julian's chair? :)

Will.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From drew at THEMARSHALLS.CO.UK  Mon Oct 31 09:51:38 2005
From: drew at THEMARSHALLS.CO.UK (Drew Marshall)
Date: Thu Jan 12 21:31:05 2006
Subject: postfix - greylisting (gld) - MailScanner
Message-ID: <mailman.16511.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On Mon, October 31, 2005 07:53, Pascal Maes wrote:
> Hello,
>
> We are using Postfix whith gld (for the greylisting) and MailScanner
> (4.45.4)
>
> Mails are coming from the world onto the port 25
> and our users a using the port 587 (after authentication) to send their
> mail
>
> Sometimes, our users are connected to the Net by ISP which are on black
> lists
> and then their mails got a high score.
>
> How could I tune MailScanner (or Postfix) to avoid this behaviour ?

I would suggest looking at rule sets to start with. There are some good
examples in the rules directory and on the wiki (Which may still be off
line due to the fire in Southampton over the weekend). Exactly how you
configure them will depend on how the mail from your remote users is
received.

Drew


-- 
In line with our policy, this message has 
been scanned for viruses and dangerous 
content by MailScanner, and is believed to be clean.
www.themarshalls.co.uk/policy

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From rgreen at TRAYERPRODUCTS.COM  Mon Oct 31 17:32:00 2005
From: rgreen at TRAYERPRODUCTS.COM (Rodney Green)
Date: Thu Jan 12 21:31:05 2006
Subject: Watches Spam
Message-ID: <mailman.16514.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Roger Jochem wrote:

>I'm receiving a lot of watches and chronograph spams lately. They are all
>different, from different servers, and with "shops" on geocities (italian,
>germany, etc...).
>
>It's just me, or are more of you receiving this?
>
>
>  
>

I've been seeing the same Roger. Must be the guys who normally sell them 
on street corners in the larger cities have taken to the web. :-)

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From pascal.maes at ELEC.UCL.AC.BE  Mon Oct 31 07:53:55 2005
From: pascal.maes at ELEC.UCL.AC.BE (Pascal Maes)
Date: Thu Jan 12 21:31:05 2006
Subject: postfix - greylisting (gld) - MailScanner
Message-ID: <mailman.16517.1137101465.24926.mailscanner@lists.mailscanner.info>

Hello,

We are using Postfix whith gld (for the greylisting) and MailScanner (4.45.4)

Mails are coming from the world onto the port 25
and our users a using the port 587 (after authentication) to send their mail

Sometimes, our users are connected to the Net by ISP which are on black lists
and then their mails got a high score.

How could I tune MailScanner (or Postfix) to avoid this behaviour ?

Thanks
-- 
-- Pascal --

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From glenn.steen at gmail.com  Mon Oct 31 09:07:57 2005
From: glenn.steen at gmail.com (Glenn Steen)
Date: Thu Jan 12 21:31:05 2006
Subject: www.mailscanner.info
Message-ID: <mailman.16518.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 30/10/05, Julian Field <jules@mailscanner.info> wrote:
> The site is back up and running.
>
> The only things missing are 2 of the 3 stable distributions, which aren't
> too important as the current betas will go stable on Tuesday.
>
> The main thing I am missing is the wiki. There's not much I can do about
> that right now, it will have to wait. I hope to have it back in a few days
> time.
>
> Many thanks for all the offers of help from everyone!
>
> Jules.

Old faq-o-matic and the (old) maq (really .biz) seems to be shot down too.

A fair bit of the wiki(!) still reference non-migrated content in
those (well, at least the faq part), so ... this might be a wakeup
call, to make a more concerted effort to move everything into the
wiki, once that is up and running again. One less system to worry
about.

But I imagine you have .... more urgent difficulties to handle. Best
wishes on getting everything together again.

--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Sun Oct 30 13:35:11 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:05 2006
Subject: Major fire
Message-ID: <mailman.16519.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

It's a long weekend, so I only fell out of bed a couple of hours ago.

I'll be working with Julian to get this resolved and working on our end
as quickly as possible.




-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Mon Oct 31 17:32:36 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:31:05 2006
Subject: Watches Spam
Message-ID: <mailman.16520.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Probably... :)

----- Original Message ----- 
From: "Rodney Green" <rgreen@TRAYERPRODUCTS.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, October 31, 2005 3:32 PM
Subject: Re: Watches Spam


> Roger Jochem wrote:
>
> >I'm receiving a lot of watches and chronograph spams lately. They are all
> >different, from different servers, and with "shops" on geocities
(italian,
> >germany, etc...).
> >
> >It's just me, or are more of you receiving this?
> >
> >
> >
> >
>
> I've been seeing the same Roger. Must be the guys who normally sell them
> on street corners in the larger cities have taken to the web. :-)
>
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Mon Oct 31 22:33:48 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:05 2006
Subject: Working with Exchange
Message-ID: <mailman.16521.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Dennis Willson wrote:
> Use the mailertable to send the email to the exchange server. You do 
> this on a domain level. I do this all the time and it works very well.
> 

He's using Exim, Dennis.

> Dennis
> 
> chardlist wrote:
>> I have a Redhat Linux server running MS for a bunch of virtual domains.
>> Ultimately all mail is delivered to the appropriate POP account on the 
>> same
>> server.  I have a client that would like to still utilize my MS 
>> services for
>> spam and virus protection but instead of having POP accounts would now 
>> like
>> all mail for their domain forwarded to their exchange server after MS has
>> finished scanning it.  Basically a scan and forward service.
>>
>> What is the best way to accomplish this?
>>
>> I'm running
>>
>> Redhat 9
>> MS 4.45.4
>> Exim 4.52
>>
>>
>> Thank you,
>> -Brendan
>>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Mon Oct 31 18:23:52 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:31:05 2006
Subject: Watches Spam
Message-ID: <mailman.16522.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks for the help! I will take a look at it.

----- Original Message ----- 
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, October 31, 2005 4:05 PM
Subject: Re: Watches Spam


> > I'm receiving a lot of watches and chronograph spams lately. They are
all
> > different, from different servers, and with "shops" on geocities
(italian,
> > germany, etc...).
> >
> > It's just me, or are more of you receiving this?
> >
> > Regards
> >
> > Roger Jochem
> >
>
> Roger
>
> There's a geocities.co.uk spam trap in the spamassassin users archives.
>
> also make sure you are the uri-rbls (www.surbl.org) in spamassassin which
> will help alot..
>
> --
> Martin
>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ssilva at SGVWATER.COM  Mon Oct 31 19:32:17 2005
From: ssilva at SGVWATER.COM (Scott Silva)
Date: Thu Jan 12 21:31:05 2006
Subject: MailScanner: Found dangerous Object Codebase/Data tag in HTML
    message
Message-ID: <mailman.16523.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Information Services spake the following on 10/28/2005 1:05 PM:
> Okay,
> 
> I had a user that wanted to receive a newletter, but it was being blocked.
> Looking through the archives I found what I need to do to take care of
> this problem.  I edited MailScanner.conf and changed to:
> 
> Allow Object Codebase Tags = /etc/MailScanner/rules/object.code.rules
> 
> The contents of object.code.rules:
> 
> # This file is to allow Object Codebase Tags from APPROVED domains.
> # This next line gives an example of how you might enable this option for
> # a frequent customer of yours.
> #From:		yourcustomer.com	yes
> From:		marketwatchmail.com	yes
> 
> # Under no circumstances should this be changed to "yes".
> FromOrTo:	default			no
> #
> #
> 
> 
> I stopped MailScanner, and sendmail,  did a ps -ef | grep ail to make
> sure MailScanner and sendmail did in fact stop. Then started
> MailScanner again.  I am trying to release the message to the user,
> but it continues to be blocked.  What am i missing?  I went into
> /var/spool/MailScanner/archives/%date%/%files% and tried to open them
> in a browser but they are garbled up.  What do I need to do in order
> to get this newsletter to the user?
> 
> Casey
> 
If you are trying to release from the server, you will also have to
allow 127.0.0.1 so the localhost isn't blocked.


-- 

/-----------------------\           |~~\_____/~~\__  |
| MailScanner; The best |___________ \N1____====== )-+
| protection on the net!|                   ~~~|/~~  |
\-----------------------/                      ()

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From chardlist at CHARD.NET  Mon Oct 31 19:44:23 2005
From: chardlist at CHARD.NET (chardlist)
Date: Thu Jan 12 21:31:05 2006
Subject: Working with Exchange
Message-ID: <mailman.16525.1137101465.24926.mailscanner@lists.mailscanner.info>

I have a Redhat Linux server running MS for a bunch of virtual domains.
Ultimately all mail is delivered to the appropriate POP account on the same
server.  I have a client that would like to still utilize my MS services for
spam and virus protection but instead of having POP accounts would now like
all mail for their domain forwarded to their exchange server after MS has
finished scanning it.  Basically a scan and forward service.

What is the best way to accomplish this?

I'm running

Redhat 9
MS 4.45.4
Exim 4.52


Thank you,
-Brendan

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Sun Oct 30 12:18:42 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:05 2006
Subject: Major fire
Message-ID: <mailman.16526.1137101465.24926.mailscanner@lists.mailscanner.info>

Hi!

> We currently have a very major fire at work, which is still being tackled
> by the fire service. Just about everything with blue lights on top is
> currently surrounding one of our buildings, which is basically completely
> destroyed. What's worse is that it is our silicon fabrication plant and so
> is full of some very nasty chemicals.
>
> As a result pretty much none of our department has any power or
> networking, and so everything is down.
>
> I am hoping the Michele Neylon can help me out and get a mailscanner.info
> site up and running today.

If not i can bring it up also, you have my mobile so just ring.

> Please be patient while we get everything going again.

Good luck. Will be a busy next few weeks for you as i hear this.
If you need any other help, let us know.

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Mon Oct 31 18:50:50 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:31:05 2006
Subject: Watches Spam
Message-ID: <mailman.16533.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I was running a spamassassin lint and found the following warning:

[14992] dbg: config: mkdir /var/www/.spamassassin failed: mkdir
/var/www/.spamassassin: Permission denied at
/usr/lib/perl5/site_perl/5.8.0/Mail/SpamAssassin.pm line 1467

Should I be concerned about it?

----- Original Message ----- 
From: "Martin Hepworth" <martinh@SOLID-STATE-LOGIC.COM>
To: <MAILSCANNER@JISCMAIL.AC.UK>
Sent: Monday, October 31, 2005 4:05 PM
Subject: Re: Watches Spam


> > I'm receiving a lot of watches and chronograph spams lately. They are
all
> > different, from different servers, and with "shops" on geocities
(italian,
> > germany, etc...).
> >
> > It's just me, or are more of you receiving this?
> >
> > Regards
> >
> > Roger Jochem
> >
>
> Roger
>
> There's a geocities.co.uk spam trap in the spamassassin users archives.
>
> also make sure you are the uri-rbls (www.surbl.org) in spamassassin which
> will help alot..
>
> --
> Martin
>
>
>
> **********************************************************************
>
> This email and any files transmitted with it are confidential and
> intended solely for the use of the individual or entity to whom they
> are addressed. If you have received this email in error please notify
> the system manager.
>
> This footnote confirms that this email message has been swept
> for the presence of computer viruses and is believed to be clean.
>
> **********************************************************************
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Sun Oct 30 13:02:19 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:05 2006
Subject: Major fire
Message-ID: <mailman.16535.1137101465.24926.mailscanner@lists.mailscanner.info>

On Sun, Oct 30, 2005 at 11:59:11AM -0000, Julian Field wrote:
> Folks,
> 
> We currently have a very major fire at work, which is still being tackled
> by the fire service. Just about everything with blue lights on top is
> currently surrounding one of our buildings, which is basically completely
> destroyed. What's worse is that it is our silicon fabrication plant and so
> is full of some very nasty chemicals.
> 
> As a result pretty much none of our department has any power or
> networking, and so everything is down.
> 
> I am hoping the Michele Neylon can help me out and get a mailscanner.info
> site up and running today.
> 
> None of the MailScanner source code is affected, this is all held about
> 100 miles away in West London. So nothing is lost, we just can't serve
> anything at present.
> 
> Please be patient while we get everything going again.
> 
> Thanks,
> Jules.
>

Julian:


1)  I know hope you feel.  About 3 weeks about, a negihbour 2 houses down
had their elecrical stove catch fire.  They prevented it on time 
BUT had to replace most everything electrial.
2) I run nk.ca , an ISP in Canada, and we too would be happy to mirror
MailScanner.

 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!
> 
> -- 
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ebruce at HPMICH.COM  Mon Oct 31 18:28:02 2005
From: ebruce at HPMICH.COM (Ed Bruce)
Date: Thu Jan 12 21:31:05 2006
Subject: Question to Postfix users
Message-ID: <mailman.16541.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:
> Do you always have your Incoming Work Dir and Quarantine Dir owned by 
> the postfix user?
>   
quarantine is: postfix.apache
incoming is: postfix.clamav ; but that doesn't matter as its permission 
is 700
> What about the postfix group as well?
>
> I'm trying to make the init.d script better so that it sets the 
> ownership automatically for postfix users to make their installation 
> easier. I'm setting the ownership of the PID file too.
>
>   
MailScanner.pid: postfix.postfix
> If I get enough responses, the new code will be in the November release.
>   

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From alex at NKPANAMA.COM  Sun Oct 30 17:01:36 2005
From: alex at NKPANAMA.COM (Alex Neuman van der Hans)
Date: Thu Jan 12 21:31:05 2006
Subject: IMPORTANT - Latest beta
Message-ID: <mailman.16542.1137101465.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Michele Neylon:: Blacknight.ie wrote:

>If anybody downloaded yesterday's beta tarball could you please contact
>me offlist as it also contains a copy of the MailScanner website
>
>Thanks in advance
>
>Michele
>  
>
Let me know and I'll mirror it on my website as well.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jules at ecs.soton.ac.uk  Sun Oct 30 11:59:11 2005
From: jules at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:06 2006
Subject: Major fire
Message-ID: <mailman.16546.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Folks,

We currently have a very major fire at work, which is still being tackled
by the fire service. Just about everything with blue lights on top is
currently surrounding one of our buildings, which is basically completely
destroyed. What's worse is that it is our silicon fabrication plant and so
is full of some very nasty chemicals.

As a result pretty much none of our department has any power or
networking, and so everything is down.

I am hoping the Michele Neylon can help me out and get a mailscanner.info
site up and running today.

None of the MailScanner source code is affected, this is all held about
100 miles away in West London. So nothing is lost, we just can't serve
anything at present.

Please be patient while we get everything going again.

Thanks,
Jules.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jules at ecs.soton.ac.uk  Sun Oct 30 16:19:16 2005
From: jules at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:06 2006
Subject: Major fire
Message-ID: <mailman.16553.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Many thanks for the offer, but I will probably decline right now. Once
things are more stable we may revisit the whole mirror situation.

Thanks!
Jules.

> On Sun, Oct 30, 2005 at 11:59:11AM -0000, Julian Field wrote:
>> Folks,
>>
>> We currently have a very major fire at work, which is still being
>> tackled
>> by the fire service. Just about everything with blue lights on top is
>> currently surrounding one of our buildings, which is basically
>> completely
>> destroyed. What's worse is that it is our silicon fabrication plant and
>> so
>> is full of some very nasty chemicals.
>>
>> As a result pretty much none of our department has any power or
>> networking, and so everything is down.
>>
>> I am hoping the Michele Neylon can help me out and get a
>> mailscanner.info
>> site up and running today.
>>
>> None of the MailScanner source code is affected, this is all held about
>> 100 miles away in West London. So nothing is lost, we just can't serve
>> anything at present.
>>
>> Please be patient while we get everything going again.
>>
>> Thanks,
>> Jules.
>>
>
> Julian:
>
>
> 1)  I know hope you feel.  About 3 weeks about, a negihbour 2 houses down
> had their elecrical stove catch fire.  They prevented it on time
> BUT had to replace most everything electrial.
> 2) I run nk.ca , an ISP in Canada, and we too would be happy to mirror
> MailScanner.
>
>
>> ------------------------ MailScanner list ------------------------
>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>> 'leave mailscanner' in the body of the email.
>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>
>> Support MailScanner development - buy the book off the website!
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From a.peacock at CHIME.UCL.AC.UK  Mon Oct 31 09:44:19 2005
From: a.peacock at CHIME.UCL.AC.UK (Anthony Peacock)
Date: Thu Jan 12 21:31:06 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16554.1137101466.24926.mailscanner@lists.mailscanner.info>

> Julian Field wrote:
> 
> > I'll have time this weekend to give it a quick look, I would like to
> > see what has been changed in SuSE 10 anyway, so I'll do a quick
> > install in VMWare. Exactly what command did you type and exactly
> > what output did you get? I don't like anything always producing an
> > error, something must be wrong so I want to fix it. It shouldn't
> > ever do that, it causes problems for novice users.
> 
> Running on a SuSE 9.3 box.  Command was "rcMailScanner restart" (stock
> script from the install - not modified).  See the 12th line down for
> the error.  I interjected ERROR ---> in case line wrap screws up the
> line count. . It looks like sendmail-out apparently starts, but there

<SNP>

> ERROR ---> Oct 28 08:31:22 mxl sendmail-out[13735]: unable to write
> pid to /var/run/sendmail.pid: file in use by another process 

<SNIP>

I fixed this on my Solaris boxes the other day.  I am still a luddite 
and manually install MailScanner, so I don't use Julian's install 
scripts and stop init.d files.  I too had been having this error come 
up on restart for a while, as everything was working fine, I ignored 
it.  Last week I had a spare 30 minutes and decided to work out how 
to fix it.

This error started with Sendmail 8.13.*, previous versions quitely 
overwrote the pid file if a second instance of Sendmail tried to 
write to the same file. This behvaiour changed in Sendmail 8.13, 
where Sendmail tries to write a PID file if run as a persitent queue 
runnner, and locks the pid files.

My Mailscanner setup requires three Sendmail instances running:

1)  The daemon listening on port 25, which places messages in the 
incoming queue, ready for MailScanner to process them.

2)  The perstistent queue runner that process messages in the 
outgoing queue, after MailScanner has processed them

3)  The local submit client.

Instances 1 and 3 have always written to different PID files, the 
change in behaviour for 8.13 means that instance 2 tries to write to 
a PID file, and uses the default file, which is already in use by 
instance 1.

I got around this by explicitly setting the PID file for instance 2 
with a command line switch.

So the three instances are started like this now (wrapped for 
legibility):

/usr/lib/sendmail -L sm-mta -bd -ODeliveryMode=queueonly \
					-OQueueDirectory=/var/spool/mqueue.in
/usr/lib/sendmail -q15m -OPidFile=/var/run/sm-queue.pid
/usr/lib/sendmail -L sm-msp-queue -Ac -q30m


I don't know what will happen if you use the -OPidFile swicth for 
earlier versions of Sendmail.

Hope this helps.



-- 
Anthony Peacock       
CHIME, Royal Free & University College Medical School
WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
"On two occasions I have been asked [by members of Parliament!],
'Pray, Mr. Babbage, if you put into the machine wrong figures, will
the right answers come out?'  I am not able rightly to apprehend the
kind of confusion of ideas that could provoke such a
question.' -- Charles Babbage

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jules at ecs.soton.ac.uk  Mon Oct 31 21:07:02 2005
From: jules at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:06 2006
Subject: Major fire
Message-ID: <mailman.16557.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> On 30/10/05, Denis Croombs <denis@croombs.org> wrote:
>> Good luck, the BBC report does not look good !
>>
>> http://news.bbc.co.uk/1/hi/england/hampshire/4390048.stm
>
> It certainly doesn't:
>
> "No-one was hurt but the building, which housed valuable equipment for
> research, was gutted."
>
> I assume they're referring to Julian's chair? :)

Fortunately my office was not in that building, but in the adjoining one.
So the insurance claim is saved the cost of my chair :-)
However, our entire silicon fabrication plant has gone. And those things
don't some cheap, as anyone in the business will tell you.
We have also lost most of a large office/lab block. And we need to house
all the staff and researchers in that building somewhere. We are currently
discussing with IBM over an offer of several hundred laptops they may be
able to give/lend us.

The main step at the moment is for us systems staff to get into the
building. Once we are in, we can start getting infrastructure services
back on-line. Once that is done the dept can start operating again. At
which point we have to house several hundred people in space we haven't
got. For several years while new buildings are built.

We are in this for the long run. This isn't going to be some 3-month
fixable problem. It's going to take probably 3 years for all the space to
come back on-stream. Building a new fab plant is no quick job either...

Ho hum.
Onwards and upwards!
Jules.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From amazinj at gmail.com  Mon Oct 31 21:01:07 2005
From: amazinj at gmail.com (John K)
Date: Thu Jan 12 21:31:06 2006
Subject: change location from /var/tmp
Message-ID: <mailman.16562.1137101466.24926.mailscanner@lists.mailscanner.info>

I have a relatively smal /var filesystem that periodically fills up with
Mailscanner and clam-av temp files and directories. Where can I change the
location of the files created in here?

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jules at ecs.soton.ac.uk  Sun Oct 30 19:32:02 2005
From: jules at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:06 2006
Subject: www.mailscanner.info
Message-ID: <mailman.16563.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

The site is back up and running.

The only things missing are 2 of the 3 stable distributions, which aren't
too important as the current betas will go stable on Tuesday.

The main thing I am missing is the wiki. There's not much I can do about
that right now, it will have to wait. I hope to have it back in a few days
time.

Many thanks for all the offers of help from everyone!

Jules.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Mon Oct 31 22:01:26 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:06 2006
Subject: Working with Exchange
Message-ID: <mailman.16565.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

chardlist wrote:
> I have a Redhat Linux server running MS for a bunch of virtual domains.
> Ultimately all mail is delivered to the appropriate POP account on the same
> server.  I have a client that would like to still utilize my MS services for
> spam and virus protection but instead of having POP accounts would now like
> all mail for their domain forwarded to their exchange server after MS has
> finished scanning it.  Basically a scan and forward service.
> 
> What is the best way to accomplish this?
> 

The server is down right now, but here is your answer:

http://wiki.mailscanner.info/doku.php?id=maq:index

Look for "exchange".

> I'm running
> 
> Redhat 9
> MS 4.45.4
> Exim 4.52
> 
> 
> Thank you,
> -Brendan
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From ugob at CAMO-ROUTE.COM  Sun Oct 30 18:20:06 2005
From: ugob at CAMO-ROUTE.COM (Ugo Bellavance)
Date: Thu Jan 12 21:31:06 2006
Subject: Major fire
Message-ID: <mailman.16566.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Raymond Dijkxhoorn wrote:
> Hi!
> 
>> We currently have a very major fire at work, which is still being tackled
>> by the fire service. Just about everything with blue lights on top is
>> currently surrounding one of our buildings, which is basically completely
>> destroyed. What's worse is that it is our silicon fabrication plant 
>> and so
>> is full of some very nasty chemicals.
>>
>> As a result pretty much none of our department has any power or
>> networking, and so everything is down.
>>
>> I am hoping the Michele Neylon can help me out and get a mailscanner.info
>> site up and running today.
> 
> If not i can bring it up also, you have my mobile so just ring.
> 
>> Please be patient while we get everything going again.
> 
> Good luck. Will be a busy next few weeks for you as i hear this.
> If you need any other help, let us know.
> 

I also offer my help, if you need anything.

Ugo

> Bye,
> Raymond.
> 


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the 
irrelevant parts in your replies.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From jules at ecs.soton.ac.uk  Mon Oct 31 20:56:33 2005
From: jules at ecs.soton.ac.uk (Julian Field)
Date: Thu Jan 12 21:31:06 2006
Subject: unable to write pid to sendmail.pid
Message-ID: <mailman.16568.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Ah! That helps quite a bit. Thanks for that info. It's not going to get
written into tomorrow's release (I haven't got the energy right now) but
it should eventually make it in.

If you don't see it in the next beta release, please send me this off-list
again as I will have forgotten.

Jules.

>> Julian Field wrote:
>>
>> > I'll have time this weekend to give it a quick look, I would like to
>> > see what has been changed in SuSE 10 anyway, so I'll do a quick
>> > install in VMWare. Exactly what command did you type and exactly
>> > what output did you get? I don't like anything always producing an
>> > error, something must be wrong so I want to fix it. It shouldn't
>> > ever do that, it causes problems for novice users.
>>
>> Running on a SuSE 9.3 box.  Command was "rcMailScanner restart" (stock
>> script from the install - not modified).  See the 12th line down for
>> the error.  I interjected ERROR ---> in case line wrap screws up the
>> line count. . It looks like sendmail-out apparently starts, but there
>
> <SNP>
>
>> ERROR ---> Oct 28 08:31:22 mxl sendmail-out[13735]: unable to write
>> pid to /var/run/sendmail.pid: file in use by another process
>
> <SNIP>
>
> I fixed this on my Solaris boxes the other day.  I am still a luddite
> and manually install MailScanner, so I don't use Julian's install
> scripts and stop init.d files.  I too had been having this error come
> up on restart for a while, as everything was working fine, I ignored
> it.  Last week I had a spare 30 minutes and decided to work out how
> to fix it.
>
> This error started with Sendmail 8.13.*, previous versions quitely
> overwrote the pid file if a second instance of Sendmail tried to
> write to the same file. This behvaiour changed in Sendmail 8.13,
> where Sendmail tries to write a PID file if run as a persitent queue
> runnner, and locks the pid files.
>
> My Mailscanner setup requires three Sendmail instances running:
>
> 1)  The daemon listening on port 25, which places messages in the
> incoming queue, ready for MailScanner to process them.
>
> 2)  The perstistent queue runner that process messages in the
> outgoing queue, after MailScanner has processed them
>
> 3)  The local submit client.
>
> Instances 1 and 3 have always written to different PID files, the
> change in behaviour for 8.13 means that instance 2 tries to write to
> a PID file, and uses the default file, which is already in use by
> instance 1.
>
> I got around this by explicitly setting the PID file for instance 2
> with a command line switch.
>
> So the three instances are started like this now (wrapped for
> legibility):
>
> /usr/lib/sendmail -L sm-mta -bd -ODeliveryMode=queueonly \
> 					-OQueueDirectory=/var/spool/mqueue.in
> /usr/lib/sendmail -q15m -OPidFile=/var/run/sm-queue.pid
> /usr/lib/sendmail -L sm-msp-queue -Ac -q30m
>
>
> I don't know what will happen if you use the -OPidFile swicth for
> earlier versions of Sendmail.
>
> Hope this helps.
>
>
>
> --
> Anthony Peacock
> CHIME, Royal Free & University College Medical School
> WWW:    http://www.chime.ucl.ac.uk/~rmhiajp/
> "On two occasions I have been asked [by members of Parliament!],
> 'Pray, Mr. Babbage, if you put into the machine wrong figures, will
> the right answers come out?'  I am not able rightly to apprehend the
> kind of confusion of ideas that could provoke such a
> question.' -- Charles Babbage
>
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>
> Support MailScanner development - buy the book off the website!
>

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From raymond at PROLOCATION.NET  Mon Oct 31 21:07:35 2005
From: raymond at PROLOCATION.NET (Raymond Dijkxhoorn)
Date: Thu Jan 12 21:31:06 2006
Subject: www.mailscanner.info
Message-ID: <mailman.16570.1137101466.24926.mailscanner@lists.mailscanner.info>

Hi!

>> But I imagine you have .... more urgent difficulties to handle. Best
>> wishes on getting everything together again.

> Hopefully mailscanner.biz is up and running now (or will be when the whois
> change occurs). I have posted the whois change for this.
>
> But to put it mildly mailscanner.* is only up and running when I have
> nothing better to do. But we haven't been let into any of the buildings
> (even the one that isn't a smoking wreck) yet so I am twiddling my thumbs
> with nothing to do.

www.mailscanner.us is pointing to the wrong place i think. Should i 
alter it?

Bye,
Raymond.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From denis at CROOMBS.ORG  Sun Oct 30 12:44:16 2005
From: denis at CROOMBS.ORG (Denis Croombs)
Date: Thu Jan 12 21:31:06 2006
Subject: Major fire
Message-ID: <mailman.16571.1137101466.24926.mailscanner@lists.mailscanner.info>

>Folks,

>We currently have a very major fire at work, which is still being tackled
by the fire service. Just about everything with >blue lights on top is
currently surrounding one of our buildings, which is basically completely
destroyed. What's worse >>is that it is our silicon fabrication plant and so
is full of some very nasty chemicals.

>As a result pretty much none of our department has any power or networking,
and so everything is down.

>I am hoping the Michele Neylon can help me out and get a mailscanner.info
site up and running today.

>None of the MailScanner source code is affected, this is all held about 100
miles away in West London. So nothing is >lost, we just can't serve anything
at present.
>
>Please be patient while we get everything going again.
>
>Thanks,
>Jules.
Hi Jules

Good luck, the BBC report does not look good !

http://news.bbc.co.uk/1/hi/england/hampshire/4390048.stm

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From matt at coders.co.uk  Sun Oct 30 09:15:24 2005
From: matt at coders.co.uk (Matt Hampton)
Date: Thu Jan 12 21:31:06 2006
Subject: Is www.mailscanner.info down ?
Message-ID: <mailman.16572.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Julian Field wrote:

>Some time soon I may mirror the site there, or even move it completely. 
>Our reliability is not all it should be, but I have already added quite 
>a bit of extra redundancy.
>
>  
>
On top of this the building where their network connectivity is present 
is currently on fire.  :-(

Jules - Hope you haven't had too much damage and that you, Jon, Al and 
Tim aren't having to do to much in the way of repairs.......

matt

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Mon Oct 31 22:26:46 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:06 2006
Subject: Working with Exchange
Message-ID: <mailman.16573.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Use the mailertable to send the email to the exchange server. You do this on a domain level. I do this all the time and it works 
very well.

Dennis

chardlist wrote:
> I have a Redhat Linux server running MS for a bunch of virtual domains.
> Ultimately all mail is delivered to the appropriate POP account on the same
> server.  I have a client that would like to still utilize my MS services for
> spam and virus protection but instead of having POP accounts would now like
> all mail for their domain forwarded to their exchange server after MS has
> finished scanning it.  Basically a scan and forward service.
> 
> What is the best way to accomplish this?
> 
> I'm running
> 
> Redhat 9
> MS 4.45.4
> Exim 4.52
> 
> 
> Thank you,
> -Brendan
> 
> ------------------------ MailScanner list ------------------------
> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
> 'leave mailscanner' in the body of the email.
> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
> 
> Support MailScanner development - buy the book off the website!

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From martinh at SOLID-STATE-LOGIC.COM  Mon Oct 31 18:05:08 2005
From: martinh at SOLID-STATE-LOGIC.COM (Martin Hepworth)
Date: Thu Jan 12 21:31:06 2006
Subject: Watches Spam
Message-ID: <mailman.16574.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-15" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

> I'm receiving a lot of watches and chronograph spams lately. They are all
> different, from different servers, and with "shops" on geocities (italian,
> germany, etc...).
>
> It's just me, or are more of you receiving this?
>
> Regards
>
> Roger Jochem
>

Roger

There's a geocities.co.uk spam trap in the spamassassin users archives.

also make sure you are the uri-rbls (www.surbl.org) in spamassassin which
will help alot..

--
Martin



**********************************************************************

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote confirms that this email message has been swept
for the presence of computer viruses and is believed to be clean.	

**********************************************************************

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From michele at BLACKNIGHT.IE  Sun Oct 30 13:57:14 2005
From: michele at BLACKNIGHT.IE (Michele Neylon:: Blacknight.ie)
Date: Thu Jan 12 21:31:06 2006
Subject: IMPORTANT - Latest beta
Message-ID: <mailman.16576.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

If anybody downloaded yesterday's beta tarball could you please contact
me offlist as it also contains a copy of the MailScanner website

Thanks in advance

Michele
-- 
Mr Michele Neylon
Blacknight Solutions
Quality Business Hosting & Colocation
http://www.blacknight.ie/
Tel. 1850 927 280
Intl. +353 (0) 59  9183072
Direct Dial: +353 (0)59 9183090
Fax. +353 (0) 59  9164239

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From roger at RUDNICK.COM.BR  Mon Oct 31 17:26:54 2005
From: roger at RUDNICK.COM.BR (Roger Jochem)
Date: Thu Jan 12 21:31:06 2006
Subject: Watches Spam
Message-ID: <mailman.16577.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

I'm receiving a lot of watches and chronograph spams lately. They are all
different, from different servers, and with "shops" on geocities (italian,
germany, etc...).

It's just me, or are more of you receiving this?

Regards

Roger Jochem

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From taz at TAZ-MANIA.COM  Mon Oct 31 22:53:49 2005
From: taz at TAZ-MANIA.COM (Dennis Willson)
Date: Thu Jan 12 21:31:06 2006
Subject: Working with Exchange
Message-ID: <mailman.16578.1137101466.24926.mailscanner@lists.mailscanner.info>

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

OOOOOPs  Sorry, missed that.

Ugo Bellavance wrote:
> Dennis Willson wrote:
> 
>> Use the mailertable to send the email to the exchange server. You do 
>> this on a domain level. I do this all the time and it works very well.
>>
> 
> He's using Exim, Dennis.
> 
>> Dennis
>>
>> chardlist wrote:
>>
>>> I have a Redhat Linux server running MS for a bunch of virtual domains.
>>> Ultimately all mail is delivered to the appropriate POP account on 
>>> the same
>>> server.  I have a client that would like to still utilize my MS 
>>> services for
>>> spam and virus protection but instead of having POP accounts would 
>>> now like
>>> all mail for their domain forwarded to their exchange server after MS 
>>> has
>>> finished scanning it.  Basically a scan and forward service.
>>>
>>> What is the best way to accomplish this?
>>>
>>> I'm running
>>>
>>> Redhat 9
>>> MS 4.45.4
>>> Exim 4.52
>>>
>>>
>>> Thank you,
>>> -Brendan
>>>
>>> ------------------------ MailScanner list ------------------------
>>> To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
>>> 'leave mailscanner' in the body of the email.
>>> Before posting, read the Wiki (http://wiki.mailscanner.info/) and
>>> the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).
>>>
>>> Support MailScanner development - buy the book off the website!
>>
>>
> 
> 

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

From Dave  Mon Oct 31 21:52:50 2005
From: Dave (Dave)
Date: Thu Jan 12 21:31:07 2006
Subject: Watches Spam
Message-ID: <mailman.16583.1137101467.24926.mailscanner@lists.mailscanner.info>

On Mon, Oct 31, 2005 at 03:26:54PM -0200, Roger Jochem wrote:
> I'm receiving a lot of watches and chronograph spams lately. They are all
> different, from different servers, and with "shops" on geocities (italian,
> germany, etc...).
> 
> It's just me, or are more of you receiving this?
> 
> Regards
> 
> Roger Jochem
>

I am as well getting this junk. 

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail@jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!